Skip to content

feat(IT-Wallet): [SIW-3045] Add L2+ PID issuance flow with MRTD PoP #7647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Dec 4, 2025
Merged

feat(IT-Wallet): [SIW-3045] Add L2+ PID issuance flow with MRTD PoP #7647

merged 26 commits into from
Dec 4, 2025
+1,827 −1,534

Conversation

@mastro993
Copy link
Contributor

@mastro993 mastro993 commented Nov 26, 2025
edited
Loading

Short description

This PR introduces the L2+ flow for IT-Wallet. L2+ adds an extra step after the primary SPID or CieID identification, requiring the user to complete an MRTD (ID card) proof-of-possession check.
The verification is performed through an NFC scan of the ID card.

This PR also includes a major refactoring of the CIE scan logic, making it reusable and shareable across both the CIE+PIN and MRTD flows.

List of changes proposed in this pull request

Credential Issuance Flow & Proof Handling

  • Added support for selecting proof type (mrtd-pop or none) during credential issuance, controlled by the new withMRTDPoP parameter in startAuthFlow, and updated related function signatures and logic in itwIssuanceUtils.ts. [1] [2] [3]
  • Improved validation in getCredentialIdentifierFromAccessToken to throw an error for unsupported authorization detail types, increasing robustness.

MRTD PoP Challenge Utilities

  • Introduced the mrtd.ts utility with functions for initializing and validating MRTD PoP challenges, encapsulating cryptographic context management and challenge handling.

NFC Feature Detection & L3 Flow

  • Simplified L3 feature detection by checking for level === "l3" directly instead of using a helper, and updated related tests and screens to reflect this logic. [1] [2]
  • Updated the discovery component to use wallet lifecycle validity for determining whether to start in "upgrade" or "issuance" mode, improving flow control.

Localization & Dependency Updates

  • Updated Italian localization strings for credential issuance modes to clarify durations and hints.
  • Upgraded the @pagopa/io-react-native-wallet dependency to version 2.4.0 for access to new features and bug fixes.

Error Handling & Analytics

  • Refactored the CIE card read failure content to improve error tracking, analytics integration, and retry handling, making the component more robust and customizable. [1] [2]

How to test

  • With the IT-Wallet whitelist flag disabled:
    • Verify that all identification methods (CIE+PIN, SPID, CieID) behave as before and no regressions are introduced.
  • With the IT-Wallet whitelist flag enabled:
    • Verify that the CIE+PIN identification flow still works correctly and without regressions.
    • Verify that it is possible to obtain an L3 PID using SPID or CieID through the MRTD PoP flow.

Demo

SPID + CIE CieID + CIE
ScreenRecording_11-26-2025.16-37-24_1.MP4
ScreenRecording_11-26-2025.16-38-33_1.MP4

@mastro993
chore: update io-react-native-wallet version
c84a1bc
@mastro993
fix: requestCredential
ec464ae
@mastro993
fix: upgrade mode
1921bef
@mastro993
chore: merge "l3" and "l3-next" issuance levels
5c13e8e
@mastro993
chore: mrtd pop flow params
064cb1b
@mastro993
chore: mrtd utils
92b606f
@mastro993
chore: MrtdVerication state
94b2344
@mastro993
chore: InitializingChallenge state
4c65cd5
@mastro993
chore: machine states
d38e7fc
@mastro993
Merge branch 'master' into SIW-3045-add-l2-plus-pid-issuance-flow
197d62e
@mastro993
chore: mrtd flow
745fb39
@mastro993
chore: move consts
6e23a8e
@mastro993
chore: payloads
e8d68f7
@mastro993
chore: rename screen routes
e3568bd
@mastro993
refactor: remove obsolete CIE machine components and implement new au…
33df537 
…thentication flow

- Deleted unused files related to the CIE machine context and selectors.
- Refactored the CIE card reader screen to utilize the new authentication flow.
- Introduced a new CIE authentication screen to handle the authentication process.
- Updated the internal authentication and MRTD screen to integrate with the new CIE manager.
- Enhanced the CIE manager to handle reading progress and errors more effectively.
- Added utility functions for progress visualization during CIE reading.
- Updated navigation parameters and actions to align with the new flow.
- Improved type safety and error handling across the CIE authentication process.
@mastro993 mastro993 self-assigned this Nov 26, 2025
@mastro993 mastro993 marked this pull request as ready for review November 26, 2025 15:53
@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025

PR Title Validation for conventional commit type

All good! PR title follows the conventional commit type.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025
edited by atlassian bot
Loading

Jira Pull Request Link

This Pull Request refers to Jira issues:

gispada
gispada approved these changes Dec 4, 2025
View reviewed changes
Copy link
Collaborator

@gispada gispada left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ale-mazz ale-mazz added this pull request to the merge queue Dec 4, 2025
Merged via the queue into master with commit a981cac Dec 4, 2025
23 checks passed
@ale-mazz ale-mazz deleted the SIW-3045-add-l2-plus-pid-issuance-flow branch December 4, 2025 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ale-mazz ale-mazz ale-mazz approved these changes

@gispada gispada gispada approved these changes

@thisisjp thisisjp Awaiting requested review from thisisjp thisisjp is a code owner

@ChrisMattew ChrisMattew Awaiting requested review from ChrisMattew ChrisMattew is a code owner

@freddi301 freddi301 Awaiting requested review from freddi301 freddi301 is a code owner

Assignees

@mastro993 mastro993

Labels

IT Wallet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mastro993 @ale-mazz @gispada