@credo-ts/openid4vc 0.6.0-pr-2195-20250226100854 → 0.6.0-pr-2195-20250321180923

package/build/openid4vc-holder/OpenId4vpHolderService.js

@@ -0,0 +1,317 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenId4VpHolderService = void 0;
+const core_1 = require("@credo-ts/core");
+const openid4vp_1 = require("@openid4vc/openid4vp");
+const callbacks_1 = require("../shared/callbacks");
+let OpenId4VpHolderService = class OpenId4VpHolderService {
+    constructor(presentationExchangeService, dcqlService) {
+        this.presentationExchangeService = presentationExchangeService;
+        this.dcqlService = dcqlService;
+    }
+    getOpenid4vpClient(agentContext, trustedCertificates) {
+        const callbacks = (0, callbacks_1.getOid4vcCallbacks)(agentContext, trustedCertificates);
+        return new openid4vp_1.Openid4vpClient({ callbacks });
+    }
+    async handlePresentationExchangeRequest(agentContext, _presentationDefinition, transactionData) {
+        const presentationDefinition = _presentationDefinition;
+        this.presentationExchangeService.validatePresentationDefinition(presentationDefinition);
+        const presentationExchange = {
+            definition: presentationDefinition,
+            credentialsForRequest: await this.presentationExchangeService.getCredentialsForRequest(agentContext, presentationDefinition),
+        };
+        const availableCredentialIds = presentationExchange.credentialsForRequest.requirements.flatMap((requirement) => requirement.submissionEntry.map((entry) => entry.inputDescriptorId));
+        // for each transaction data entry, get all credentials that can be used to sign the respective transaction
+        const matchedTransactionData = transactionData?.map((entry) => ({
+            entry,
+            matchedCredentialIds: entry.transactionData.credential_ids.filter((credentialId) => availableCredentialIds.includes(credentialId)),
+        }));
+        return { pex: presentationExchange, matchedTransactionData };
+    }
+    async handleDcqlRequest(agentContext, dcql, transactionData) {
+        const dcqlQuery = this.dcqlService.validateDcqlQuery(dcql);
+        const dcqlQueryResult = await this.dcqlService.getCredentialsForRequest(agentContext, dcqlQuery);
+        // for each transaction data entry, get all credentials that can be used to sign the respective transaction
+        const matchedTransactionData = transactionData?.map((entry) => ({
+            entry,
+            matchedCredentialIds: entry.transactionData.credential_ids.filter((credentialId) => dcqlQueryResult.credential_matches[credentialId].success),
+        }));
+        return { dcql: { queryResult: dcqlQueryResult }, matchedTransactionData };
+    }
+    async resolveAuthorizationRequest(agentContext, 
+    /**
+     * Can be:
+     * - JWT
+     * - URI containing request or request_uri param
+     * - Request payload
+     */
+    authorizationRequest, options) {
+        const openid4vpClient = this.getOpenid4vpClient(agentContext, options?.trustedCertificates);
+        const { params } = openid4vpClient.parseOpenid4vpAuthorizationRequest({ authorizationRequest });
+        const verifiedAuthorizationRequest = await openid4vpClient.resolveOpenId4vpAuthorizationRequest({
+            authorizationRequestPayload: params,
+            origin: options?.origin,
+        });
+        const { client, pex, transactionData, dcql } = verifiedAuthorizationRequest;
+        if (client.scheme !== 'x509_san_dns' && client.scheme !== 'did' && client.scheme !== 'web-origin') {
+            throw new core_1.CredoError(`Client scheme '${client.scheme}' is not supported`);
+        }
+        const pexResult = pex?.presentation_definition
+            ? await this.handlePresentationExchangeRequest(agentContext, pex.presentation_definition, transactionData)
+            : undefined;
+        const dcqlResult = dcql?.query ? await this.handleDcqlRequest(agentContext, dcql.query, transactionData) : undefined;
+        agentContext.config.logger.debug('verified Authorization Request');
+        agentContext.config.logger.debug(`request '${authorizationRequest}'`);
+        return {
+            authorizationRequestPayload: verifiedAuthorizationRequest.authorizationRequestPayload,
+            transactionData: pexResult?.matchedTransactionData ?? dcqlResult?.matchedTransactionData,
+            presentationExchange: pexResult?.pex,
+            dcql: dcqlResult?.dcql,
+            origin: options?.origin,
+        };
+    }
+    extendCredentialsWithTransactionDataHashes(
+    // Either PEX or DCQL
+    selectedCredentials, transactionData, selectedTransactionDataCredentials) {
+        // TODO: it would make sense for oid4vc to also handle this validation logic, but it would require
+        // knowledge of PEX / DCQL...
