@credo-ts/openid4vc 0.5.0-alpha.115

package/build/openid4vc-verifier/router/authorizationEndpoint.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuthorizationEndpoint = void 0;
+const router_1 = require("../../shared/router");
+const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
+function configureAuthorizationEndpoint(router, config) {
+    router.post(config.endpointPath, async (request, response, next) => {
+        const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
+        try {
+            const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
+            const isVpRequest = request.body.presentation_submission !== undefined;
+            const authorizationResponse = request.body;
+            if (isVpRequest)
+                authorizationResponse.presentation_submission = JSON.parse(request.body.presentation_submission);
+            // FIXME: we should emit an event here and in other places
+            await openId4VcVerifierService.verifyAuthorizationResponse(agentContext, {
+                authorizationResponse: request.body,
+                verifier,
+            });
+            response.status(200).send();
+        }
+        catch (error) {
+            (0, router_1.sendErrorResponse)(response, agentContext.config.logger, 500, 'invalid_request', error);
+        }
+        // NOTE: if we don't call next, the agentContext session handler will NOT be called
+        next();
+    });
+}
+exports.configureAuthorizationEndpoint = configureAuthorizationEndpoint;
+//# sourceMappingURL=authorizationEndpoint.js.map

package/build/openid4vc-verifier/router/authorizationEndpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorizationEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationEndpoint.ts"],"names":[],"mappings":";;;AAIA,gDAA0E;AAC1E,kFAA8E;AAY9E,SAAgB,8BAA8B,CAAC,MAAc,EAAE,MAAgD;IAC7G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACzG,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI;YACF,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;YACrG,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,uBAAuB,KAAK,SAAS,CAAA;YAEtE,MAAM,qBAAqB,GAAiC,OAAO,CAAC,IAAI,CAAA;YACxE,IAAI,WAAW;gBAAE,qBAAqB,CAAC,uBAAuB,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;YAEjH,0DAA0D;YAC1D,MAAM,wBAAwB,CAAC,2BAA2B,CAAC,YAAY,EAAE;gBACvE,qBAAqB,EAAE,OAAO,CAAC,IAAI;gBACnC,QAAQ;aACT,CAAC,CAAA;YACF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;SAC5B;QAAC,OAAO,KAAK,EAAE;YACd,IAAA,0BAAiB,EAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;SACvF;QAED,mFAAmF;QACnF,IAAI,EAAE,CAAA;IACR,CAAC,CAAC,CAAA;AACJ,CAAC;AAxBD,wEAwBC"}

package/build/openid4vc-verifier/router/index.d.ts

@@ -0,0 +1,2 @@
+export { configureAuthorizationEndpoint } from './authorizationEndpoint';
+export { OpenId4VcVerificationRequest } from './requestContext';

package/build/openid4vc-verifier/router/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuthorizationEndpoint = void 0;
+var authorizationEndpoint_1 = require("./authorizationEndpoint");
+Object.defineProperty(exports, "configureAuthorizationEndpoint", { enumerable: true, get: function () { return authorizationEndpoint_1.configureAuthorizationEndpoint; } });
+//# sourceMappingURL=index.js.map

package/build/openid4vc-verifier/router/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/index.ts"],"names":[],"mappings":";;;AAAA,iEAAwE;AAA/D,uIAAA,8BAA8B,OAAA"}

package/build/openid4vc-verifier/router/requestContext.d.ts

@@ -0,0 +1,5 @@
+import type { OpenId4VcRequest } from '../../shared/router';
+import type { OpenId4VcVerifierRecord } from '../repository';
+export type OpenId4VcVerificationRequest = OpenId4VcRequest<{
+    verifier: OpenId4VcVerifierRecord;
+}>;

package/build/openid4vc-verifier/router/requestContext.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=requestContext.js.map

package/build/openid4vc-verifier/router/requestContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"requestContext.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/requestContext.ts"],"names":[],"mappings":""}

package/build/shared/index.d.ts

@@ -0,0 +1,2 @@
+export * from './models';
+export * from './issuerMetadataUtils';

package/build/shared/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./models"), exports);
+__exportStar(require("./issuerMetadataUtils"), exports);
+//# sourceMappingURL=index.js.map

package/build/shared/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAwB;AACxB,wDAAqC"}

