npm - @pagopa/io-wallet-oid4vp - Versions diffs - 0.5.1 → 0.6.1 - Mend

@pagopa/io-wallet-oid4vp 0.5.1 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -115,7 +115,7 @@ const resp = createAuthorizationResponse({
 ### AuthorizationRequestObject type and Zod parser
 ```typescript
-export const zOpenid4vpAuthorizationRequest = z
+export const zOpenid4vpAuthorizationRequestPayload = z
   .object({
     response_type: z.literal('vp_token'),
     client_id: z.string(),
@@ -131,7 +131,7 @@ export const zOpenid4vpAuthorizationRequest = z
   })
   .passthrough().and(zJwtPayload)
-export type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequest>
+export type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequestPayload>
 ```
 ### parseAuthorizeRequest

package/dist/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { CallbackContext, RequestDpopOptions, JwtSigner } from '@openid4vc/oauth2';
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 import * as _openid4vc_openid4vp from '@openid4vc/openid4vp';
 import { VpToken } from '@openid4vc/openid4vp';
 export { CreateOpenid4vpAuthorizationResponseOptions, CreateOpenid4vpAuthorizationResponseResult, VpToken, createOpenid4vpAuthorizationResponse } from '@openid4vc/openid4vp';
@@ -9,7 +9,7 @@ import { ItWalletCredentialVerifierMetadata } from '@pagopa/io-wallet-oid-federa
  * Zod parser that describes a JWT payload
  * containing an OID4VP Request Object
  */
-declare const zOpenid4vpAuthorizationRequest: z.ZodIntersection<z.ZodObject<{
+declare const zOpenid4vpAuthorizationRequestPayload: z.ZodIntersection<z.ZodObject<{
     client_id: z.ZodString;
     dcql_query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
     nonce: z.ZodString;
@@ -1078,7 +1078,26 @@ declare const zOpenid4vpAuthorizationRequest: z.ZodIntersection<z.ZodObject<{
     status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
     trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
 }, z.ZodTypeAny, "passthrough">>>;
-type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequest>;
+type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequestPayload>;
+declare const zOpenid4vpAuthorizationRequestHeader: z.ZodObject<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, z.ZodTypeAny, "passthrough">>;
 interface ParseAuthorizeRequestOptions {
     /**
@@ -1148,6 +1167,45 @@ interface CreateAuthorizationResponseOptions {
  */
 declare function createAuthorizationResponse(options: CreateAuthorizationResponseOptions): Promise<_openid4vc_openid4vp.CreateOpenid4vpAuthorizationResponseResult>;
+declare const zOid4vpAuthorizationResponseResult: z$1.ZodObject<{
+    redirect_uri: z$1.ZodString;
+}, "strip", z$1.ZodTypeAny, {
+    redirect_uri: string;
+}, {
+    redirect_uri: string;
+}>;
+type Oid4vpAuthorizationResponseResult = z$1.infer<typeof zOid4vpAuthorizationResponseResult>;
+/**
+ * Configuration options for fetching OID4VP Presentation Result
+ */
+interface FetchAuthorizationResponseOptions {
+    /**
+     * The signed and encrypted {@link Openid4vpAuthorizationResponse} in base64 format
+     */
+    authorizationResponseJarm: string;
+    /**
+     * Callback functions for making HTTP requests
+     * Allows for custom fetch implementations
+     */
+    callbacks: Pick<CallbackContext, "fetch">;
+    /**
+     * The response_uri field contained in the {@link AuthorizationRequestObject}
+     */
+    presentationResponseUri: string;
+}
+/**
+ * Sends the {@link Openid4vpAuthorizationResponse} to the response uri provided by the session's
+ * {@link AuthorizationRequestObject} and returns the {@link Oid4vpAuthorizationResponseResult} object
+ * containing the redirect_uri at which to continue the presentation
+ *
+ * @param options {@link FetchAuthorizationResponseOptions}
+ * @returns Promise that resolves to the parsed {@link Oid4vpAuthorizationResponseResult}
+ * @throws {UnexpectedStatusCodeError} When the server returns a non-200 status code
+ * @throws {ValidationError} When the response cannot be parsed or is invalid
+ */
+declare function fetchAuthorizationResponse(options: FetchAuthorizationResponseOptions): Promise<Oid4vpAuthorizationResponseResult>;
 /**
  * Generic error thrown during Oid4vp operations
  */
@@ -1164,6 +1222,13 @@ declare class ParseAuthorizeRequestError extends Oid4vpError {
     readonly statusCode?: number | undefined;
     constructor(message: string, statusCode?: number | undefined);
 }
+/**
+ * Error thrown by {@link fetchAuthorizationResponse}
+ */
+declare class FetchAuthorizationResponseError extends Oid4vpError {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
 /**
  * Error thrown by {@link createAuthorizationResponse} in case there
  * are unexpected errors.
@@ -1173,4 +1238,4 @@ declare class CreateAuthorizationResponseError extends Oid4vpError {
     constructor(message: string, statusCode?: number | undefined);
 }
-export { type AuthorizationRequestObject, CreateAuthorizationResponseError, type CreateAuthorizationResponseOptions, Oid4vpError, ParseAuthorizeRequestError, type ParseAuthorizeRequestOptions, createAuthorizationResponse, parseAuthorizeRequest, zOpenid4vpAuthorizationRequest };
+export { type AuthorizationRequestObject, CreateAuthorizationResponseError, type CreateAuthorizationResponseOptions, FetchAuthorizationResponseError, type FetchAuthorizationResponseOptions, type Oid4vpAuthorizationResponseResult, Oid4vpError, ParseAuthorizeRequestError, type ParseAuthorizeRequestOptions, createAuthorizationResponse, fetchAuthorizationResponse, parseAuthorizeRequest, zOid4vpAuthorizationResponseResult, zOpenid4vpAuthorizationRequestHeader, zOpenid4vpAuthorizationRequestPayload };

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { CallbackContext, RequestDpopOptions, JwtSigner } from '@openid4vc/oauth2';
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 import * as _openid4vc_openid4vp from '@openid4vc/openid4vp';
 import { VpToken } from '@openid4vc/openid4vp';
 export { CreateOpenid4vpAuthorizationResponseOptions, CreateOpenid4vpAuthorizationResponseResult, VpToken, createOpenid4vpAuthorizationResponse } from '@openid4vc/openid4vp';
@@ -9,7 +9,7 @@ import { ItWalletCredentialVerifierMetadata } from '@pagopa/io-wallet-oid-federa
  * Zod parser that describes a JWT payload
  * containing an OID4VP Request Object
  */
-declare const zOpenid4vpAuthorizationRequest: z.ZodIntersection<z.ZodObject<{
+declare const zOpenid4vpAuthorizationRequestPayload: z.ZodIntersection<z.ZodObject<{
     client_id: z.ZodString;
     dcql_query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
     nonce: z.ZodString;
@@ -1078,7 +1078,26 @@ declare const zOpenid4vpAuthorizationRequest: z.ZodIntersection<z.ZodObject<{
     status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
     trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
 }, z.ZodTypeAny, "passthrough">>>;
-type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequest>;
+type AuthorizationRequestObject = z.infer<typeof zOpenid4vpAuthorizationRequestPayload>;
+declare const zOpenid4vpAuthorizationRequestHeader: z.ZodObject<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    alg: z.ZodString;
+    kid: z.ZodOptional<z.ZodString>;
+    trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    typ: z.ZodLiteral<"oauth-authz-req+jwt">;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, z.ZodTypeAny, "passthrough">>;
 interface ParseAuthorizeRequestOptions {
     /**
@@ -1148,6 +1167,45 @@ interface CreateAuthorizationResponseOptions {
  */
 declare function createAuthorizationResponse(options: CreateAuthorizationResponseOptions): Promise<_openid4vc_openid4vp.CreateOpenid4vpAuthorizationResponseResult>;
+declare const zOid4vpAuthorizationResponseResult: z$1.ZodObject<{
+    redirect_uri: z$1.ZodString;
+}, "strip", z$1.ZodTypeAny, {
+    redirect_uri: string;
+}, {
+    redirect_uri: string;
+}>;
+type Oid4vpAuthorizationResponseResult = z$1.infer<typeof zOid4vpAuthorizationResponseResult>;
+/**
+ * Configuration options for fetching OID4VP Presentation Result
+ */
+interface FetchAuthorizationResponseOptions {
+    /**
+     * The signed and encrypted {@link Openid4vpAuthorizationResponse} in base64 format
+     */
+    authorizationResponseJarm: string;
+    /**
+     * Callback functions for making HTTP requests
+     * Allows for custom fetch implementations
+     */
+    callbacks: Pick<CallbackContext, "fetch">;
+    /**
+     * The response_uri field contained in the {@link AuthorizationRequestObject}
+     */
+    presentationResponseUri: string;
+}
+/**
+ * Sends the {@link Openid4vpAuthorizationResponse} to the response uri provided by the session's
+ * {@link AuthorizationRequestObject} and returns the {@link Oid4vpAuthorizationResponseResult} object
+ * containing the redirect_uri at which to continue the presentation
+ *
+ * @param options {@link FetchAuthorizationResponseOptions}
+ * @returns Promise that resolves to the parsed {@link Oid4vpAuthorizationResponseResult}
+ * @throws {UnexpectedStatusCodeError} When the server returns a non-200 status code
+ * @throws {ValidationError} When the response cannot be parsed or is invalid
+ */
+declare function fetchAuthorizationResponse(options: FetchAuthorizationResponseOptions): Promise<Oid4vpAuthorizationResponseResult>;
 /**
  * Generic error thrown during Oid4vp operations
  */
@@ -1164,6 +1222,13 @@ declare class ParseAuthorizeRequestError extends Oid4vpError {
     readonly statusCode?: number | undefined;
     constructor(message: string, statusCode?: number | undefined);
 }
+/**
+ * Error thrown by {@link fetchAuthorizationResponse}
+ */
+declare class FetchAuthorizationResponseError extends Oid4vpError {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
 /**
  * Error thrown by {@link createAuthorizationResponse} in case there
  * are unexpected errors.