+        if (!transactionData && !selectedTransactionDataCredentials)
+            return selectedCredentials;
+        if (!selectedTransactionDataCredentials) {
+            throw new core_1.CredoError('Autohrization request contains transaction data entries, but no credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method.');
+        }
+        if (!transactionData) {
+            throw new core_1.CredoError('Autohrization request doe not contains transaction data entries, but credentail ids were provided to sign transaction data hashes in acceptAuthorizationRequest method.');
+        }
+        if (transactionData.length !== selectedTransactionDataCredentials.length) {
+            throw new core_1.CredoError('Credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method, but the length does not match the number of transaction data entries from the authorization request.');
+        }
+        const credentialsToTransactionData = {};
+        for (const transactionDataIndex in transactionData) {
+            const transactionDataEntry = transactionData[transactionDataIndex];
+            const { credentialId } = selectedTransactionDataCredentials[transactionDataIndex];
+            if (!transactionDataEntry.transactionData.credential_ids.includes(credentialId)) {
+                throw new core_1.CredoError(`Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' is not present in allowed credential ids for transaction. Allowed credential ids are ${transactionDataEntry.transactionData.credential_ids.join(', ')}`);
+            }
+            if (!selectedCredentials[credentialId]) {
+                throw new core_1.CredoError(`Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}', but credential is not included in the credentials for the presentation.`);
+            }
+            // NOTE: in the next releaes of DCQL this will also be an array, so this code can soon be simplified
+            const credentialsForId = Array.isArray(selectedCredentials[credentialId])
+                ? selectedCredentials[credentialId]
+                : [selectedCredentials[credentialId]];
+            const unsupportedFormats = credentialsForId
+                .filter((c) => c.claimFormat !== core_1.ClaimFormat.SdJwtVc)
+                .map((c) => c.claimFormat);
+            if (unsupportedFormats.length > 0) {
+                throw new core_1.CredoError(`Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' unsupported format(s) ${unsupportedFormats.join(', ')}. Only '${core_1.ClaimFormat.SdJwtVc}' is supported for transaction data signing in Credo at the moment.`);
+            }
+            if (!credentialsToTransactionData[credentialId]) {
+                credentialsToTransactionData[credentialId] = [];
+            }
+            credentialsToTransactionData[credentialId].push(transactionDataEntry);
+        }
+        const updatedCredentials = {
+            ...selectedCredentials,
+        };
+        for (const [credentialId, entries] of Object.entries(credentialsToTransactionData)) {
+            const allowedHashAlgs = entries.reduce((allowedHashValues, entry) => (entry.transactionData.transaction_data_hashes_alg ?? ['sha-256']).filter((value) => !allowedHashValues || allowedHashValues.includes(value)), undefined);
+            if (!allowedHashAlgs || allowedHashAlgs.length === 0) {
+                throw new core_1.CredoError(`Unable to determine hash alg for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}, no common 'transaction_data_hashes_alg' value found.`);
+            }
+            const supportedHashAlgs = ['sha-1', 'sha-256'];
+            const supportedAllowedHashAlgs = supportedHashAlgs.filter((alg) => allowedHashAlgs.includes(alg));
+            if (supportedAllowedHashAlgs.length === 0) {