package/build/shared/issuerMetadataUtils.d.ts

@@ -0,0 +1,14 @@
+import type { OpenId4VciCredentialSupported, OpenId4VciCredentialSupportedWithId } from './models';
+import type { AuthorizationDetails, CredentialOfferFormat, EndpointMetadataResult } from '@sphereon/oid4vci-common';
+/**
+ * Get all `types` from a `CredentialSupported` object.
+ *
+ * Depending on the format, the types may be nested, or have different a different name/type
+ */
+export declare function getTypesFromCredentialSupported(credentialSupported: OpenId4VciCredentialSupported): string[];
+/**
+ * Returns all entries from the credential offer with the associated metadata resolved. For 'id' entries, the associated `credentials_supported` object is resolved from the issuer metadata.
+ * For inline entries, an error is thrown.
+ */
+export declare function getOfferedCredentials(offeredCredentials: Array<string | CredentialOfferFormat>, allCredentialsSupported: OpenId4VciCredentialSupported[]): OpenId4VciCredentialSupportedWithId[];
+export declare function handleAuthorizationDetails(authorizationDetails: AuthorizationDetails | AuthorizationDetails[], metadata: EndpointMetadataResult): AuthorizationDetails | AuthorizationDetails[] | undefined;

package/build/shared/issuerMetadataUtils.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleAuthorizationDetails = exports.getOfferedCredentials = exports.getTypesFromCredentialSupported = void 0;
+const core_1 = require("@credo-ts/core");
+/**
+ * Get all `types` from a `CredentialSupported` object.
+ *
+ * Depending on the format, the types may be nested, or have different a different name/type
+ */
+function getTypesFromCredentialSupported(credentialSupported) {
+    if (credentialSupported.format === 'jwt_vc_json-ld' ||
+        credentialSupported.format === 'ldp_vc' ||
+        credentialSupported.format === 'jwt_vc_json' ||
+        credentialSupported.format === 'jwt_vc') {
+        return credentialSupported.types;
+    }
+    else if (credentialSupported.format === 'vc+sd-jwt') {
+        return [credentialSupported.vct];
+    }
+    throw Error(`Unable to extract types from credentials supported. Unknown format ${credentialSupported.format}`);
+}
+exports.getTypesFromCredentialSupported = getTypesFromCredentialSupported;
+/**
+ * Returns all entries from the credential offer with the associated metadata resolved. For 'id' entries, the associated `credentials_supported` object is resolved from the issuer metadata.
+ * For inline entries, an error is thrown.
+ */
+function getOfferedCredentials(offeredCredentials, allCredentialsSupported) {
+    const credentialsSupported = [];
+    for (const offeredCredential of offeredCredentials) {
+        // In draft 12 inline credential offers are removed. It's easier to already remove support now.
+        if (typeof offeredCredential !== 'string') {
+            throw new core_1.CredoError('Only referenced credentials pointing to an id in credentials_supported issuer metadata are supported');
+        }
+        const foundSupportedCredential = allCredentialsSupported.find((supportedCredential) => supportedCredential.id !== undefined && supportedCredential.id === offeredCredential);
+        // Make sure the issuer metadata includes the offered credential.
+        if (!foundSupportedCredential) {
+            throw new Error(`Offered credential '${offeredCredential}' is not part of credentials_supported of the issuer metadata.`);
+        }
+        credentialsSupported.push(foundSupportedCredential);
+    }
+    return credentialsSupported;
+}
+exports.getOfferedCredentials = getOfferedCredentials;
+// copied from sphereon as the method is only available on the client
+function handleAuthorizationDetails(authorizationDetails, metadata) {
+    if (Array.isArray(authorizationDetails)) {
+        return authorizationDetails.map((value) => handleLocations(value, metadata));
+    }
+    else {
+        return handleLocations(authorizationDetails, metadata);
+    }
+}
+exports.handleAuthorizationDetails = handleAuthorizationDetails;
+// copied from sphereon as the method is only available on the client
+function handleLocations(authorizationDetails, metadata) {
+    var _a;
+    if (typeof authorizationDetails === 'string')
+        return authorizationDetails;
+    if (((_a = metadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.authorization_server) || metadata.authorization_endpoint) {
+        if (!authorizationDetails.locations)
+            authorizationDetails.locations = [metadata.issuer];
+        else if (Array.isArray(authorizationDetails.locations))
+            authorizationDetails.locations.push(metadata.issuer);
+        else
+            authorizationDetails.locations = [authorizationDetails.locations, metadata.issuer];
+    }
+    return authorizationDetails;
+}
+//# sourceMappingURL=issuerMetadataUtils.js.map