@@ -1173,4 +1238,4 @@ declare class CreateAuthorizationResponseError extends Oid4vpError {
     constructor(message: string, statusCode?: number | undefined);
 }
-export { type AuthorizationRequestObject, CreateAuthorizationResponseError, type CreateAuthorizationResponseOptions, Oid4vpError, ParseAuthorizeRequestError, type ParseAuthorizeRequestOptions, createAuthorizationResponse, parseAuthorizeRequest, zOpenid4vpAuthorizationRequest };
+export { type AuthorizationRequestObject, CreateAuthorizationResponseError, type CreateAuthorizationResponseOptions, FetchAuthorizationResponseError, type FetchAuthorizationResponseOptions, type Oid4vpAuthorizationResponseResult, Oid4vpError, ParseAuthorizeRequestError, type ParseAuthorizeRequestOptions, createAuthorizationResponse, fetchAuthorizationResponse, parseAuthorizeRequest, zOid4vpAuthorizationResponseResult, zOpenid4vpAuthorizationRequestHeader, zOpenid4vpAuthorizationRequestPayload };

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,18 +17,30 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
   CreateAuthorizationResponseError: () => CreateAuthorizationResponseError,
+  FetchAuthorizationResponseError: () => FetchAuthorizationResponseError,
   Oid4vpError: () => Oid4vpError,
   ParseAuthorizeRequestError: () => ParseAuthorizeRequestError,
   createAuthorizationResponse: () => createAuthorizationResponse,
   createOpenid4vpAuthorizationResponse: () => import_openid4vp2.createOpenid4vpAuthorizationResponse,
+  fetchAuthorizationResponse: () => fetchAuthorizationResponse,
   parseAuthorizeRequest: () => parseAuthorizeRequest,
-  zOpenid4vpAuthorizationRequest: () => zOpenid4vpAuthorizationRequest
+  zOid4vpAuthorizationResponseResult: () => zOid4vpAuthorizationResponseResult,
+  zOpenid4vpAuthorizationRequestHeader: () => zOpenid4vpAuthorizationRequestHeader,
+  zOpenid4vpAuthorizationRequestPayload: () => zOpenid4vpAuthorizationRequestPayload
 });
 module.exports = __toCommonJS(index_exports);
@@ -49,6 +63,13 @@ var ParseAuthorizeRequestError = class extends Oid4vpError {
     this.name = "ParseAuthorizeRequestError";
   }
 };
+var FetchAuthorizationResponseError = class extends Oid4vpError {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "FetchAuthorizationResponseError";
+  }
+};
 var CreateAuthorizationResponseError = class extends Oid4vpError {
   constructor(message, statusCode) {
     super(message);
@@ -60,7 +81,7 @@ var CreateAuthorizationResponseError = class extends Oid4vpError {
 // src/authorization-request/z-request-object.ts
 var import_oauth2 = require("@openid4vc/oauth2");
 var import_zod = require("zod");
-var zOpenid4vpAuthorizationRequest = import_zod.z.object({
+var zOpenid4vpAuthorizationRequestPayload = import_zod.z.object({
   client_id: import_zod.z.string(),
   dcql_query: import_zod.z.record(import_zod.z.string(), import_zod.z.any()).optional(),
   nonce: import_zod.z.string(),
@@ -73,13 +94,21 @@ var zOpenid4vpAuthorizationRequest = import_zod.z.object({
   state: import_zod.z.string(),
   wallet_nonce: import_zod.z.string().optional()
 }).passthrough().and(import_oauth2.zJwtPayload);
+var zOpenid4vpAuthorizationRequestHeader = import_zod.z.object({
+  alg: import_zod.z.string(),
+  kid: import_zod.z.string().optional(),
+  trust_chain: import_zod.z.array(import_zod.z.string()).nonempty().optional(),
+  typ: import_zod.z.literal("oauth-authz-req+jwt"),
+  x5c: import_zod.z.array(import_zod.z.string()).optional()
+}).passthrough();
 // src/authorization-request/parse-authorization-request.ts
 async function parseAuthorizeRequest(options) {
   try {
     const decoded = (0, import_oauth22.decodeJwt)({
+      headerSchema: zOpenid4vpAuthorizationRequestHeader,
       jwt: options.requestObjectJwt,
-      payloadSchema: zOpenid4vpAuthorizationRequest
+      payloadSchema: zOpenid4vpAuthorizationRequestPayload
     });
     const verificationResult = await options.callbacks.verifyJwt(
       options.dpop.signer,
@@ -148,16 +177,65 @@ async function createAuthorizationResponse(options) {
   }
 }
+// src/authorization-response/fetch-authorization-response.ts
+var import_utils3 = require("@openid4vc/utils");
+var import_io_wallet_utils = require("@pagopa/io-wallet-utils");
+// src/authorization-response/z-authorization-response.ts
+var import_zod2 = __toESM(require("zod"));
+var zOid4vpAuthorizationResponseResult = import_zod2.default.object({
+  redirect_uri: import_zod2.default.string()
+});
+// src/authorization-response/fetch-authorization-response.ts
+async function fetchAuthorizationResponse(options) {
+  try {
+    const fetch = (0, import_utils3.createFetcher)(options.callbacks.fetch);
+    const authorizationResponseResult = await fetch(
+      options.presentationResponseUri,
+      {
+        body: new URLSearchParams({
+          response: options.authorizationResponseJarm
+        }),
+        headers: {
+          [import_io_wallet_utils.HEADERS.CONTENT_TYPE]: import_io_wallet_utils.CONTENT_TYPES.FORM_URLENCODED
+        },
+        method: "POST"
+      }
+    );
+    await (0, import_io_wallet_utils.hasStatusOrThrow)(
+      200,
+      import_io_wallet_utils.UnexpectedStatusCodeError
+    )(authorizationResponseResult);
+    const authorizationResponseResultJson = await authorizationResponseResult.json();
+    return (0, import_utils3.parseWithErrorHandling)(
+      zOid4vpAuthorizationResponseResult,
+      authorizationResponseResultJson
+    );
+  } catch (error) {
+    if (error instanceof import_io_wallet_utils.UnexpectedStatusCodeError || error instanceof import_utils3.ValidationError) {
+      throw error;
+    }
+    throw new FetchAuthorizationResponseError(
+      `Unexpected error sending authorization response: ${error instanceof Error ? error.message : String(error)}`
+    );
+  }
+}
 // src/index.ts
 var import_openid4vp2 = require("@openid4vc/openid4vp");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   CreateAuthorizationResponseError,
+  FetchAuthorizationResponseError,
   Oid4vpError,
   ParseAuthorizeRequestError,
   createAuthorizationResponse,
   createOpenid4vpAuthorizationResponse,
+  fetchAuthorizationResponse,
   parseAuthorizeRequest,
-  zOpenid4vpAuthorizationRequest
+  zOid4vpAuthorizationResponseResult,
+  zOpenid4vpAuthorizationRequestHeader,
+  zOpenid4vpAuthorizationRequestPayload
 });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/authorization-request/parse-authorization-request.ts","../src/errors.ts","../src/authorization-request/z-request-object.ts","../src/authorization-response/create-authorization-response.ts"],"sourcesContent":["export * from \"./authorization-request\";\nexport * from \"./authorization-response\";\nexport * from \"./errors\";\n\nexport {\n type CreateOpenid4vpAuthorizationResponseOptions,\n type CreateOpenid4vpAuthorizationResponseResult,\n type VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\n","import {\n CallbackContext,\n Oauth2JwtParseError,\n RequestDpopOptions,\n decodeJwt,\n} from \"@openid4vc/oauth2\";\nimport { ValidationError } from \"@openid4vc/utils\";\n\nimport { ParseAuthorizeRequestError } from \"../errors\";\nimport {\n AuthorizationRequestObject,\n zOpenid4vpAuthorizationRequest,\n} from \"./z-request-object\";\n\nexport interface ParseAuthorizeRequestOptions {\n /*\n Callback context for signature verification.\n /\n callbacks: Pick<CallbackContext, \"verifyJwt\">;\n\n /\n DPoP options\n /\n dpop: RequestDpopOptions;\n\n /\n The Authorization Request Object JWT.