+                throw new core_1.CredoError(`Unable to create transaction data hash for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}. None of the common allowed hash algorithms is supported by Credo: ${allowedHashAlgs.join(', ')}. Supported hash algs are ${supportedHashAlgs.join(', ')}.`);
+            }
+            // Not required, but we include it by default as otherwise we need to look at all entries to
+            // see if any specified an alg array
+            const [transactionDataHahsesAlg] = supportedAllowedHashAlgs;
+            const transactionDataHashes = entries.map((entry) => core_1.TypedArrayEncoder.toBase64URL(core_1.Hasher.hash(entry.encoded, transactionDataHahsesAlg)));
+            const credentialsForId = Array.isArray(updatedCredentials[credentialId])
+                ? updatedCredentials[credentialId]
+                : [updatedCredentials[credentialId]];
+            const updatedCredentialsForId = credentialsForId.map((credential) => {
+                if (credential.claimFormat !== core_1.ClaimFormat.SdJwtVc) {
+                    // We already verified this above
+                    throw new core_1.CredoError(`Unexpected claim format '${credential.claimFormat}' for transaction data, expected '${core_1.ClaimFormat.SdJwtVc}'`);
+                }
+                return {
+                    ...credential,
+                    additionalPayload: {
+                        ...(credential.additionalPayload ?? {}),
+                        transaction_data_hashes: transactionDataHashes,
+                        transaction_data_hashes_alg: transactionDataHahsesAlg,
+                    },
+                };
+            });
+            // Will soon be simplified once DCQL also uses array
+            updatedCredentials[credentialId] = Array.isArray(updatedCredentials[credentialId])
+                ? updatedCredentialsForId
+                : updatedCredentialsForId[0];
+        }
+        return updatedCredentials;
+    }
+    async acceptAuthorizationRequest(agentContext, options) {
+        const { authorizationRequestPayload, presentationExchange, dcql, transactionData } = options;
+        const openid4vpClient = this.getOpenid4vpClient(agentContext);
+        const authorizationResponseNonce = await agentContext.wallet.generateNonce();
+        const { nonce } = authorizationRequestPayload;
+        const parsedClientId = (0, openid4vp_1.getOpenid4vpClientId)({ authorizationRequestPayload, origin: options.origin });
+        // If client_id_scheme was used we need to use the legacy client id.
+        const clientId = parsedClientId.legacyClientId ?? parsedClientId.clientId;
+        let openid4vpOptions;
+        if ((0, openid4vp_1.isOpenid4vpAuthorizationRequestDcApi)(authorizationRequestPayload)) {
+            if (!options.origin) {
+                throw new core_1.CredoError('Missing required parameter `origin` parameter for accepting openid4vp dc api requests.');
+            }
+            openid4vpOptions = { type: 'openId4VpDcApi', clientId, origin: options.origin, verifierGeneratedNonce: nonce };
+        }
+        else {
+            const responseUri = authorizationRequestPayload.response_uri ?? authorizationRequestPayload.redirect_uri;
+            if (!responseUri) {
+                throw new core_1.CredoError('Missing required parameter `response_uri` or `redirect_uri` in the authorization request.');
+            }
+            openid4vpOptions = {
+                type: 'openId4Vp',
+                mdocGeneratedNonce: authorizationResponseNonce,
+                responseUri,
+                clientId,
+                verifierGeneratedNonce: nonce,
+            };
+        }
+        let vpToken;
+        let presentationSubmission = undefined;
+        const parsedTransactionData = authorizationRequestPayload.transaction_data