package/build/shared/issuerMetadataUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"issuerMetadataUtils.js","sourceRoot":"","sources":["../../src/shared/issuerMetadataUtils.ts"],"names":[],"mappings":";;;AAGA,yCAA2C;AAE3C;;;;GAIG;AACH,SAAgB,+BAA+B,CAAC,mBAAkD;IAChG,IACE,mBAAmB,CAAC,MAAM,KAAK,gBAAgB;QAC/C,mBAAmB,CAAC,MAAM,KAAK,QAAQ;QACvC,mBAAmB,CAAC,MAAM,KAAK,aAAa;QAC5C,mBAAmB,CAAC,MAAM,KAAK,QAAQ,EACvC;QACA,OAAO,mBAAmB,CAAC,KAAK,CAAA;KACjC;SAAM,IAAI,mBAAmB,CAAC,MAAM,KAAK,WAAW,EAAE;QACrD,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;KACjC;IAED,MAAM,KAAK,CAAC,sEAAsE,mBAAmB,CAAC,MAAM,EAAE,CAAC,CAAA;AACjH,CAAC;AAbD,0EAaC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CACnC,kBAAyD,EACzD,uBAAwD;IAExD,MAAM,oBAAoB,GAA0C,EAAE,CAAA;IAEtE,KAAK,MAAM,iBAAiB,IAAI,kBAAkB,EAAE;QAClD,+FAA+F;QAC/F,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE;YACzC,MAAM,IAAI,iBAAU,CAClB,sGAAsG,CACvG,CAAA;SACF;QAED,MAAM,wBAAwB,GAAG,uBAAuB,CAAC,IAAI,CAC3D,CAAC,mBAAmB,EAA8D,EAAE,CAClF,mBAAmB,CAAC,EAAE,KAAK,SAAS,IAAI,mBAAmB,CAAC,EAAE,KAAK,iBAAiB,CACvF,CAAA;QAED,iEAAiE;QACjE,IAAI,CAAC,wBAAwB,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,uBAAuB,iBAAiB,gEAAgE,CACzG,CAAA;SACF;QAED,oBAAoB,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAA;KACpD;IAED,OAAO,oBAAoB,CAAA;AAC7B,CAAC;AA9BD,sDA8BC;AAED,qEAAqE;AACrE,SAAgB,0BAA0B,CACxC,oBAAmE,EACnE,QAAgC;IAEhC,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;QACvC,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAA;KAC7E;SAAM;QACL,OAAO,eAAe,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAA;KACvD;AACH,CAAC;AATD,gEASC;AAED,qEAAqE;AACrE,SAAS,eAAe,CAAC,oBAA0C,EAAE,QAAgC;;IACnG,IAAI,OAAO,oBAAoB,KAAK,QAAQ;QAAE,OAAO,oBAAoB,CAAA;IACzE,IAAI,CAAA,MAAA,QAAQ,CAAC,wBAAwB,0CAAE,oBAAoB,KAAI,QAAQ,CAAC,sBAAsB,EAAE;QAC9F,IAAI,CAAC,oBAAoB,CAAC,SAAS;YAAE,oBAAoB,CAAC,SAAS,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;aAClF,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC;YAAE,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;;YACvG,oBAAoB,CAAC,SAAS,GAAG,CAAC,oBAAoB,CAAC,SAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAA;KAClG;IACD,OAAO,oBAAoB,CAAA;AAC7B,CAAC"}

package/build/shared/models/CredentialHolderBinding.d.ts

@@ -0,0 +1,10 @@
+import type { Jwk } from '@credo-ts/core';
+export type OpenId4VcCredentialHolderDidBinding = {
+    method: 'did';
+    didUrl: string;
+};
+export type OpenId4VcCredentialHolderJwkBinding = {
+    method: 'jwk';
+    jwk: Jwk;
+};
+export type OpenId4VcCredentialHolderBinding = OpenId4VcCredentialHolderDidBinding | OpenId4VcCredentialHolderJwkBinding;

package/build/shared/models/CredentialHolderBinding.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=CredentialHolderBinding.js.map

package/build/shared/models/CredentialHolderBinding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialHolderBinding.js","sourceRoot":"","sources":["../../../src/shared/models/CredentialHolderBinding.ts"],"names":[],"mappings":""}

package/build/shared/models/OpenId4VcJwtIssuer.d.ts

@@ -0,0 +1,6 @@
+interface OpenId4VcJwtIssuerDid {
+    method: 'did';
+    didUrl: string;
+}
+export type OpenId4VcJwtIssuer = OpenId4VcJwtIssuerDid;
+export {};

package/build/shared/models/OpenId4VcJwtIssuer.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=OpenId4VcJwtIssuer.js.map

package/build/shared/models/OpenId4VcJwtIssuer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcJwtIssuer.js","sourceRoot":"","sources":["../../../src/shared/models/OpenId4VcJwtIssuer.ts"],"names":[],"mappings":""}

package/build/shared/models/OpenId4VciCredentialFormatProfile.d.ts

@@ -0,0 +1,6 @@
+export declare enum OpenId4VciCredentialFormatProfile {
+    JwtVcJson = "jwt_vc_json",
+    JwtVcJsonLd = "jwt_vc_json-ld",
+    LdpVc = "ldp_vc",
+    SdJwtVc = "vc+sd-jwt"
+}