\n /\n requestObjectJwt: string;\n}\n\n/\n This method verifies a JWT containing a Request Object and returns its\n * decoded value for further processing\n * @param options {@link ParseAuthorizeRequestOptions}\n * @returns An {@link AuthorizationRequestObject} containing the RP required\n * credentials\n * @throws {@link ValidationError} in case there are errors validating the Request Object structure\n * @throws {@link Oauth2JwtParseError} in case the request object jwt is malformed (e.g missing header, bad encoding)\n * @throws {@link ParseAuthorizeRequestError} in case the JWT signature is invalid or there are unexpected errors\n /\nexport async function parseAuthorizeRequest(\n options: ParseAuthorizeRequestOptions,\n): Promise<AuthorizationRequestObject> {\n try {\n const decoded = decodeJwt({\n jwt: options.requestObjectJwt,\n payloadSchema: zOpenid4vpAuthorizationRequest,\n });\n const verificationResult = await options.callbacks.verifyJwt(\n options.dpop.signer,\n {\n compact: options.requestObjectJwt,\n header: decoded.header,\n payload: decoded.payload,\n },\n );\n\n if (!verificationResult.verified)\n throw new ParseAuthorizeRequestError(\n \"Error verifying Request Object signature\",\n );\n\n return decoded.payload;\n } catch (error) {\n if (\n error instanceof ValidationError \|\|\n error instanceof Oauth2JwtParseError\n )\n throw error;\n throw new ParseAuthorizeRequestError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","/\n Generic error thrown during Oid4vp operations\n /\nexport class Oid4vpError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vpError\";\n }\n}\n\n/\n Error thrown by {@link parseAuthorizeRequest} when the passed\n * request object has an invalid signature or unexpected errors\n * are thrown\n /\nexport class ParseAuthorizeRequestError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"ParseAuthorizeRequestError\";\n }\n}\n\n/\n Error thrown by {@link createAuthorizationResponse} in case there\n * are unexpected errors.\n /\nexport class CreateAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"CreateAuthorizationResponseError\";\n }\n}\n","import { zJwtPayload } from \"@openid4vc/oauth2\";\nimport { z } from \"zod\";\n\n/\n Zod parser that describes a JWT payload\n * containing an OID4VP Request Object\n /\nexport const zOpenid4vpAuthorizationRequest = z\n .object({\n client_id: z.string(),\n dcql_query: z.record(z.string(), z.any()).optional(),\n nonce: z.string(),\n request_uri: z.string().url().optional(),\n request_uri_method: z.optional(z.string()),\n response_mode: z.literal(\"direct_post.jwt\"),\n response_type: z.literal(\"vp_token\"),\n response_uri: z.string().url().optional(),\n scope: z.string().optional(),\n state: z.string(),\n wallet_nonce: z.string().optional(),\n })\n .passthrough()\n .and(zJwtPayload);\n\nexport type AuthorizationRequestObject = z.infer<\n typeof zOpenid4vpAuthorizationRequest\n>;\n","import { CallbackContext, JwtSigner } from \"@openid4vc/oauth2\";\nimport {\n CreateOpenid4vpAuthorizationResponseOptions,\n VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\nimport { addSecondsToDate, dateToSeconds } from \"@openid4vc/utils\";\nimport { ItWalletCredentialVerifierMetadata } from \"@pagopa/io-wallet-oid-federation\";\n\nimport { AuthorizationRequestObject } from \"../authorization-request\";\nimport { CreateAuthorizationResponseError } from \"../errors\";\n\ntype JarmServerMetadata = NonNullable<\n CreateOpenid4vpAuthorizationResponseOptions[\"jarm\"]\n>[\"serverMetadata\"];\n\nexport interface CreateAuthorizationResponseOptions {\n /\n Callbacks for authorization response generation\n /\n callbacks: Pick<\n CallbackContext,\n \"encryptJwe\" \| \"fetch\" \| \"generateRandom\" \| \"signJwt\"\n >;\n\n /\n Thumbprint of the JWK in the cnf Wallet Attestation\n /\n client_id: string;\n\n /\n Optional expiration of the Authorization Response JWT, defaults to 10 minutes\n /\n exp?: number;\n\n /\n Presentation's Request Object\n /\n requestObject: AuthorizationRequestObject;\n\n /\n OpenID Federation Relying Party metadata\n /\n rpMetadata: ItWalletCredentialVerifierMetadata;\n\n /\n Signer created from the Wallet Instance's private key\n /\n signer: JwtSigner;\n\n /\n Array containing the vp_tokens of the credentials\n * to present\n /\n vp_token: VpToken;\n}\n\n/\n This method receives the RequestObject, its resolved VP Tokens and other necessary cryptographic and configuration data\n * and returns a signed and encrypted Presentation Response\n * @param options {@link CreateAuthorizationResponseOptions}\n * @returns An {@link CreateOpenid4vpAuthorizationResponseResult} representing\n * the encrypted and signed Presentation Response to the corresponding {@link AuthorizationRequestObject}\n * @throws An {@link CreateAuthorizationResponseError} in case of unexpected errors during response generation,\n * encryption, or signing\n /\nexport async function createAuthorizationResponse(\n options: CreateAuthorizationResponseOptions,\n) {\n try {\n const openid_credential_verifier = options.rpMetadata;\n\n const serverMetadata: JarmServerMetadata = {\n authorization_encryption_alg_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_alg,\n ],\n authorization_encryption_enc_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_enc,\n ],\n authorization_signing_alg_values_supported: [\n openid_credential_verifier.authorization_signed_response_alg,\n ],\n };\n\n // NOTE: This method sets the state in the Authorization Response\n // using the corresponding value in the Request Object\n return await createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload: options.requestObject,\n authorizationResponsePayload: {\n vp_token: options.vp_token,\n },\n callbacks: options.callbacks,\n clientMetadata: openid_credential_verifier,\n jarm: {\n audience: options.requestObject.client_id,\n authorizationServer: options.client_id,\n encryption: {\n nonce: new TextDecoder().decode(\n await options.callbacks.generateRandom(32),\n ),\n },\n expiresInSeconds:\n options.exp ?? dateToSeconds(addSecondsToDate(new Date(), 60 10)), // default: 10 minutes\n jwtSigner: options.signer,\n serverMetadata,\n },\n });\n } catch (error) {\n throw new CreateAuthorizationResponseError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,iBAKO;AACP,mBAAgC;;;ACHzB,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,6BAAN,cAAyC,YAAY;AAAA,EAC1D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,mCAAN,cAA+C,YAAY;AAAA,EAChE,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACxCA,oBAA4B;AAC5B,iBAAkB;AAMX,IAAM,iCAAiC,aAC3C,OAAO;AAAA,EACN,WAAW,aAAE,OAAO;AAAA,EACpB,YAAY,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACnD,OAAO,aAAE,OAAO;AAAA,EAChB,aAAa,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACvC,oBAAoB,aAAE,SAAS,aAAE,OAAO,CAAC;AAAA,EACzC,eAAe,aAAE,QAAQ,iBAAiB;AAAA,EAC1C,eAAe,aAAE,QAAQ,UAAU;AAAA,EACnC,cAAc,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACxC,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,aAAE,OAAO;AAAA,EAChB,cAAc,aAAE,OAAO,EAAE,SAAS;AACpC,CAAC,EACA,YAAY,EACZ,IAAI,yBAAW;;;AFmBlB,eAAsB,sBACpB,SACqC;AACrC,MAAI;AACF,UAAM,cAAU,0BAAU;AAAA,MACxB,KAAK,QAAQ;AAAA,MACb,eAAe;AAAA,IACjB,CAAC;AACD,UAAM,qBAAqB,MAAM,QAAQ,UAAU;AAAA,MACjD,QAAQ,KAAK;AAAA,MACb;AAAA,QACE,SAAS,QAAQ;AAAA,QACjB,QAAQ,QAAQ;AAAA,QAChB,SAAS,QAAQ;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAEF,WAAO,QAAQ;AAAA,EACjB,SAAS,OAAO;AACd,QACE,iBAAiB,gCACjB,iBAAiB;AAEjB,YAAM;AACR,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AGzEA,uBAIO;AACP,IAAAC,gBAAgD;AA4DhD,eAAsB,4BACpB,SACA;AACA,MAAI;AACF,UAAM,6BAA6B,QAAQ;AAE3C,UAAM,iBAAqC;AAAA,MACzC,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,4CAA4C;AAAA,QAC1C,2BAA2B;AAAA,MAC7B;AAAA,IACF;AAIA,WAAO,UAAM,uDAAqC;AAAA,MAChD,6BAA6B,QAAQ;AAAA,MACrC,8BAA8B;AAAA,QAC5B,UAAU,QAAQ;AAAA,MACpB;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,gBAAgB;AAAA,MAChB,MAAM;AAAA,QACJ,UAAU,QAAQ,cAAc;AAAA,QAChC,qBAAqB,QAAQ;AAAA,QAC7B,YAAY;AAAA,UACV,OAAO,IAAI,YAAY,EAAE;AAAA,YACvB,MAAM,QAAQ,UAAU,eAAe,EAAE;AAAA,UAC3C;AAAA,QACF;AAAA,QACA,kBACE,QAAQ,WAAO,iCAAc,gCAAiB,oBAAI,KAAK,GAAG,KAAK,EAAE,CAAC;AAAA;AAAA,QACpE,WAAW,QAAQ;AAAA,QACnB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AJ5GA,IAAAC,oBAKO;","names":["import_oauth2","import_utils","import_openid4vp"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/authorization-request/parse-authorization-request.ts","../src/errors.ts","../src/authorization-request/z-request-object.ts","../src/authorization-response/create-authorization-response.ts","../src/authorization-response/fetch-authorization-response.ts","../src/authorization-response/z-authorization-response.ts"],"sourcesContent":["export * from \"./authorization-request\";\nexport * from \"./authorization-response\";\nexport * from \"./errors\";\n\nexport {\n type CreateOpenid4vpAuthorizationResponseOptions,\n type CreateOpenid4vpAuthorizationResponseResult,\n type VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\n","import {\n CallbackContext,\n Oauth2JwtParseError,\n RequestDpopOptions,\n decodeJwt,\n} from \"@openid4vc/oauth2\";\nimport { ValidationError } from \"@openid4vc/utils\";\n\nimport { ParseAuthorizeRequestError } from \"../errors\";\nimport {\n AuthorizationRequestObject,\n zOpenid4vpAuthorizationRequestHeader,\n zOpenid4vpAuthorizationRequestPayload,\n} from \"./z-request-object\";\n\nexport interface ParseAuthorizeRequestOptions {\n /*\n Callback context for signature verification.