Merge pull request #311 from niscy-eudiw/main

phisakel · web-flow · commit a08abd3c770c · 2026-03-20T11:54:32.000+02:00
Enhance document reissuance functionality with background-only option
diff --git a/README.md b/README.md
@@ -424,6 +424,8 @@ let newDocs = try await wallet.issueDocumentsByOfferUrl(
 )
 ```
 
+
+
 ### Authorization code flow
 
 For the authorization code flow to work, the redirect URI must be specified specified by setting the the `openID4VciRedirectUri` property.
diff --git a/Sources/EudiWalletKit/EudiWalletKit.docc/IssueDocuments.md b/Sources/EudiWalletKit/EudiWalletKit.docc/IssueDocuments.md
@@ -189,15 +189,25 @@ let issuedDoc = try await wallet.requestDeferredIssuance(
 ```
 
 ### Document Reissuance
-- Added `reissueDocument(documentId:credentialOptions:keyOptions:promptMessage:)` method to `EudiWallet` for reissuing an existing document using previously stored issuance metadata and authorization data.
-  - Retrieves the document's metadata from storage and resolves the appropriate OpenID4VCI service via the credential issuer identifier.
-  - If persisted authorization data is available, it is forwarded to the service to avoid re-authentication.
-  - Falls back to the original issuance metadata for `credentialOptions` and `keyOptions` when not explicitly provided.
+
+Use the `reissueDocument(documentId:credentialOptions:keyOptions:promptMessage:backgroundOnly:)` method to reissue an existing document using previously stored issuance metadata and authorization data.
+
+- Retrieves the document's metadata from storage and resolves the appropriate OpenID4VCI service via the credential issuer identifier.
+- If persisted authorization data is available, it is forwarded to the service to avoid re-authentication.
+- Falls back to the original issuance metadata for `credentialOptions` and `keyOptions` when not explicitly provided.
+- When `backgroundOnly` is set to `true`, reissuance only proceeds if stored authorization data is available. If no stored authorization exists, an error is thrown. This is useful for automatic credential refresh without user interaction.
 
 ```swift
+// Interactive reissuance (default) - may prompt the user for authentication
 let reissued = try await wallet.reissueDocument(
     documentId: existingDocument.id,
     credentialOptions: credentialOptions,  // optional, defaults to original
     keyOptions: keyOptions,                // optional, defaults to original
 )
+
+// Background reissuance - only succeeds if stored authorization exists
+let reissued = try await wallet.reissueDocument(
+    documentId: existingDocument.id,
+    backgroundOnly: true,
+)
 ```
diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,38 @@
+## v0.23.1
+
+### Background Reissuance and DPoP Propagation
+- Added `backgroundOnly` parameter to `reissueDocument` method. When set to `true`, reissuance only proceeds if stored authorization data is available; otherwise it throws an error. This enables automatic credential refresh without user interaction.
+- DPoP key ID is now propagated through the issuance flow and persisted in document metadata, enabling DPoP-protected refresh and reissuance flows.
+
+```swift
+let reissued = try await wallet.reissueDocument(
+    documentId: existingDocument.id,
+    backgroundOnly: true,                  // only reissue if stored auth exists
+    credentialOptions: credentialOptions,   // optional, defaults to original
+    keyOptions: keyOptions,                 // optional, defaults to original
+)
+
+
+// Background reissuance - only succeeds if stored authorization exists
+let reissued = try await wallet.reissueDocument(
+    documentId: existingDocument.id,
+    backgroundOnly: true,
+)
+
+```
+
+
+
+### KB-JWT Fix for Decentralized Identifier Scheme
+- Fixed issue where KB-JWT `aud` claim used a stripped DID instead of the full `client_id` for the `decentralized_identifier` scheme. The session transcript and KB-JWT now correctly include the resolved client identifier. Fixes [#308](https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-kit/issues/308).
+
+### Dependency Updates
+- `eudi-lib-sdjwt-swift` updated to 0.14.1
+- `eudi-lib-ios-siop-openid4vp-swift` updated to 0.30.1
+- `eudi-lib-ios-iso18013-data-transfer` updated to 0.11.2
+- `eudi-lib-ios-statium-swift` updated to 0.4.0
+
+
 ## v0.23.0
 
 ### Document Reissuance

Original file line number	Diff line number	Diff line change
`@@ -424,6 +424,8 @@ let newDocs = try await wallet.issueDocumentsByOfferUrl(`
`424`	`424`	`)`
`425`	`425`	```
`426`	`426`
	`427`	`+`
	`428`	`+`
`427`	`429`	`### Authorization code flow`
`428`	`430`
`429`	`431`	For the authorization code flow to work, the redirect URI must be specified specified by setting the the `openID4VciRedirectUri` property.