+            ? (0, openid4vp_1.parseTransactionData)({
+                transactionData: authorizationRequestPayload.transaction_data,
+            })
+            : undefined;
+        // Handle presentation exchange part
+        if (authorizationRequestPayload.presentation_definition || presentationExchange) {
+            if (!presentationExchange) {
+                throw new core_1.CredoError('Authorization request included presentation definition. `presentationExchange` MUST be supplied to accept authorization requests.');
+            }
+            if (!authorizationRequestPayload.presentation_definition) {
+                throw new core_1.CredoError('`presentationExchange` was supplied, but no presentation definition was found in the presentation request.');
+            }
+            const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(presentationExchange.credentials, parsedTransactionData, transactionData);
+            const { presentationSubmission: _presentationSubmission, encodedVerifiablePresentations } = await this.presentationExchangeService.createPresentation(agentContext, {
+                credentialsForInputDescriptor: credentialsWithTransactionData,
+                presentationDefinition: authorizationRequestPayload.presentation_definition,
+                challenge: nonce,
+                domain: clientId,
+                presentationSubmissionLocation: core_1.DifPresentationExchangeSubmissionLocation.EXTERNAL,
+                openid4vp: openid4vpOptions,
+            });
+            vpToken =
+                encodedVerifiablePresentations.length === 1 && _presentationSubmission?.descriptor_map[0]?.path === '$'
+                    ? encodedVerifiablePresentations[0]
+                    : encodedVerifiablePresentations;
+            presentationSubmission = _presentationSubmission;
+        }
+        else if (authorizationRequestPayload.dcql_query || dcql) {
+            if (!authorizationRequestPayload.dcql_query) {
+                throw new core_1.CredoError(`'dcql' was supplied, but no dcql request was found in the presentation request.`);
+            }
+            if (!dcql) {
+                throw new core_1.CredoError(`Authorization request included dcql request. 'dcql' MUST be supplied to accept authorization requests.`);
+            }
+            const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(dcql.credentials, parsedTransactionData, transactionData);
+            const { encodedDcqlPresentation } = await this.dcqlService.createPresentation(agentContext, {
+                credentialQueryToCredential: credentialsWithTransactionData,
+                challenge: nonce,
+                domain: clientId,
+                openid4vp: openid4vpOptions,
+            });
+            vpToken = encodedDcqlPresentation;
+        }
+        else {
+            throw new core_1.CredoError('Either pex or dcql must be provided');
+        }
+        const response = await openid4vpClient.createOpenid4vpAuthorizationResponse({
+            authorizationRequestPayload,
+            authorizationResponsePayload: {
+                vp_token: vpToken,
+                presentation_submission: presentationSubmission,
+            },
+            jarm: authorizationRequestPayload.response_mode && (0, openid4vp_1.isJarmResponseMode)(authorizationRequestPayload.response_mode)
+                ? {
+                    encryption: { nonce: authorizationResponseNonce },
+                    serverMetadata: {
+                        authorization_signing_alg_values_supported: [],
+                        authorization_encryption_alg_values_supported: ['ECDH-ES'],
+                        authorization_encryption_enc_values_supported: ['A128GCM', 'A256GCM', 'A128CBC-HS256'],