\n /\n callbacks: Pick<CallbackContext, \"verifyJwt\">;\n\n /\n DPoP options\n /\n dpop: RequestDpopOptions;\n\n /\n The Authorization Request Object JWT.\n /\n requestObjectJwt: string;\n}\n\n/\n This method verifies a JWT containing a Request Object and returns its\n * decoded value for further processing\n * @param options {@link ParseAuthorizeRequestOptions}\n * @returns An {@link AuthorizationRequestObject} containing the RP required\n * credentials\n * @throws {@link ValidationError} in case there are errors validating the Request Object structure\n * @throws {@link Oauth2JwtParseError} in case the request object jwt is malformed (e.g missing header, bad encoding)\n * @throws {@link ParseAuthorizeRequestError} in case the JWT signature is invalid or there are unexpected errors\n /\nexport async function parseAuthorizeRequest(\n options: ParseAuthorizeRequestOptions,\n): Promise<AuthorizationRequestObject> {\n try {\n const decoded = decodeJwt({\n headerSchema: zOpenid4vpAuthorizationRequestHeader,\n jwt: options.requestObjectJwt,\n payloadSchema: zOpenid4vpAuthorizationRequestPayload,\n });\n const verificationResult = await options.callbacks.verifyJwt(\n options.dpop.signer,\n {\n compact: options.requestObjectJwt,\n header: decoded.header,\n payload: decoded.payload,\n },\n );\n\n if (!verificationResult.verified)\n throw new ParseAuthorizeRequestError(\n \"Error verifying Request Object signature\",\n );\n\n return decoded.payload;\n } catch (error) {\n if (\n error instanceof ValidationError \|\|\n error instanceof Oauth2JwtParseError\n )\n throw error;\n throw new ParseAuthorizeRequestError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","/\n Generic error thrown during Oid4vp operations\n /\nexport class Oid4vpError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vpError\";\n }\n}\n\n/\n Error thrown by {@link parseAuthorizeRequest} when the passed\n * request object has an invalid signature or unexpected errors\n * are thrown\n /\nexport class ParseAuthorizeRequestError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"ParseAuthorizeRequestError\";\n }\n}\n\n/\n Error thrown by {@link fetchAuthorizationResponse}\n /\nexport class FetchAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"FetchAuthorizationResponseError\";\n }\n}\n\n/\n Error thrown by {@link createAuthorizationResponse} in case there\n * are unexpected errors.\n /\nexport class CreateAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"CreateAuthorizationResponseError\";\n }\n}\n","import { zJwtPayload } from \"@openid4vc/oauth2\";\nimport { z } from \"zod\";\n\n/\n Zod parser that describes a JWT payload\n * containing an OID4VP Request Object\n /\nexport const zOpenid4vpAuthorizationRequestPayload = z\n .object({\n client_id: z.string(),\n dcql_query: z.record(z.string(), z.any()).optional(),\n nonce: z.string(),\n request_uri: z.string().url().optional(),\n request_uri_method: z.optional(z.string()),\n response_mode: z.literal(\"direct_post.jwt\"),\n response_type: z.literal(\"vp_token\"),\n response_uri: z.string().url().optional(),\n scope: z.string().optional(),\n state: z.string(),\n wallet_nonce: z.string().optional(),\n })\n .passthrough()\n .and(zJwtPayload);\n\nexport type AuthorizationRequestObject = z.infer<\n typeof zOpenid4vpAuthorizationRequestPayload\n>;\n\nexport const zOpenid4vpAuthorizationRequestHeader = z\n .object({\n alg: z.string(),\n kid: z.string().optional(),\n trust_chain: z.array(z.string()).nonempty().optional(),\n typ: z.literal(\"oauth-authz-req+jwt\"),\n x5c: z.array(z.string()).optional(),\n })\n .passthrough();\n","import { CallbackContext, JwtSigner } from \"@openid4vc/oauth2\";\nimport {\n CreateOpenid4vpAuthorizationResponseOptions,\n VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\nimport { addSecondsToDate, dateToSeconds } from \"@openid4vc/utils\";\nimport { ItWalletCredentialVerifierMetadata } from \"@pagopa/io-wallet-oid-federation\";\n\nimport { AuthorizationRequestObject } from \"../authorization-request\";\nimport { CreateAuthorizationResponseError } from \"../errors\";\n\ntype JarmServerMetadata = NonNullable<\n CreateOpenid4vpAuthorizationResponseOptions[\"jarm\"]\n>[\"serverMetadata\"];\n\nexport interface CreateAuthorizationResponseOptions {\n /\n Callbacks for authorization response generation\n /\n callbacks: Pick<\n CallbackContext,\n \"encryptJwe\" \| \"fetch\" \| \"generateRandom\" \| \"signJwt\"\n >;\n\n /\n Thumbprint of the JWK in the cnf Wallet Attestation\n /\n client_id: string;\n\n /\n Optional expiration of the Authorization Response JWT, defaults to 10 minutes\n /\n exp?: number;\n\n /\n Presentation's Request Object\n /\n requestObject: AuthorizationRequestObject;\n\n /\n OpenID Federation Relying Party metadata\n /\n rpMetadata: ItWalletCredentialVerifierMetadata;\n\n /\n Signer created from the Wallet Instance's private key\n /\n signer: JwtSigner;\n\n /\n Array containing the vp_tokens of the credentials\n * to present\n /\n vp_token: VpToken;\n}\n\n/\n This method receives the RequestObject, its resolved VP Tokens and other necessary cryptographic and configuration data\n * and returns a signed and encrypted Presentation Response\n * @param options {@link CreateAuthorizationResponseOptions}\n * @returns An {@link CreateOpenid4vpAuthorizationResponseResult} representing\n * the encrypted and signed Presentation Response to the corresponding {@link AuthorizationRequestObject}\n * @throws An {@link CreateAuthorizationResponseError} in case of unexpected errors during response generation,\n * encryption, or signing\n /\nexport async function createAuthorizationResponse(\n options: CreateAuthorizationResponseOptions,\n) {\n try {\n const openid_credential_verifier = options.rpMetadata;\n\n const serverMetadata: JarmServerMetadata = {\n authorization_encryption_alg_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_alg,\n ],\n authorization_encryption_enc_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_enc,\n ],\n authorization_signing_alg_values_supported: [\n openid_credential_verifier.authorization_signed_response_alg,\n ],\n };\n\n // NOTE: This method sets the state in the Authorization Response\n // using the corresponding value in the Request Object\n return await createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload: options.requestObject,\n authorizationResponsePayload: {\n vp_token: options.vp_token,\n },\n callbacks: options.callbacks,\n clientMetadata: openid_credential_verifier,\n jarm: {\n audience: options.requestObject.client_id,\n authorizationServer: options.client_id,\n encryption: {\n nonce: new TextDecoder().decode(\n await options.callbacks.generateRandom(32),\n ),\n },\n expiresInSeconds:\n options.exp ?? dateToSeconds(addSecondsToDate(new Date(), 60 10)), // default: 10 minutes\n jwtSigner: options.signer,\n serverMetadata,\n },\n });\n } catch (error) {\n throw new CreateAuthorizationResponseError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","import { CallbackContext } from \"@openid4vc/oauth2\";\nimport {\n ValidationError,\n createFetcher,\n parseWithErrorHandling,\n} from \"@openid4vc/utils\";\nimport {\n CONTENT_TYPES,\n HEADERS,\n UnexpectedStatusCodeError,\n hasStatusOrThrow,\n} from \"@pagopa/io-wallet-utils\";\n\nimport { FetchAuthorizationResponseError } from \"../errors\";\nimport {\n Oid4vpAuthorizationResponseResult,\n zOid4vpAuthorizationResponseResult,\n} from \"./z-authorization-response\";\n\n/*\n Configuration options for fetching OID4VP Presentation Result\n /\nexport interface FetchAuthorizationResponseOptions {\n /\n The signed and encrypted {@link Openid4vpAuthorizationResponse} in base64 format\n /\n authorizationResponseJarm: string;\n\n /\n Callback functions for making HTTP requests\n * Allows for custom fetch implementations\n /\n callbacks: Pick<CallbackContext, \"fetch\">;\n\n /\n The response_uri field contained in the {@link AuthorizationRequestObject}\n /\n presentationResponseUri: string;\n}\n\n/\n Sends the {@link Openid4vpAuthorizationResponse} to the response uri provided by the session's\n * {@link AuthorizationRequestObject} and returns the {@link Oid4vpAuthorizationResponseResult} object\n * containing the redirect_uri at which to continue the presentation\n \n @param options {@link FetchAuthorizationResponseOptions}\n * @returns Promise that resolves to the parsed {@link Oid4vpAuthorizationResponseResult}\n * @throws {UnexpectedStatusCodeError} When the server returns a non-200 status code\n * @throws {ValidationError} When the response cannot be parsed or is invalid\n */\nexport async function fetchAuthorizationResponse(\n options: FetchAuthorizationResponseOptions,\n): Promise<Oid4vpAuthorizationResponseResult> {\n try {\n const fetch = createFetcher(options.callbacks.fetch);\n const authorizationResponseResult = await fetch(\n options.presentationResponseUri,\n {\n body: new URLSearchParams({\n response: options.authorizationResponseJarm,\n }),\n headers: {\n [HEADERS.CONTENT_TYPE]: CONTENT_TYPES.FORM_URLENCODED,\n },\n method: \"POST\",\n },\n );\n\n await hasStatusOrThrow(\n 200,\n UnexpectedStatusCodeError,\n )(authorizationResponseResult);\n\n const authorizationResponseResultJson =\n await authorizationResponseResult.json();\n\n //Response could be anything, so it's returned as is for further processing\n return parseWithErrorHandling(\n zOid4vpAuthorizationResponseResult,\n authorizationResponseResultJson,\n );\n } catch (error) {\n if (\n error instanceof UnexpectedStatusCodeError \|\|\n error instanceof ValidationError\n ) {\n throw error;\n }\n throw new FetchAuthorizationResponseError(\n `Unexpected error sending authorization response: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","import z from \"zod\";\n\nexport const zOid4vpAuthorizationResponseResult = z.object({\n redirect_uri: z.string(),\n});\n\nexport type Oid4vpAuthorizationResponseResult = z.infer<\n typeof zOid4vpAuthorizationResponseResult\n>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,iBAKO;AACP,mBAAgC;;;ACHzB,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,6BAAN,cAAyC,YAAY;AAAA,EAC1D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,kCAAN,cAA8C,YAAY;AAAA,EAC/D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,mCAAN,cAA+C,YAAY;AAAA,EAChE,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACrDA,oBAA4B;AAC5B,iBAAkB;AAMX,IAAM,wCAAwC,aAClD,OAAO;AAAA,EACN,WAAW,aAAE,OAAO;AAAA,EACpB,YAAY,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACnD,OAAO,aAAE,OAAO;AAAA,EAChB,aAAa,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACvC,oBAAoB,aAAE,SAAS,aAAE,OAAO,CAAC;AAAA,EACzC,eAAe,aAAE,QAAQ,iBAAiB;AAAA,EAC1C,eAAe,aAAE,QAAQ,UAAU;AAAA,EACnC,cAAc,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACxC,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,aAAE,OAAO;AAAA,EAChB,cAAc,aAAE,OAAO,EAAE,SAAS;AACpC,CAAC,EACA,YAAY,EACZ,IAAI,yBAAW;AAMX,IAAM,uCAAuC,aACjD,OAAO;AAAA,EACN,KAAK,aAAE,OAAO;AAAA,EACd,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA,EACzB,aAAa,aAAE,MAAM,aAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,KAAK,aAAE,QAAQ,qBAAqB;AAAA,EACpC,KAAK,aAAE,MAAM,aAAE,OAAO,CAAC,EAAE,SAAS;AACpC,CAAC,EACA,YAAY;;;AFMf,eAAsB,sBACpB,SACqC;AACrC,MAAI;AACF,UAAM,cAAU,0BAAU;AAAA,MACxB,cAAc;AAAA,MACd,KAAK,QAAQ;AAAA,MACb,eAAe;AAAA,IACjB,CAAC;AACD,UAAM,qBAAqB,MAAM,QAAQ,UAAU;AAAA,MACjD,QAAQ,KAAK;AAAA,MACb;AAAA,QACE,SAAS,QAAQ;AAAA,QACjB,QAAQ,QAAQ;AAAA,QAChB,SAAS,QAAQ;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAEF,WAAO,QAAQ;AAAA,EACjB,SAAS,OAAO;AACd,QACE,iBAAiB,gCACjB,iBAAiB;AAEjB,YAAM;AACR,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AG3EA,uBAIO;AACP,IAAAC,gBAAgD;AA4DhD,eAAsB,4BACpB,SACA;AACA,MAAI;AACF,UAAM,6BAA6B,QAAQ;AAE3C,UAAM,iBAAqC;AAAA,MACzC,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,4CAA4C;AAAA,QAC1C,2BAA2B;AAAA,MAC7B;AAAA,IACF;AAIA,WAAO,UAAM,uDAAqC;AAAA,MAChD,6BAA6B,QAAQ;AAAA,MACrC,8BAA8B;AAAA,QAC5B,UAAU,QAAQ;AAAA,MACpB;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,gBAAgB;AAAA,MAChB,MAAM;AAAA,QACJ,UAAU,QAAQ,cAAc;AAAA,QAChC,qBAAqB,QAAQ;AAAA,QAC7B,YAAY;AAAA,UACV,OAAO,IAAI,YAAY,EAAE;AAAA,YACvB,MAAM,QAAQ,UAAU,eAAe,EAAE;AAAA,UAC3C;AAAA,QACF;AAAA,QACA,kBACE,QAAQ,WAAO,iCAAc,gCAAiB,oBAAI,KAAK,GAAG,KAAK,EAAE,CAAC;AAAA;AAAA,QACpE,WAAW,QAAQ;AAAA,QACnB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AC/GA,IAAAC,gBAIO;AACP,6BAKO;;;ACXP,IAAAC,cAAc;AAEP,IAAM,qCAAqC,YAAAC,QAAE,OAAO;AAAA,EACzD,cAAc,YAAAA,QAAE,OAAO;AACzB,CAAC;;;AD8CD,eAAsB,2BACpB,SAC4C;AAC5C,MAAI;AACF,UAAM,YAAQ,6BAAc,QAAQ,UAAU,KAAK;AACnD,UAAM,8BAA8B,MAAM;AAAA,MACxC,QAAQ;AAAA,MACR;AAAA,QACE,MAAM,IAAI,gBAAgB;AAAA,UACxB,UAAU,QAAQ;AAAA,QACpB,CAAC;AAAA,QACD,SAAS;AAAA,UACP,CAAC,+BAAQ,YAAY,GAAG,qCAAc;AAAA,QACxC;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAEA,cAAM;AAAA,MACJ;AAAA,MACA;AAAA,IACF,EAAE,2BAA2B;AAE7B,UAAM,kCACJ,MAAM,4BAA4B,KAAK;AAGzC,eAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,QACE,iBAAiB,oDACjB,iBAAiB,+BACjB;AACA,YAAM;AAAA,IACR;AACA,UAAM,IAAI;AAAA,MACR,oDAAoD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC5G;AAAA,EACF;AACF;;;ALxFA,IAAAC,oBAKO;","names":["import_oauth2","import_utils","import_utils","import_zod","z","import_openid4vp"]}

package/dist/index.mjs CHANGED Viewed

@@ -20,6 +20,13 @@ var ParseAuthorizeRequestError = class extends Oid4vpError {
     this.name = "ParseAuthorizeRequestError";
   }
 };
+var FetchAuthorizationResponseError = class extends Oid4vpError {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "FetchAuthorizationResponseError";
+  }
+};
 var CreateAuthorizationResponseError = class extends Oid4vpError {
   constructor(message, statusCode) {
     super(message);
@@ -31,7 +38,7 @@ var CreateAuthorizationResponseError = class extends Oid4vpError {
 // src/authorization-request/z-request-object.ts
 import { zJwtPayload } from "@openid4vc/oauth2";
 import { z } from "zod";
-var zOpenid4vpAuthorizationRequest = z.object({
+var zOpenid4vpAuthorizationRequestPayload = z.object({
   client_id: z.string(),
   dcql_query: z.record(z.string(), z.any()).optional(),
   nonce: z.string(),
@@ -44,13 +51,21 @@ var zOpenid4vpAuthorizationRequest = z.object({
   state: z.string(),
   wallet_nonce: z.string().optional()
 }).passthrough().and(zJwtPayload);
+var zOpenid4vpAuthorizationRequestHeader = z.object({
+  alg: z.string(),
+  kid: z.string().optional(),
+  trust_chain: z.array(z.string()).nonempty().optional(),
+  typ: z.literal("oauth-authz-req+jwt"),
+  x5c: z.array(z.string()).optional()
+}).passthrough();
 // src/authorization-request/parse-authorization-request.ts
 async function parseAuthorizeRequest(options) {
   try {
     const decoded = decodeJwt({
+      headerSchema: zOpenid4vpAuthorizationRequestHeader,
       jwt: options.requestObjectJwt,
-      payloadSchema: zOpenid4vpAuthorizationRequest
+      payloadSchema: zOpenid4vpAuthorizationRequestPayload
     });
     const verificationResult = await options.callbacks.verifyJwt(
       options.dpop.signer,
@@ -121,17 +136,75 @@ async function createAuthorizationResponse(options) {
   }
 }
+// src/authorization-response/fetch-authorization-response.ts
+import {
+  ValidationError as ValidationError2,
+  createFetcher,
+  parseWithErrorHandling
+} from "@openid4vc/utils";
+import {
+  CONTENT_TYPES,
+  HEADERS,
+  UnexpectedStatusCodeError,
+  hasStatusOrThrow
+} from "@pagopa/io-wallet-utils";
+// src/authorization-response/z-authorization-response.ts
+import z2 from "zod";
+var zOid4vpAuthorizationResponseResult = z2.object({
+  redirect_uri: z2.string()
+});
+// src/authorization-response/fetch-authorization-response.ts
+async function fetchAuthorizationResponse(options) {
+  try {
+    const fetch = createFetcher(options.callbacks.fetch);
+    const authorizationResponseResult = await fetch(
+      options.presentationResponseUri,
+      {
+        body: new URLSearchParams({
+          response: options.authorizationResponseJarm
+        }),
+        headers: {
+          [HEADERS.CONTENT_TYPE]: CONTENT_TYPES.FORM_URLENCODED
+        },
+        method: "POST"
+      }
+    );
+    await hasStatusOrThrow(
+      200,
+      UnexpectedStatusCodeError
+    )(authorizationResponseResult);
+    const authorizationResponseResultJson = await authorizationResponseResult.json();
+    return parseWithErrorHandling(
+      zOid4vpAuthorizationResponseResult,
+      authorizationResponseResultJson
+    );
+  } catch (error) {
+    if (error instanceof UnexpectedStatusCodeError || error instanceof ValidationError2) {
+      throw error;
+    }
+    throw new FetchAuthorizationResponseError(
+      `Unexpected error sending authorization response: ${error instanceof Error ? error.message : String(error)}`