package/build/shared/models/OpenId4VciCredentialFormatProfile.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenId4VciCredentialFormatProfile = void 0;
+var OpenId4VciCredentialFormatProfile;
+(function (OpenId4VciCredentialFormatProfile) {
+    OpenId4VciCredentialFormatProfile["JwtVcJson"] = "jwt_vc_json";
+    OpenId4VciCredentialFormatProfile["JwtVcJsonLd"] = "jwt_vc_json-ld";
+    OpenId4VciCredentialFormatProfile["LdpVc"] = "ldp_vc";
+    OpenId4VciCredentialFormatProfile["SdJwtVc"] = "vc+sd-jwt";
+})(OpenId4VciCredentialFormatProfile = exports.OpenId4VciCredentialFormatProfile || (exports.OpenId4VciCredentialFormatProfile = {}));
+//# sourceMappingURL=OpenId4VciCredentialFormatProfile.js.map

package/build/shared/models/OpenId4VciCredentialFormatProfile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VciCredentialFormatProfile.js","sourceRoot":"","sources":["../../../src/shared/models/OpenId4VciCredentialFormatProfile.ts"],"names":[],"mappings":";;;AAAA,IAAY,iCAKX;AALD,WAAY,iCAAiC;IAC3C,8DAAyB,CAAA;IACzB,mEAA8B,CAAA;IAC9B,qDAAgB,CAAA;IAChB,0DAAqB,CAAA;AACvB,CAAC,EALW,iCAAiC,GAAjC,yCAAiC,KAAjC,yCAAiC,QAK5C"}

package/build/shared/models/index.d.ts

@@ -0,0 +1,21 @@
+import type { VerifiedAuthorizationRequest, AuthorizationRequestPayload, AuthorizationResponsePayload, IDTokenPayload } from '@sphereon/did-auth-siop';
+import type { AssertedUniformCredentialOffer, CredentialIssuerMetadata, CredentialOfferPayloadV1_0_11, CredentialRequestJwtVcJson, CredentialRequestJwtVcJsonLdAndLdpVc, CredentialRequestSdJwtVc, CredentialSupported, MetadataDisplay, UniformCredentialRequest } from '@sphereon/oid4vci-common';
+export type OpenId4VciCredentialSupportedWithId = CredentialSupported & {
+    id: string;
+};
+export type OpenId4VciCredentialSupported = CredentialSupported;
+export type OpenId4VciIssuerMetadata = CredentialIssuerMetadata;
+export type OpenId4VciIssuerMetadataDisplay = MetadataDisplay;
+export type OpenId4VciCredentialRequest = UniformCredentialRequest;
+export type OpenId4VciCredentialRequestJwtVcJson = CredentialRequestJwtVcJson;
+export type OpenId4VciCredentialRequestJwtVcJsonLdAndLdpVc = CredentialRequestJwtVcJsonLdAndLdpVc;
+export type OpenId4VciCredentialRequestSdJwtVc = CredentialRequestSdJwtVc;
+export type OpenId4VciCredentialOffer = AssertedUniformCredentialOffer;
+export type OpenId4VciCredentialOfferPayload = CredentialOfferPayloadV1_0_11;
+export type OpenId4VcSiopVerifiedAuthorizationRequest = VerifiedAuthorizationRequest;
+export type OpenId4VcSiopAuthorizationRequestPayload = AuthorizationRequestPayload;
+export type OpenId4VcSiopAuthorizationResponsePayload = AuthorizationResponsePayload;
+export type OpenId4VcSiopIdTokenPayload = IDTokenPayload;
+export * from './OpenId4VcJwtIssuer';
+export * from './CredentialHolderBinding';
+export * from './OpenId4VciCredentialFormatProfile';

package/build/shared/models/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./OpenId4VcJwtIssuer"), exports);
+__exportStar(require("./CredentialHolderBinding"), exports);
+__exportStar(require("./OpenId4VciCredentialFormatProfile"), exports);
+//# sourceMappingURL=index.js.map

package/build/shared/models/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAkCA,uDAAoC;AACpC,4DAAyC;AACzC,sEAAmD"}

package/build/shared/router/context.d.ts

@@ -0,0 +1,10 @@
+import type { AgentContext, Logger } from '@credo-ts/core';
+import type { Response, Request } from 'express';
+export interface OpenId4VcRequest<RC extends Record<string, unknown> = Record<string, never>> extends Request {
+    requestContext?: RC & OpenId4VcRequestContext;
+}
+export interface OpenId4VcRequestContext {
+    agentContext: AgentContext;
+}
+export declare function sendErrorResponse(response: Response, logger: Logger, code: number, message: string, error: unknown): Response<any, Record<string, any>>;
+export declare function getRequestContext<T extends OpenId4VcRequest<any>>(request: T): NonNullable<T['requestContext']>;