+                    },
+                }
+                : undefined,
+        });
+        const authorizationResponsePayload = response.authorizationResponsePayload;
+        const authorizationResponse = response.jarm?.responseJwt
+            ? { response: response.jarm.responseJwt }
+            : authorizationResponsePayload;
+        // TODO: we should include more typing here that the user
+        // still needs to submit the response. or as we discussed, split
+        // this method up in create and submit
+        if ((0, openid4vp_1.isOpenid4vpAuthorizationRequestDcApi)(authorizationRequestPayload)) {
+            return {
+                ok: true,
+                authorizationResponse,
+                authorizationResponsePayload,
+            };
+        }
+        // TODO: parse response in openi4vp library so we can have typed error
+        // as well as typed response (with redirect_uri/presentation_during_issuance_session)
+        const result = await openid4vpClient.submitOpenid4vpAuthorizationResponse({
+            authorizationRequestPayload,
+            authorizationResponsePayload: response.authorizationResponsePayload,
+            jarm: response.jarm ? { responseJwt: response.jarm.responseJwt } : undefined,
+        });
+        const responseText = await result.response
+            .clone()
+            .text()
+            .catch(() => null);
+        const responseJson = (await result.response
+            .clone()
+            .json()
+            .catch(() => null));
+        if (!result.response.ok) {
+            return {
+                ok: false,
+                serverResponse: {
+                    status: result.response.status,
+                    body: responseJson ?? responseText,
+                },
+                authorizationResponse,
+                authorizationResponsePayload,
+            };
+        }
+        return {
+            ok: true,
+            serverResponse: {
+                status: result.response.status,
+                body: responseJson ?? {},
+            },
+            authorizationResponse,
+            authorizationResponsePayload,
+            redirectUri: responseJson?.redirect_uri,
+            presentationDuringIssuanceSession: responseJson?.presentation_during_issuance_session,
+        };
+    }
+};
+exports.OpenId4VpHolderService = OpenId4VpHolderService;
+exports.OpenId4VpHolderService = OpenId4VpHolderService = __decorate([
+    (0, core_1.injectable)(),
+    __metadata("design:paramtypes", [core_1.DifPresentationExchangeService,
+        core_1.DcqlService])
+], OpenId4VpHolderService);
+//# sourceMappingURL=OpenId4vpHolderService.js.map

package/build/openid4vc-holder/OpenId4vpHolderService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4vpHolderService.js","sourceRoot":"","sources":["../../src/openid4vc-holder/OpenId4vpHolderService.ts"],"names":[],"mappings":";;;;;;;;;;;;AAkBA,yCASuB;AACvB,oDAQ6B;AAE7B,mDAAwD;AAGjD,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IACjC,YACU,2BAA2D,EAC3D,WAAwB;QADxB,gCAA2B,GAA3B,2BAA2B,CAAgC;QAC3D,gBAAW,GAAX,WAAW,CAAa;IAC/B,CAAC;IAEI,kBAAkB,CAAC,YAA0B,EAAE,mBAA8C;QACnG,MAAM,SAAS,GAAG,IAAA,8BAAkB,EAAC,YAAY,EAAE,mBAAmB,CAAC,CAAA;QACvE,OAAO,IAAI,2BAAe,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;IAC3C,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAC7C,YAA0B,EAC1B,uBAAgC,EAChC,eAA8C;QAE9C,MAAM,sBAAsB,GAAG,uBAA4D,CAAA;QAC3F,IAAI,CAAC,2BAA2B,CAAC,8BAA8B,CAAC,sBAAsB,CAAC,CAAA;QAEvF,MAAM,oBAAoB,GAAG;YAC3B,UAAU,EAAE,sBAAsB;YAClC,qBAAqB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,wBAAwB,CACpF,YAAY,EACZ,sBAAsB,CACvB;SACF,CAAA;QAED,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,CAC7G,WAAW,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,CACpE,CAAA;QAED,2GAA2G;QAC3G,MAAM,sBAAsB,GAAG,eAAe,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC9D,KAAK;YACL,oBAAoB,EAAE,KAAK,CAAC,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,EAAE,CACjF,sBAAsB,CAAC,QAAQ,CAAC,YAAY,CAAC,CAC9C;SACF,CAAC,CAAC,CAAA;QAEH,OAAO,EAAE,GAAG,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,CAAA;IAC9D,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,YAA0B,EAC1B,IAAa,EACb,eAA8C;QAE9C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAA;QAC1D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;QAEhG,2GAA2G;QAC3G,MAAM,sBAAsB,GAAG,eAAe,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC9D,KAAK;YACL,oBAAoB,EAAE,KAAK,CAAC,eAAe,CAAC,cAAc,CAAC,MAAM,CAC/D,CAAC,YAAY,EAAE,EAAE,CAAC,eAAe,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC,OAAO,CAC3E;SACF,CAAC,CAAC,CAAA;QAEH,OAAO,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE,sBAAsB,EAAE,CAAA;IAC3E,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,YAA0B;IAC1B;;;;;OAKG;IACH,oBAAsD,EACtD,OAAqD;QAErD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,EAAE,mBAAmB,CAAC,CAAA;QAC3F,MAAM,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,kCAAkC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAA;QAE/F,MAAM,4BAA4B,GAAG,MAAM,eAAe,CAAC,oCAAoC,CAAC;YAC9F,2BAA2B,EAAE,MAAM;YACnC,MAAM,EAAE,OAAO,EAAE,MAAM;SACxB,CAAC,CAAA;QAEF,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,GAAG,4BAA4B,CAAA;QAE3E,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAClG,MAAM,IAAI,iBAAU,CAAC,kBAAkB,MAAM,CAAC,MAAM,oBAAoB,CAAC,CAAA;QAC3E,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,EAAE,uBAAuB;YAC5C,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,YAAY,EAAE,GAAG,CAAC,uBAAuB,EAAE,eAAe,CAAC;YAC1G,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAEpH,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;QAClE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,oBAAoB,GAAG,CAAC,CAAA;QAErE,OAAO;YACL,2BAA2B,EAAE,4BAA4B,CAAC,2BAA2B;YACrF,eAAe,EAAE,SAAS,EAAE,sBAAsB,IAAI,UAAU,EAAE,sBAAsB;YACxF,oBAAoB,EAAE,SAAS,EAAE,GAAG;YACpC,IAAI,EAAE,UAAU,EAAE,IAAI;YACtB,MAAM,EAAE,OAAO,EAAE,MAAM;SACxB,CAAA;IACH,CAAC;IAEO,0CAA0C;IAGhD,qBAAqB;IACrB,mBAAsB,EACtB,eAA8C,EAC9C,kCAAoE;QAEpE,kGAAkG;QAClG,6BAA6B;QAC7B,IAAI,CAAC,eAAe,IAAI,CAAC,kCAAkC;YAAE,OAAO,mBAAmB,CAAA;QAEvF,IAAI,CAAC,kCAAkC,EAAE,CAAC;YACxC,MAAM,IAAI,iBAAU,CAClB,+JAA+J,CAChK,CAAA;QACH,CAAC;QAED,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,iBAAU,CAClB,yKAAyK,CAC1K,CAAA;QACH,CAAC;QAED,IAAI,eAAe,CAAC,MAAM,KAAK,kCAAkC,CAAC,MAAM,EAAE,CAAC;YACzE,MAAM,IAAI,iBAAU,CAClB,oMAAoM,CACrM,CAAA;QACH,CAAC;QAED,MAAM,4BAA4B,GAAiD,EAAE,CAAA;QACrF,KAAK,MAAM,oBAAoB,IAAI,eAAe,EAAE,CAAC;YACnD,MAAM,oBAAoB,GAAG,eAAe,CAAC,oBAAoB,CAAC,CAAA;YAClE,MAAM,EAAE,YAAY,EAAE,GAAG,kCAAkC,CAAC,oBAAoB,CAAC,CAAA;YAEjF,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChF,MAAM,IAAI,iBAAU,CAClB,kBAAkB,YAAY,mDAAmD,oBAAoB,0FAA0F,oBAAoB,CAAC,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChQ,CAAA;YACH,CAAC;YAED,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,iBAAU,CAClB,kBAAkB,YAAY,mDAAmD,oBAAoB,4EAA4E,CAClL,CAAA;YACH,CAAC;YAED,oGAAoG;YACpG,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;gBACvE,CAAC,CAAC,mBAAmB,CAAC,YAAY,CAAC;gBACnC,CAAC,CAAC,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAA;YAEvC,MAAM,kBAAkB,GAAG,gBAAgB;iBACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,kBAAW,CAAC,OAAO,CAAC;iBACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;YAE5B,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,iBAAU,CAClB,kBAAkB,YAAY,mDAAmD,oBAAoB,2BAA2B,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,kBAAW,CAAC,OAAO,qEAAqE,CACjQ,CAAA;YACH,CAAC;YAED,IAAI,CAAC,4BAA4B,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChD,4BAA4B,CAAC,YAAY,CAAC,GAAG,EAAE,CAAA;YACjD,CAAC;YACD,4BAA4B,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,kBAAkB,GAAG;YACzB,GAAG,mBAAmB;SACvB,CAAA;QACD,KAAK,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,4BAA4B,CAAC,EAAE,CAAC;YACnF,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACpC,CAAC,iBAAiB,EAAE,KAAK,EAAE,EAAE,CAC3B,CAAC,KAAK,CAAC,eAAe,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CACvE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CACnE,EACH,SAAS,CACV,CAAA;YAED,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,iBAAU,CAClB,wDAAwD,YAAY,kCAAkC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,wDAAwD,CACnN,CAAA;YACH,CAAC;YAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,SAAS,CAAsB,CAAA;YACnE,MAAM,wBAAwB,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YACjG,IAAI,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,iBAAU,CAClB,kEAAkE,YAAY,kCAAkC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,uEAAuE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAClU,CAAA;YACH,CAAC;YAED,4FAA4F;YAC5F,oCAAoC;YACpC,MAAM,CAAC,wBAAwB,CAAC,GAAG,wBAAwB,CAAA;YAC3D,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAClD,wBAAiB,CAAC,WAAW,CAAC,aAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC,CACpF,CAAA;YAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;gBACtE,CAAC,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAClC,CAAC,CAAC,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAA;YAEtC,MAAM,uBAAuB,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;gBAClE,IAAI,UAAU,CAAC,WAAW,KAAK,kBAAW,CAAC,OAAO,EAAE,CAAC;oBACnD,iCAAiC;oBACjC,MAAM,IAAI,iBAAU,CAClB,4BAA4B,UAAU,CAAC,WAAW,qCAAqC,kBAAW,CAAC,OAAO,GAAG,CAC9G,CAAA;gBACH,CAAC;gBAED,OAAO;oBACL,GAAG,UAAU;oBACb,iBAAiB,EAAE;wBACjB,GAAG,CAAC,UAAU,CAAC,iBAAiB,IAAI,EAAE,CAAC;wBACvC,uBAAuB,EAAE,qBAAqB;wBAC9C,2BAA2B,EAAE,wBAAwB;qBACtD;iBACF,CAAA;YACH,CAAC,CAAC,CAAA;YAEF,oDAAoD;YACpD,kBAAkB,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;gBAChF,CAAC,CAAC,uBAAuB;gBACzB,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAChC,CAAC;QAED,OAAO,kBAAkB,CAAA;IAC3B,CAAC;IAEM,KAAK,CAAC,0BAA0B,CACrC,YAA0B,EAC1B,OAAmD;QAEnD,MAAM,EAAE,2BAA2B,EAAE,oBAAoB,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,OAAO,CAAA;QAE5F,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAA;QAC7D,MAAM,0BAA0B,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,CAAA;QAC5E,MAAM,EAAE,KAAK,EAAE,GAAG,2BAA2B,CAAA;QAC7C,MAAM,cAAc,GAAG,IAAA,gCAAoB,EAAC,EAAE,2BAA2B,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;QACpG,oEAAoE;QACpE,MAAM,QAAQ,GAAG,cAAc,CAAC,cAAc,IAAI,cAAc,CAAC,QAAQ,CAAA;QAEzE,IAAI,gBAAoG,CAAA;QACxG,IAAI,IAAA,gDAAoC,EAAC,2BAA2B,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,iBAAU,CAAC,wFAAwF,CAAC,CAAA;YAChH,CAAC;YACD,gBAAgB,GAAG,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,sBAAsB,EAAE,KAAK,EAAE,CAAA;QAChH,CAAC;aAAM,CAAC;YACN,MAAM,WAAW,GAAG,2BAA2B,CAAC,YAAY,IAAI,2BAA2B,CAAC,YAAY,CAAA;YACxG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,iBAAU,CAClB,2FAA2F,CAC5F,CAAA;YACH,CAAC;YAED,gBAAgB,GAAG;gBACjB,IAAI,EAAE,WAAW;gBACjB,kBAAkB,EAAE,0BAA0B;gBAC9C,WAAW;gBACX,QAAQ;gBACR,sBAAsB,EAAE,KAAK;aAC9B,CAAA;QACH,CAAC;QAED,IAAI,OAAgB,CAAA;QACpB,IAAI,sBAAsB,GAAkD,SAAS,CAAA;QAErF,MAAM,qBAAqB,GAAG,2BAA2B,CAAC,gBAAgB;YACxE,CAAC,CAAC,IAAA,gCAAoB,EAAC;gBACnB,eAAe,EAAE,2BAA2B,CAAC,gBAAgB;aAC9D,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,oCAAoC;QACpC,IAAI,2BAA2B,CAAC,uBAAuB,IAAI,oBAAoB,EAAE,CAAC;YAChF,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,MAAM,IAAI,iBAAU,CAClB,mIAAmI,CACpI,CAAA;YACH,CAAC;YACD,IAAI,CAAC,2BAA2B,CAAC,uBAAuB,EAAE,CAAC;gBACzD,MAAM,IAAI,iBAAU,CAClB,4GAA4G,CAC7G,CAAA;YACH,CAAC;YAED,MAAM,8BAA8B,GAAG,IAAI,CAAC,0CAA0C,CACpF,oBAAoB,CAAC,WAAW,EAChC,qBAAqB,EACrB,eAAe,CAChB,CAAA;YAED,MAAM,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,8BAA8B,EAAE,GACvF,MAAM,IAAI,CAAC,2BAA2B,CAAC,kBAAkB,CAAC,YAAY,EAAE;gBACtE,6BAA6B,EAAE,8BAA8B;gBAC7D,sBAAsB,EACpB,2BAA2