+    );
+  }
+}
 // src/index.ts
 import {
   createOpenid4vpAuthorizationResponse as createOpenid4vpAuthorizationResponse2
 } from "@openid4vc/openid4vp";
 export {
   CreateAuthorizationResponseError,
+  FetchAuthorizationResponseError,
   Oid4vpError,
   ParseAuthorizeRequestError,
   createAuthorizationResponse,
   createOpenid4vpAuthorizationResponse2 as createOpenid4vpAuthorizationResponse,
+  fetchAuthorizationResponse,
   parseAuthorizeRequest,
-  zOpenid4vpAuthorizationRequest
+  zOid4vpAuthorizationResponseResult,
+  zOpenid4vpAuthorizationRequestHeader,
+  zOpenid4vpAuthorizationRequestPayload
 };
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/authorization-request/parse-authorization-request.ts","../src/errors.ts","../src/authorization-request/z-request-object.ts","../src/authorization-response/create-authorization-response.ts","../src/index.ts"],"sourcesContent":["import {\n CallbackContext,\n Oauth2JwtParseError,\n RequestDpopOptions,\n decodeJwt,\n} from \"@openid4vc/oauth2\";\nimport { ValidationError } from \"@openid4vc/utils\";\n\nimport { ParseAuthorizeRequestError } from \"../errors\";\nimport {\n AuthorizationRequestObject,\n zOpenid4vpAuthorizationRequest,\n} from \"./z-request-object\";\n\nexport interface ParseAuthorizeRequestOptions {\n /*\n Callback context for signature verification.\n /\n callbacks: Pick<CallbackContext, \"verifyJwt\">;\n\n /\n DPoP options\n /\n dpop: RequestDpopOptions;\n\n /\n The Authorization Request Object JWT.\n /\n requestObjectJwt: string;\n}\n\n/\n This method verifies a JWT containing a Request Object and returns its\n * decoded value for further processing\n * @param options {@link ParseAuthorizeRequestOptions}\n * @returns An {@link AuthorizationRequestObject} containing the RP required\n * credentials\n * @throws {@link ValidationError} in case there are errors validating the Request Object structure\n * @throws {@link Oauth2JwtParseError} in case the request object jwt is malformed (e.g missing header, bad encoding)\n * @throws {@link ParseAuthorizeRequestError} in case the JWT signature is invalid or there are unexpected errors\n /\nexport async function parseAuthorizeRequest(\n options: ParseAuthorizeRequestOptions,\n): Promise<AuthorizationRequestObject> {\n try {\n const decoded = decodeJwt({\n jwt: options.requestObjectJwt,\n payloadSchema: zOpenid4vpAuthorizationRequest,\n });\n const verificationResult = await options.callbacks.verifyJwt(\n options.dpop.signer,\n {\n compact: options.requestObjectJwt,\n header: decoded.header,\n payload: decoded.payload,\n },\n );\n\n if (!verificationResult.verified)\n throw new ParseAuthorizeRequestError(\n \"Error verifying Request Object signature\",\n );\n\n return decoded.payload;\n } catch (error) {\n if (\n error instanceof ValidationError \|\|\n error instanceof Oauth2JwtParseError\n )\n throw error;\n throw new ParseAuthorizeRequestError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","/\n Generic error thrown during Oid4vp operations\n /\nexport class Oid4vpError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vpError\";\n }\n}\n\n/\n Error thrown by {@link parseAuthorizeRequest} when the passed\n * request object has an invalid signature or unexpected errors\n * are thrown\n /\nexport class ParseAuthorizeRequestError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"ParseAuthorizeRequestError\";\n }\n}\n\n/\n Error thrown by {@link createAuthorizationResponse} in case there\n * are unexpected errors.\n /\nexport class CreateAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"CreateAuthorizationResponseError\";\n }\n}\n","import { zJwtPayload } from \"@openid4vc/oauth2\";\nimport { z } from \"zod\";\n\n/\n Zod parser that describes a JWT payload\n * containing an OID4VP Request Object\n /\nexport const zOpenid4vpAuthorizationRequest = z\n .object({\n client_id: z.string(),\n dcql_query: z.record(z.string(), z.any()).optional(),\n nonce: z.string(),\n request_uri: z.string().url().optional(),\n request_uri_method: z.optional(z.string()),\n response_mode: z.literal(\"direct_post.jwt\"),\n response_type: z.literal(\"vp_token\"),\n response_uri: z.string().url().optional(),\n scope: z.string().optional(),\n state: z.string(),\n wallet_nonce: z.string().optional(),\n })\n .passthrough()\n .and(zJwtPayload);\n\nexport type AuthorizationRequestObject = z.infer<\n typeof zOpenid4vpAuthorizationRequest\n>;\n","import { CallbackContext, JwtSigner } from \"@openid4vc/oauth2\";\nimport {\n CreateOpenid4vpAuthorizationResponseOptions,\n VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\nimport { addSecondsToDate, dateToSeconds } from \"@openid4vc/utils\";\nimport { ItWalletCredentialVerifierMetadata } from \"@pagopa/io-wallet-oid-federation\";\n\nimport { AuthorizationRequestObject } from \"../authorization-request\";\nimport { CreateAuthorizationResponseError } from \"../errors\";\n\ntype JarmServerMetadata = NonNullable<\n CreateOpenid4vpAuthorizationResponseOptions[\"jarm\"]\n>[\"serverMetadata\"];\n\nexport interface CreateAuthorizationResponseOptions {\n /\n Callbacks for authorization response generation\n /\n callbacks: Pick<\n CallbackContext,\n \"encryptJwe\" \| \"fetch\" \| \"generateRandom\" \| \"signJwt\"\n >;\n\n /\n Thumbprint of the JWK in the cnf Wallet Attestation\n /\n client_id: string;\n\n /\n Optional expiration of the Authorization Response JWT, defaults to 10 minutes\n /\n exp?: number;\n\n /\n Presentation's Request Object\n /\n requestObject: AuthorizationRequestObject;\n\n /\n OpenID Federation Relying Party metadata\n /\n rpMetadata: ItWalletCredentialVerifierMetadata;\n\n /\n Signer created from the Wallet Instance's private key\n /\n signer: JwtSigner;\n\n /\n Array containing the vp_tokens of the credentials\n * to present\n /\n vp_token: VpToken;\n}\n\n/\n This method receives the RequestObject, its resolved VP Tokens and other necessary cryptographic and configuration data\n * and returns a signed and encrypted Presentation Response\n * @param options {@link CreateAuthorizationResponseOptions}\n * @returns An {@link CreateOpenid4vpAuthorizationResponseResult} representing\n * the encrypted and signed Presentation Response to the corresponding {@link AuthorizationRequestObject}\n * @throws An {@link CreateAuthorizationResponseError} in case of unexpected errors during response generation,\n * encryption, or signing\n /\nexport async function createAuthorizationResponse(\n options: CreateAuthorizationResponseOptions,\n) {\n try {\n const openid_credential_verifier = options.rpMetadata;\n\n const serverMetadata: JarmServerMetadata = {\n authorization_encryption_alg_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_alg,\n ],\n authorization_encryption_enc_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_enc,\n ],\n authorization_signing_alg_values_supported: [\n openid_credential_verifier.authorization_signed_response_alg,\n ],\n };\n\n // NOTE: This method sets the state in the Authorization Response\n // using the corresponding value in the Request Object\n return await createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload: options.requestObject,\n authorizationResponsePayload: {\n vp_token: options.vp_token,\n },\n callbacks: options.callbacks,\n clientMetadata: openid_credential_verifier,\n jarm: {\n audience: options.requestObject.client_id,\n authorizationServer: options.client_id,\n encryption: {\n nonce: new TextDecoder().decode(\n await options.callbacks.generateRandom(32),\n ),\n },\n expiresInSeconds:\n options.exp ?? dateToSeconds(addSecondsToDate(new Date(), 60 10)), // default: 10 minutes\n jwtSigner: options.signer,\n serverMetadata,\n },\n });\n } catch (error) {\n throw new CreateAuthorizationResponseError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","export * from \"./authorization-request\";\nexport * from \"./authorization-response\";\nexport * from \"./errors\";\n\nexport {\n type CreateOpenid4vpAuthorizationResponseOptions,\n type CreateOpenid4vpAuthorizationResponseResult,\n type VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\n"],"mappings":";AAAA;AAAA,EAEE;AAAA,EAEA;AAAA,OACK;AACP,SAAS,uBAAuB;;;ACHzB,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,6BAAN,cAAyC,YAAY;AAAA,EAC1D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,mCAAN,cAA+C,YAAY;AAAA,EAChE,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACxCA,SAAS,mBAAmB;AAC5B,SAAS,SAAS;AAMX,IAAM,iCAAiC,EAC3C,OAAO;AAAA,EACN,WAAW,EAAE,OAAO;AAAA,EACpB,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACnD,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACvC,oBAAoB,EAAE,SAAS,EAAE,OAAO,CAAC;AAAA,EACzC,eAAe,EAAE,QAAQ,iBAAiB;AAAA,EAC1C,eAAe,EAAE,QAAQ,UAAU;AAAA,EACnC,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACxC,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,EAAE,OAAO;AAAA,EAChB,cAAc,EAAE,OAAO,EAAE,SAAS;AACpC,CAAC,EACA,YAAY,EACZ,IAAI,WAAW;;;AFmBlB,eAAsB,sBACpB,SACqC;AACrC,MAAI;AACF,UAAM,UAAU,UAAU;AAAA,MACxB,KAAK,QAAQ;AAAA,MACb,eAAe;AAAA,IACjB,CAAC;AACD,UAAM,qBAAqB,MAAM,QAAQ,UAAU;AAAA,MACjD,QAAQ,KAAK;AAAA,MACb;AAAA,QACE,SAAS,QAAQ;AAAA,QACjB,QAAQ,QAAQ;AAAA,QAChB,SAAS,QAAQ;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAEF,WAAO,QAAQ;AAAA,EACjB,SAAS,OAAO;AACd,QACE,iBAAiB,mBACjB,iBAAiB;AAEjB,YAAM;AACR,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AGzEA;AAAA,EAGE;AAAA,OACK;AACP,SAAS,kBAAkB,qBAAqB;AA4DhD,eAAsB,4BACpB,SACA;AACA,MAAI;AACF,UAAM,6BAA6B,QAAQ;AAE3C,UAAM,iBAAqC;AAAA,MACzC,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,4CAA4C;AAAA,QAC1C,2BAA2B;AAAA,MAC7B;AAAA,IACF;AAIA,WAAO,MAAM,qCAAqC;AAAA,MAChD,6BAA6B,QAAQ;AAAA,MACrC,8BAA8B;AAAA,QAC5B,UAAU,QAAQ;AAAA,MACpB;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,gBAAgB;AAAA,MAChB,MAAM;AAAA,QACJ,UAAU,QAAQ,cAAc;AAAA,QAChC,qBAAqB,QAAQ;AAAA,QAC7B,YAAY;AAAA,UACV,OAAO,IAAI,YAAY,EAAE;AAAA,YACvB,MAAM,QAAQ,UAAU,eAAe,EAAE;AAAA,UAC3C;AAAA,QACF;AAAA,QACA,kBACE,QAAQ,OAAO,cAAc,iBAAiB,oBAAI,KAAK,GAAG,KAAK,EAAE,CAAC;AAAA;AAAA,QACpE,WAAW,QAAQ;AAAA,QACnB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AC5GA;AAAA,EAIE,wCAAAA;AAAA,OACK;","names":["createOpenid4vpAuthorizationResponse"]}
1	+ {"version":3,"sources":["../src/authorization-request/parse-authorization-request.ts","../src/errors.ts","../src/authorization-request/z-request-object.ts","../src/authorization-response/create-authorization-response.ts","../src/authorization-response/fetch-authorization-response.ts","../src/authorization-response/z-authorization-response.ts","../src/index.ts"],"sourcesContent":["import {\n CallbackContext,\n Oauth2JwtParseError,\n RequestDpopOptions,\n decodeJwt,\n} from \"@openid4vc/oauth2\";\nimport { ValidationError } from \"@openid4vc/utils\";\n\nimport { ParseAuthorizeRequestError } from \"../errors\";\nimport {\n AuthorizationRequestObject,\n zOpenid4vpAuthorizationRequestHeader,\n zOpenid4vpAuthorizationRequestPayload,\n} from \"./z-request-object\";\n\nexport interface ParseAuthorizeRequestOptions {\n /*\n Callback context for signature verification.\n /\n callbacks: Pick<CallbackContext, \"verifyJwt\">;\n\n /\n DPoP options\n /\n dpop: RequestDpopOptions;\n\n /\n The Authorization Request Object JWT.\n /\n requestObjectJwt: string;\n}\n\n/\n This method verifies a JWT containing a Request Object and returns its\n * decoded value for further processing\n * @param options {@link ParseAuthorizeRequestOptions}\n * @returns An {@link AuthorizationRequestObject} containing the RP required\n * credentials\n * @throws {@link ValidationError} in case there are errors validating the Request Object structure\n * @throws {@link Oauth2JwtParseError} in case the request object jwt is malformed (e.g missing header, bad encoding)\n * @throws {@link ParseAuthorizeRequestError} in case the JWT signature is invalid or there are unexpected errors\n /\nexport async function parseAuthorizeRequest(\n options: ParseAuthorizeRequestOptions,\n): Promise<AuthorizationRequestObject> {\n try {\n const decoded = decodeJwt({\n headerSchema: zOpenid4vpAuthorizationRequestHeader,\n jwt: options.requestObjectJwt,\n payloadSchema: zOpenid4vpAuthorizationRequestPayload,\n });\n const verificationResult = await options.callbacks.verifyJwt(\n options.dpop.signer,\n {\n compact: options.requestObjectJwt,\n header: decoded.header,\n payload: decoded.payload,\n },\n );\n\n if (!verificationResult.verified)\n throw new ParseAuthorizeRequestError(\n \"Error verifying Request Object signature\",\n );\n\n return decoded.payload;\n } catch (error) {\n if (\n error instanceof ValidationError \|\|\n error instanceof Oauth2JwtParseError\n )\n throw error;\n throw new ParseAuthorizeRequestError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","/\n Generic error thrown during Oid4vp operations\n /\nexport class Oid4vpError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"Oid4vpError\";\n }\n}\n\n/\n Error thrown by {@link parseAuthorizeRequest} when the passed\n * request object has an invalid signature or unexpected errors\n * are thrown\n /\nexport class ParseAuthorizeRequestError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"ParseAuthorizeRequestError\";\n }\n}\n\n/\n Error thrown by {@link fetchAuthorizationResponse}\n /\nexport class FetchAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"FetchAuthorizationResponseError\";\n }\n}\n\n/\n Error thrown by {@link createAuthorizationResponse} in case there\n * are unexpected errors.\n /\nexport class CreateAuthorizationResponseError extends Oid4vpError {\n constructor(\n message: string,\n public readonly statusCode?: number,\n ) {\n super(message);\n this.name = \"CreateAuthorizationResponseError\";\n }\n}\n","import { zJwtPayload } from \"@openid4vc/oauth2\";\nimport { z } from \"zod\";\n\n/\n Zod parser that describes a JWT payload\n * containing an OID4VP Request Object\n /\nexport const zOpenid4vpAuthorizationRequestPayload = z\n .object({\n client_id: z.string(),\n dcql_query: z.record(z.string(), z.any()).optional(),\n nonce: z.string(),\n request_uri: z.string().url().optional(),\n request_uri_method: z.optional(z.string()),\n response_mode: z.literal(\"direct_post.jwt\"),\n response_type: z.literal(\"vp_token\"),\n response_uri: z.string().url().optional(),\n scope: z.string().optional(),\n state: z.string(),\n wallet_nonce: z.string().optional(),\n })\n .passthrough()\n .and(zJwtPayload);\n\nexport type AuthorizationRequestObject = z.infer<\n typeof zOpenid4vpAuthorizationRequestPayload\n>;\n\nexport const zOpenid4vpAuthorizationRequestHeader = z\n .object({\n alg: z.string(),\n kid: z.string().optional(),\n trust_chain: z.array(z.string()).nonempty().optional(),\n typ: z.literal(\"oauth-authz-req+jwt\"),\n x5c: z.array(z.string()).optional(),\n })\n .passthrough();\n","import { CallbackContext, JwtSigner } from \"@openid4vc/oauth2\";\nimport {\n CreateOpenid4vpAuthorizationResponseOptions,\n VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\nimport { addSecondsToDate, dateToSeconds } from \"@openid4vc/utils\";\nimport { ItWalletCredentialVerifierMetadata } from \"@pagopa/io-wallet-oid-federation\";\n\nimport { AuthorizationRequestObject } from \"../authorization-request\";\nimport { CreateAuthorizationResponseError } from \"../errors\";\n\ntype JarmServerMetadata = NonNullable<\n CreateOpenid4vpAuthorizationResponseOptions[\"jarm\"]\n>[\"serverMetadata\"];\n\nexport interface CreateAuthorizationResponseOptions {\n /\n Callbacks for authorization response generation\n /\n callbacks: Pick<\n CallbackContext,\n \"encryptJwe\" \| \"fetch\" \| \"generateRandom\" \| \"signJwt\"\n >;\n\n /\n Thumbprint of the JWK in the cnf Wallet Attestation\n /\n client_id: string;\n\n /\n Optional expiration of the Authorization Response JWT, defaults to 10 minutes\n /\n exp?: number;\n\n /\n Presentation's Request Object\n /\n requestObject: AuthorizationRequestObject;\n\n /\n OpenID Federation Relying Party metadata\n /\n rpMetadata: ItWalletCredentialVerifierMetadata;\n\n /\n Signer created from the Wallet Instance's private key\n /\n signer: JwtSigner;\n\n /\n Array containing the vp_tokens of the credentials\n * to present\n /\n vp_token: VpToken;\n}\n\n/\n This method receives the RequestObject, its resolved VP Tokens and other necessary cryptographic and configuration data\n * and returns a signed and encrypted Presentation Response\n * @param options {@link CreateAuthorizationResponseOptions}\n * @returns An {@link CreateOpenid4vpAuthorizationResponseResult} representing\n * the encrypted and signed Presentation Response to the corresponding {@link AuthorizationRequestObject}\n * @throws An {@link CreateAuthorizationResponseError} in case of unexpected errors during response generation,\n * encryption, or signing\n /\nexport async function createAuthorizationResponse(\n options: CreateAuthorizationResponseOptions,\n) {\n try {\n const