package/build/shared/router/context.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRequestContext = exports.sendErrorResponse = void 0;
+const core_1 = require("@credo-ts/core");
+function sendErrorResponse(response, logger, code, message, error) {
+    const error_description = error instanceof Error ? error.message : typeof error === 'string' ? error : 'An unknown error occurred.';
+    const body = { error: message, error_description };
+    logger.warn(`[OID4VCI] Sending error response: ${JSON.stringify(body)}`, {
+        error,
+    });
+    return response.status(code).json(body);
+}
+exports.sendErrorResponse = sendErrorResponse;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function getRequestContext(request) {
+    const requestContext = request.requestContext;
+    if (!requestContext)
+        throw new core_1.CredoError('Request context not set.');
+    return requestContext;
+}
+exports.getRequestContext = getRequestContext;
+//# sourceMappingURL=context.js.map

package/build/shared/router/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../../src/shared/router/context.ts"],"names":[],"mappings":";;;AAGA,yCAA2C;AAU3C,SAAgB,iBAAiB,CAAC,QAAkB,EAAE,MAAc,EAAE,IAAY,EAAE,OAAe,EAAE,KAAc;IACjH,MAAM,iBAAiB,GACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,4BAA4B,CAAA;IAE3G,MAAM,IAAI,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAA;IAClD,MAAM,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE;QACvE,KAAK;KACN,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzC,CAAC;AAVD,8CAUC;AAED,8DAA8D;AAC9D,SAAgB,iBAAiB,CAAkC,OAAU;IAC3E,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,CAAA;IAC7C,IAAI,CAAC,cAAc;QAAE,MAAM,IAAI,iBAAU,CAAC,0BAA0B,CAAC,CAAA;IAErE,OAAO,cAAc,CAAA;AACvB,CAAC;AALD,8CAKC"}

package/build/shared/router/express.d.ts

@@ -0,0 +1,2 @@
+import type { default as Express } from 'express';
+export declare function importExpress(): typeof Express;

package/build/shared/router/express.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.importExpress = void 0;
+function importExpress() {
+    try {
+        // NOTE: 'express' is added as a peer-dependency, and is required when using this module
+        // eslint-disable-next-line import/no-extraneous-dependencies, @typescript-eslint/no-var-requires
+        const express = require('express');
+        return express;
+    }
+    catch (error) {
+        throw new Error('Express must be installed as a peer dependency');
+    }
+}
+exports.importExpress = importExpress;
+//# sourceMappingURL=express.js.map

package/build/shared/router/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../../src/shared/router/express.ts"],"names":[],"mappings":";;;AAEA,SAAgB,aAAa;IAC3B,IAAI;QACF,wFAAwF;QACxF,iGAAiG;QACjG,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAmB,CAAA;QACpD,OAAO,OAAO,CAAA;KACf;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;KAClE;AACH,CAAC;AATD,sCASC"}

package/build/shared/router/index.d.ts

@@ -0,0 +1,3 @@
+export * from './express';
+export * from './context';
+export * from './tenants';

package/build/shared/router/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./express"), exports);
+__exportStar(require("./context"), exports);
+__exportStar(require("./tenants"), exports);
+//# sourceMappingURL=index.js.map

package/build/shared/router/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/router/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,4CAAyB;AACzB,4CAAyB"}

package/build/shared/router/tenants.d.ts

@@ -0,0 +1,13 @@
+import type { AgentContext } from '@credo-ts/core';
+export declare function getAgentContextForActorId(rootAgentContext: AgentContext, actorId: string): Promise<AgentContext>;
+/**
+ * Store the actor id associated with a context correlation id. If multi-tenancy is not used
+ * this method won't do anything as we can just use the actor from the default context. However
+ * if multi-tenancy is used, we will store the actor id in the tenant record metadata so it can
+ * be queried when a request comes in for the specific actor id.
+ *
+ * The reason for doing this is that we don't want to expose the context correlation id in the
+ * actor metadata url, as it is then possible to see exactly which actors are registered under
+ * the same agent.
+ */
+export declare function storeActorIdForContextCorrelationId(agentContext: AgentContext, actorId: string): Promise<void>;