openid_credential_verifier = options.rpMetadata;\n\n const serverMetadata: JarmServerMetadata = {\n authorization_encryption_alg_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_alg,\n ],\n authorization_encryption_enc_values_supported: [\n openid_credential_verifier.authorization_encrypted_response_enc,\n ],\n authorization_signing_alg_values_supported: [\n openid_credential_verifier.authorization_signed_response_alg,\n ],\n };\n\n // NOTE: This method sets the state in the Authorization Response\n // using the corresponding value in the Request Object\n return await createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload: options.requestObject,\n authorizationResponsePayload: {\n vp_token: options.vp_token,\n },\n callbacks: options.callbacks,\n clientMetadata: openid_credential_verifier,\n jarm: {\n audience: options.requestObject.client_id,\n authorizationServer: options.client_id,\n encryption: {\n nonce: new TextDecoder().decode(\n await options.callbacks.generateRandom(32),\n ),\n },\n expiresInSeconds:\n options.exp ?? dateToSeconds(addSecondsToDate(new Date(), 60 10)), // default: 10 minutes\n jwtSigner: options.signer,\n serverMetadata,\n },\n });\n } catch (error) {\n throw new CreateAuthorizationResponseError(\n `Unexpected error during Request Object parsing: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","import { CallbackContext } from \"@openid4vc/oauth2\";\nimport {\n ValidationError,\n createFetcher,\n parseWithErrorHandling,\n} from \"@openid4vc/utils\";\nimport {\n CONTENT_TYPES,\n HEADERS,\n UnexpectedStatusCodeError,\n hasStatusOrThrow,\n} from \"@pagopa/io-wallet-utils\";\n\nimport { FetchAuthorizationResponseError } from \"../errors\";\nimport {\n Oid4vpAuthorizationResponseResult,\n zOid4vpAuthorizationResponseResult,\n} from \"./z-authorization-response\";\n\n/*\n Configuration options for fetching OID4VP Presentation Result\n /\nexport interface FetchAuthorizationResponseOptions {\n /\n The signed and encrypted {@link Openid4vpAuthorizationResponse} in base64 format\n /\n authorizationResponseJarm: string;\n\n /\n Callback functions for making HTTP requests\n * Allows for custom fetch implementations\n /\n callbacks: Pick<CallbackContext, \"fetch\">;\n\n /\n The response_uri field contained in the {@link AuthorizationRequestObject}\n /\n presentationResponseUri: string;\n}\n\n/\n Sends the {@link Openid4vpAuthorizationResponse} to the response uri provided by the session's\n * {@link AuthorizationRequestObject} and returns the {@link Oid4vpAuthorizationResponseResult} object\n * containing the redirect_uri at which to continue the presentation\n \n @param options {@link FetchAuthorizationResponseOptions}\n * @returns Promise that resolves to the parsed {@link Oid4vpAuthorizationResponseResult}\n * @throws {UnexpectedStatusCodeError} When the server returns a non-200 status code\n * @throws {ValidationError} When the response cannot be parsed or is invalid\n /\nexport async function fetchAuthorizationResponse(\n options: FetchAuthorizationResponseOptions,\n): Promise<Oid4vpAuthorizationResponseResult> {\n try {\n const fetch = createFetcher(options.callbacks.fetch);\n const authorizationResponseResult = await fetch(\n options.presentationResponseUri,\n {\n body: new URLSearchParams({\n response: options.authorizationResponseJarm,\n }),\n headers: {\n [HEADERS.CONTENT_TYPE]: CONTENT_TYPES.FORM_URLENCODED,\n },\n method: \"POST\",\n },\n );\n\n await hasStatusOrThrow(\n 200,\n UnexpectedStatusCodeError,\n )(authorizationResponseResult);\n\n const authorizationResponseResultJson =\n await authorizationResponseResult.json();\n\n //Response could be anything, so it's returned as is for further processing\n return parseWithErrorHandling(\n zOid4vpAuthorizationResponseResult,\n authorizationResponseResultJson,\n );\n } catch (error) {\n if (\n error instanceof UnexpectedStatusCodeError \|\|\n error instanceof ValidationError\n ) {\n throw error;\n }\n throw new FetchAuthorizationResponseError(\n `Unexpected error sending authorization response: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n","import z from \"zod\";\n\nexport const zOid4vpAuthorizationResponseResult = z.object({\n redirect_uri: z.string(),\n});\n\nexport type Oid4vpAuthorizationResponseResult = z.infer<\n typeof zOid4vpAuthorizationResponseResult\n>;\n","export from \"./authorization-request\";\nexport * from \"./authorization-response\";\nexport * from \"./errors\";\n\nexport {\n type CreateOpenid4vpAuthorizationResponseOptions,\n type CreateOpenid4vpAuthorizationResponseResult,\n type VpToken,\n createOpenid4vpAuthorizationResponse,\n} from \"@openid4vc/openid4vp\";\n"],"mappings":";AAAA;AAAA,EAEE;AAAA,EAEA;AAAA,OACK;AACP,SAAS,uBAAuB;;;ACHzB,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOO,IAAM,6BAAN,cAAyC,YAAY;AAAA,EAC1D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,kCAAN,cAA8C,YAAY;AAAA,EAC/D,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,mCAAN,cAA+C,YAAY;AAAA,EAChE,YACE,SACgB,YAChB;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACrDA,SAAS,mBAAmB;AAC5B,SAAS,SAAS;AAMX,IAAM,wCAAwC,EAClD,OAAO;AAAA,EACN,WAAW,EAAE,OAAO;AAAA,EACpB,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACnD,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACvC,oBAAoB,EAAE,SAAS,EAAE,OAAO,CAAC;AAAA,EACzC,eAAe,EAAE,QAAQ,iBAAiB;AAAA,EAC1C,eAAe,EAAE,QAAQ,UAAU;AAAA,EACnC,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACxC,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,EAAE,OAAO;AAAA,EAChB,cAAc,EAAE,OAAO,EAAE,SAAS;AACpC,CAAC,EACA,YAAY,EACZ,IAAI,WAAW;AAMX,IAAM,uCAAuC,EACjD,OAAO;AAAA,EACN,KAAK,EAAE,OAAO;AAAA,EACd,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,KAAK,EAAE,QAAQ,qBAAqB;AAAA,EACpC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACpC,CAAC,EACA,YAAY;;;AFMf,eAAsB,sBACpB,SACqC;AACrC,MAAI;AACF,UAAM,UAAU,UAAU;AAAA,MACxB,cAAc;AAAA,MACd,KAAK,QAAQ;AAAA,MACb,eAAe;AAAA,IACjB,CAAC;AACD,UAAM,qBAAqB,MAAM,QAAQ,UAAU;AAAA,MACjD,QAAQ,KAAK;AAAA,MACb;AAAA,QACE,SAAS,QAAQ;AAAA,QACjB,QAAQ,QAAQ;AAAA,QAChB,SAAS,QAAQ;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAEF,WAAO,QAAQ;AAAA,EACjB,SAAS,OAAO;AACd,QACE,iBAAiB,mBACjB,iBAAiB;AAEjB,YAAM;AACR,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AG3EA;AAAA,EAGE;AAAA,OACK;AACP,SAAS,kBAAkB,qBAAqB;AA4DhD,eAAsB,4BACpB,SACA;AACA,MAAI;AACF,UAAM,6BAA6B,QAAQ;AAE3C,UAAM,iBAAqC;AAAA,MACzC,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,+CAA+C;AAAA,QAC7C,2BAA2B;AAAA,MAC7B;AAAA,MACA,4CAA4C;AAAA,QAC1C,2BAA2B;AAAA,MAC7B;AAAA,IACF;AAIA,WAAO,MAAM,qCAAqC;AAAA,MAChD,6BAA6B,QAAQ;AAAA,MACrC,8BAA8B;AAAA,QAC5B,UAAU,QAAQ;AAAA,MACpB;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,gBAAgB;AAAA,MAChB,MAAM;AAAA,QACJ,UAAU,QAAQ,cAAc;AAAA,QAChC,qBAAqB,QAAQ;AAAA,QAC7B,YAAY;AAAA,UACV,OAAO,IAAI,YAAY,EAAE;AAAA,YACvB,MAAM,QAAQ,UAAU,eAAe,EAAE;AAAA,UAC3C;AAAA,QACF;AAAA,QACA,kBACE,QAAQ,OAAO,cAAc,iBAAiB,oBAAI,KAAK,GAAG,KAAK,EAAE,CAAC;AAAA;AAAA,QACpE,WAAW,QAAQ;AAAA,QACnB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mDAAmD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC3G;AAAA,EACF;AACF;;;AC/GA;AAAA,EACE,mBAAAA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACXP,OAAOC,QAAO;AAEP,IAAM,qCAAqCA,GAAE,OAAO;AAAA,EACzD,cAAcA,GAAE,OAAO;AACzB,CAAC;;;AD8CD,eAAsB,2BACpB,SAC4C;AAC5C,MAAI;AACF,UAAM,QAAQ,cAAc,QAAQ,UAAU,KAAK;AACnD,UAAM,8BAA8B,MAAM;AAAA,MACxC,QAAQ;AAAA,MACR;AAAA,QACE,MAAM,IAAI,gBAAgB;AAAA,UACxB,UAAU,QAAQ;AAAA,QACpB,CAAC;AAAA,QACD,SAAS;AAAA,UACP,CAAC,QAAQ,YAAY,GAAG,cAAc;AAAA,QACxC;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF;AAEA,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,IACF,EAAE,2BAA2B;AAE7B,UAAM,kCACJ,MAAM,4BAA4B,KAAK;AAGzC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,QACE,iBAAiB,6BACjB,iBAAiBC,kBACjB;AACA,YAAM;AAAA,IACR;AACA,UAAM,IAAI;AAAA,MACR,oDAAoD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,IAC5G;AAAA,EACF;AACF;;;AExFA;AAAA,EAIE,wCAAAC;AAAA,OACK;","names":["ValidationError","z","ValidationError","createOpenid4vpAuthorizationResponse"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-wallet-oid4vp",
-  "version": "0.5.1",
+  "version": "0.6.1",
   "files": [
     "dist"
   ],
@@ -30,6 +30,7 @@
     "@openid4vc/utils": "0.3.0-alpha-20250714110838",
     "@openid4vc/openid4vp": "0.3.0-alpha-20250714110838",
     "zod": "^3.24.2",
+    "@pagopa/io-wallet-utils": "",
     "@pagopa/io-wallet-oid-federation": ""
   },
   "devDependencies": {