package/build/shared/router/tenants.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.storeActorIdForContextCorrelationId = exports.getAgentContextForActorId = void 0;
+const core_1 = require("@credo-ts/core");
+const OPENID4VC_ACTOR_IDS_METADATA_KEY = '_openid4vc/openId4VcActorIds';
+async function getAgentContextForActorId(rootAgentContext, actorId) {
+    // Check if multi-tenancy is enabled, and if so find the associated multi-tenant record
+    // This is a bit hacky as it uses the tenants module to store the openid4vc actor id
+    // but this way we don't have to expose the contextCorrelationId in the openid metadata
+    const tenantsApi = (0, core_1.getApiForModuleByName)(rootAgentContext, 'TenantsModule');
+    if (tenantsApi) {
+        const [tenant] = await tenantsApi.findTenantsByQuery({
+            [OPENID4VC_ACTOR_IDS_METADATA_KEY]: [actorId],
+        });
+        if (tenant) {
+            const agentContextProvider = rootAgentContext.dependencyManager.resolve(core_1.InjectionSymbols.AgentContextProvider);
+            return agentContextProvider.getAgentContextForContextCorrelationId(tenant.id);
+        }
+    }
+    return rootAgentContext;
+}
+exports.getAgentContextForActorId = getAgentContextForActorId;
+/**
+ * Store the actor id associated with a context correlation id. If multi-tenancy is not used
+ * this method won't do anything as we can just use the actor from the default context. However
+ * if multi-tenancy is used, we will store the actor id in the tenant record metadata so it can
+ * be queried when a request comes in for the specific actor id.
+ *
+ * The reason for doing this is that we don't want to expose the context correlation id in the
+ * actor metadata url, as it is then possible to see exactly which actors are registered under
+ * the same agent.
+ */
+async function storeActorIdForContextCorrelationId(agentContext, actorId) {
+    var _a;
+    // It's kind of hacky, but we add support for the tenants module specifically here to map an actorId to
+    // a specific tenant. Otherwise we have to expose /:contextCorrelationId/:actorId in all the public URLs
+    // which is of course not so nice.
+    const tenantsApi = (0, core_1.getApiForModuleByName)(agentContext, 'TenantsModule');
+    // We don't want to query the tenant record if the current context is the root context
+    if (tenantsApi && tenantsApi.rootAgentContext.contextCorrelationId !== agentContext.contextCorrelationId) {
+        const tenantRecord = await tenantsApi.getTenantById(agentContext.contextCorrelationId);
+        const currentOpenId4VcActorIds = (_a = tenantRecord.metadata.get(OPENID4VC_ACTOR_IDS_METADATA_KEY)) !== null && _a !== void 0 ? _a : [];
+        const openId4VcActorIds = [...currentOpenId4VcActorIds, actorId];
+        tenantRecord.metadata.set(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds);
+        tenantRecord.setTag(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds);
+        await tenantsApi.updateTenant(tenantRecord);
+    }
+}
+exports.storeActorIdForContextCorrelationId = storeActorIdForContextCorrelationId;
+//# sourceMappingURL=tenants.js.map

package/build/shared/router/tenants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenants.js","sourceRoot":"","sources":["../../../src/shared/router/tenants.ts"],"names":[],"mappings":";;;AAGA,yCAAwE;AAExE,MAAM,gCAAgC,GAAG,8BAA8B,CAAA;AAEhE,KAAK,UAAU,yBAAyB,CAAC,gBAA8B,EAAE,OAAe;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,uFAAuF;IACvF,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,gBAAgB,EAAE,eAAe,CAAC,CAAA;IAC1F,IAAI,UAAU,EAAE;QACd,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC;YACnD,CAAC,gCAAgC,CAAC,EAAE,CAAC,OAAO,CAAC;SAC9C,CAAC,CAAA;QAEF,IAAI,MAAM,EAAE;YACV,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,iBAAiB,CAAC,OAAO,CACrE,uBAAgB,CAAC,oBAAoB,CACtC,CAAA;YACD,OAAO,oBAAoB,CAAC,sCAAsC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;SAC9E;KACF;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAnBD,8DAmBC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,mCAAmC,CAAC,YAA0B,EAAE,OAAe;;IACnG,uGAAuG;IACvG,wGAAwG;IACxG,kCAAkC;IAClC,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,YAAY,EAAE,eAAe,CAAC,CAAA;IAEtF,sFAAsF;IACtF,IAAI,UAAU,IAAI,UAAU,CAAC,gBAAgB,CAAC,oBAAoB,KAAK,YAAY,CAAC,oBAAoB,EAAE;QACxG,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAA;QAEtF,MAAM,wBAAwB,GAAG,MAAA,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAW,gCAAgC,CAAC,mCAAI,EAAE,CAAA;QAC5G,MAAM,iBAAiB,GAAG,CAAC,GAAG,wBAAwB,EAAE,OAAO,CAAC,CAAA;QAEhE,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QAC9E,YAAY,CAAC,MAAM,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QACxE,MAAM,UAAU,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;KAC5C;AACH,CAAC;AAjBD,kFAiBC"}

package/build/shared/transform.d.ts

@@ -0,0 +1,5 @@
+import type { VerifiablePresentation, VerifiableCredential } from '@credo-ts/core';
+import type { W3CVerifiableCredential as SphereonW3cVerifiableCredential, W3CVerifiablePresentation as SphereonW3cVerifiablePresentation, CompactSdJwtVc as SphereonCompactSdJwtVc, WrappedVerifiablePresentation } from '@sphereon/ssi-types';
+export declare function getSphereonVerifiableCredential(verifiableCredential: VerifiableCredential): SphereonW3cVerifiableCredential | SphereonCompactSdJwtVc;
+export declare function getSphereonVerifiablePresentation(verifiablePresentation: VerifiablePresentation): SphereonW3cVerifiablePresentation | SphereonCompactSdJwtVc;
+export declare function getVerifiablePresentationFromSphereonWrapped(wrappedVerifiablePresentation: WrappedVerifiablePresentation): VerifiablePresentation;

package/build/shared/transform.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getVerifiablePresentationFromSphereonWrapped = exports.getSphereonVerifiablePresentation = exports.getSphereonVerifiableCredential = void 0;
+const core_1 = require("@credo-ts/core");
+function getSphereonVerifiableCredential(verifiableCredential) {
+    // encoded sd-jwt or jwt
+    if (typeof verifiableCredential === 'string') {
+        return verifiableCredential;
+    }
+    else if (verifiableCredential instanceof core_1.W3cJsonLdVerifiableCredential) {
+        return core_1.JsonTransformer.toJSON(verifiableCredential);
+    }
+    else if (verifiableCredential instanceof core_1.W3cJwtVerifiableCredential) {
+        return verifiableCredential.serializedJwt;
+    }
+    else {
+        return verifiableCredential.compact;
+    }
+}
+exports.getSphereonVerifiableCredential = getSphereonVerifiableCredential;
+function getSphereonVerifiablePresentation(verifiablePresentation) {
+    // encoded sd-jwt or jwt
+    if (typeof verifiablePresentation === 'string') {
+        return verifiablePresentation;
+    }
+    else if (verifiablePresentation instanceof core_1.W3cJsonLdVerifiablePresentation) {
+        return core_1.JsonTransformer.toJSON(verifiablePresentation);
+    }
+    else if (verifiablePresentation instanceof core_1.W3cJwtVerifiablePresentation) {
+        return verifiablePresentation.serializedJwt;
+    }
+    else {
+        return verifiablePresentation.compact;
+    }
+}
+exports.getSphereonVerifiablePresentation = getSphereonVerifiablePresentation;
+function getVerifiablePresentationFromSphereonWrapped(wrappedVerifiablePresentation) {
+    if (wrappedVerifiablePresentation.format === 'jwt_vp') {
+        if (typeof wrappedVerifiablePresentation.original !== 'string') {
+            throw new core_1.CredoError('Unable to transform JWT VP to W3C VP');
+        }
+        return core_1.W3cJwtVerifiablePresentation.fromSerializedJwt(wrappedVerifiablePresentation.original);
+    }
+    else if (wrappedVerifiablePresentation.format === 'ldp_vp') {
+        return core_1.JsonTransformer.fromJSON(wrappedVerifiablePresentation.original, core_1.W3cJsonLdVerifiablePresentation);
+    }
+    else if (wrappedVerifiablePresentation.format === 'vc+sd-jwt') {
+        // We use some custom logic here so we don't have to re-process the encoded SD-JWT
+        const [encodedHeader] = wrappedVerifiablePresentation.presentation.compactSdJwtVc.split('.');
+        const header = core_1.JsonEncoder.fromBase64(encodedHeader);
+        return {
+            compact: wrappedVerifiablePresentation.presentation.compactSdJwtVc,
+            header,
+            payload: wrappedVerifiablePresentation.presentation.signedPayload,
+            prettyClaims: wrappedVerifiablePresentation.presentation.decodedPayload,
+        };
+    }
+    throw new core_1.CredoError(`Unsupported presentation format: ${wrappedVerifiablePresentation.format}`);
+}
+exports.getVerifiablePresentationFromSphereonWrapped = getVerifiablePresentationFromSphereonWrapped;
+//# sourceMappingURL=transform.js.map

package/build/shared/transform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transform.js","sourceRoot":"","sources":["../../src/shared/transform.ts"],"names":[],"mappings":";;;AAQA,yCAQuB;AAEvB,SAAgB,+BAA+B,CAC7C,oBAA0C;IAE1C,wBAAwB;IACxB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;QAC5C,OAAO,oBAAoB,CAAA;KAC5B;SAAM,IAAI,oBAAoB,YAAY,oCAA6B,EAAE;QACxE,OAAO,sBAAe,CAAC,MAAM,CAAC,oBAAoB,CAAoC,CAAA;KACvF;SAAM,IAAI,oBAAoB,YAAY,iCAA0B,EAAE;QACrE,OAAO,oBAAoB,CAAC,aAAa,CAAA;KAC1C;SAAM;QACL,OAAO,oBAAoB,CAAC,OAAO,CAAA;KACpC;AACH,CAAC;AAbD,0EAaC;AAED,SAAgB,iCAAiC,CAC/C,sBAA8C;IAE9C,wBAAwB;IACxB,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE;QAC9C,OAAO,sBAAsB,CAAA;KAC9B;SAAM,IAAI,sBAAsB,YAAY,sCAA+B,EAAE;QAC5E,OAAO,sBAAe,CAAC,MAAM,CAAC,sBAAsB,CAAsC,CAAA;KAC3F;SAAM,IAAI,sBAAsB,YAAY,mCAA4B,EAAE;QACzE,OAAO,sBAAsB,CAAC,aAAa,CAAA;KAC5C;SAAM;QACL,OAAO,sBAAsB,CAAC,OAAO,CAAA;KACtC;AACH,CAAC;AAbD,8EAaC;AAED,SAAgB,4CAA4C,CAC1D,6BAA4D;IAE5D,IAAI,6BAA6B,CAAC,MAAM,KAAK,QAAQ,EAAE;QACrD,IAAI,OAAO,6BAA6B,CAAC,QAAQ,KAAK,QAAQ,EAAE;YAC9D,MAAM,IAAI,iBAAU,CAAC,sCAAsC,CAAC,CAAA;SAC7D;QAED,OAAO,mCAA4B,CAAC,iBAAiB,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAA;KAC9F;SAAM,IAAI,6BAA6B,CAAC,MAAM,KAAK,QAAQ,EAAE;QAC5D,OAAO,sBAAe,CAAC,QAAQ,CAAC,6BAA6B,CAAC,QAAQ,EAAE,sCAA+B,CAAC,CAAA;KACzG;SAAM,IAAI,6BAA6B,CAAC,MAAM,KAAK,WAAW,EAAE;QAC/D,kFAAkF;QAClF,MAAM,CAAC,aAAa,CAAC,GAAG,6BAA6B,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC5F,MAAM,MAAM,GAAG,kBAAW,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;QACpD,OAAO;YACL,OAAO,EAAE,6BAA6B,CAAC,YAAY,CAAC,cAAc;YAClE,MAAM;YACN,OAAO,EAAE,6BAA6B,CAAC,YAAY,CAAC,aAAa;YACjE,YAAY,EAAE,6BAA6B,CAAC,YAAY,CAAC,cAAc;SACtD,CAAA;KACpB;IAED,MAAM,IAAI,iBAAU,CAAC,oCAAoC,6BAA6B,CAAC,MAAM,EAAE,CAAC,CAAA;AAClG,CAAC;AAxBD,oGAwBC"}

package/build/shared/utils.d.ts

@@ -0,0 +1,21 @@
+import type { OpenId4VcJwtIssuer } from './models';
+import type { AgentContext, JwaSignatureAlgorithm, Key } from '@credo-ts/core';
+import type { DIDDocument, SuppliedSignature } from '@sphereon/did-auth-siop';
+/**
+ * Returns the JWA Signature Algorithms that are supported by the wallet.
+ *
+ * This is an approximation based on the supported key types of the wallet.
+ * This is not 100% correct as a supporting a key type does not mean you support
+ * all the algorithms for that key type. However, this needs refactoring of the wallet
+ * that is planned for the 0.5.0 release.
+ */
+export declare function getSupportedJwaSignatureAlgorithms(agentContext: AgentContext): JwaSignatureAlgorithm[];
+export declare function getSphereonSuppliedSignatureFromJwtIssuer(agentContext: AgentContext, jwtIssuer: OpenId4VcJwtIssuer): Promise<SuppliedSignature>;
+export declare function getSphereonDidResolver(agentContext: AgentContext): {
+    resolve: (didUrl: string) => Promise<{
+        didDocument: DIDDocument;
+        didResolutionMetadata: import("@credo-ts/core").DidResolutionMetadata;
+        didDocumentMetadata: import("did-resolver").DIDDocumentMetadata;
+    }>;
+};
+export declare function getProofTypeFromKey(agentContext: AgentContext, key: Key): string;