B,CAAC,uBAAuE;gBACrG,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,QAAQ;gBAChB,8BAA8B,EAAE,gDAAyC,CAAC,QAAQ;gBAClF,SAAS,EAAE,gBAAgB;aAC5B,CAAC,CAAA;YAEJ,OAAO;gBACL,8BAA8B,CAAC,MAAM,KAAK,CAAC,IAAI,uBAAuB,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,GAAG;oBACrG,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC;oBACnC,CAAC,CAAC,8BAA8B,CAAA;YACpC,sBAAsB,GAAG,uBAAuB,CAAA;QAClD,CAAC;aAAM,IAAI,2BAA2B,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;YAC1D,IAAI,CAAC,2BAA2B,CAAC,UAAU,EAAE,CAAC;gBAC5C,MAAM,IAAI,iBAAU,CAAC,iFAAiF,CAAC,CAAA;YACzG,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iBAAU,CAClB,wGAAwG,CACzG,CAAA;YACH,CAAC;YAED,MAAM,8BAA8B,GAAG,IAAI,CAAC,0CAA0C,CACpF,IAAI,CAAC,WAAW,EAChB,qBAAqB,EACrB,eAAe,CAChB,CAAA;YAED,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE;gBAC1F,2BAA2B,EAAE,8BAA8B;gBAC3D,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,QAAQ;gBAChB,SAAS,EAAE,gBAAgB;aAC5B,CAAC,CAAA;YAEF,OAAO,GAAG,uBAAuB,CAAA;QACnC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,iBAAU,CAAC,qCAAqC,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,oCAAoC,CAAC;YAC1E,2BAA2B;YAC3B,4BAA4B,EAAE;gBAC5B,QAAQ,EAAE,OAAO;gBACjB,uBAAuB,EAAE,sBAAsB;aAChD;YACD,IAAI,EACF,2BAA2B,CAAC,aAAa,IAAI,IAAA,8BAAkB,EAAC,2BAA2B,CAAC,aAAa,CAAC;gBACxG,CAAC,CAAC;oBACE,UAAU,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE;oBACjD,cAAc,EAAE;wBACd,0CAA0C,EAAE,EAAE;wBAC9C,6CAA6C,EAAE,CAAC,SAAS,CAAC;wBAC1D,6CAA6C,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,eAAe,CAAC;qBACvF;iBACF;gBACH,CAAC,CAAC,SAAS;SAChB,CAAC,CAAA;QAEF,MAAM,4BAA4B,GAAG,QAAQ,CAAC,4BAE7C,CAAA;QACD,MAAM,qBAAqB,GAAG,QAAQ,CAAC,IAAI,EAAE,WAAW;YACtD,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;YACzC,CAAC,CAAC,4BAA4B,CAAA;QAEhC,yDAAyD;QACzD,gEAAgE;QAChE,sCAAsC;QACtC,IAAI,IAAA,gDAAoC,EAAC,2BAA2B,CAAC,EAAE,CAAC;YACtE,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,qBAAqB;gBACrB,4BAA4B;aACpB,CAAA;QACZ,CAAC;QAED,sEAAsE;QACtE,qFAAqF;QACrF,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,oCAAoC,CAAC;YACxE,2BAA2B;YAC3B,4BAA4B,EAAE,QAAQ,CAAC,4BAA4B;YACnE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SAC7E,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,QAAQ;aACvC,KAAK,EAAE;aACP,IAAI,EAAE;aACN,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QAEpB,MAAM,YAAY,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ;aACxC,KAAK,EAAE;aACP,IAAI,EAAE;aACN,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAA;QAEvD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACxB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,cAAc,EAAE;oBACd,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;oBAC9B,IAAI,EAAE,YAAY,IAAI,YAAY;iBACnC;gBACD,qBAAqB;gBACrB,4BAA4B;aACpB,CAAA;QACZ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;gBAC9B,IAAI,EAAE,YAAY,IAAI,EAAE;aACzB;YACD,qBAAqB;YACrB,4BAA4B;YAC5B,WAAW,EAAE,YAAY,EAAE,YAAkC;YAC7D,iCAAiC,EAAE,YAAY,EAAE,oCAA0D;SACnG,CAAA;IACZ,CAAC;CACF,CAAA;AAvaY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,iBAAU,GAAE;qCAG4B,qCAA8B;QAC9C,kBAAW;GAHvB,sBAAsB,CAualC"}

package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.d.ts

@@ -0,0 +1,81 @@
+import type { DcqlCredentialsForRequest, DcqlQueryResult, DifPexCredentialsForRequest, DifPexInputDescriptorToCredentials, DifPresentationExchangeDefinition, EncodedX509Certificate } from '@credo-ts/core';
+import { ResolvedOpenid4vpAuthorizationRequest } from '@openid4vc/openid4vp';
+import type { OpenId4VpAuthorizationRequestPayload } from '../shared';
+export type ParsedTransactionDataEntry = NonNullable<ResolvedOpenid4vpAuthorizationRequest['transactionData']>[number];
+export interface ResolveOpenId4VpAuthorizationRequestOptions {
+    trustedCertificates?: EncodedX509Certificate[];
+    origin?: string;
+}
+export interface OpenId4VpResolvedAuthorizationRequest {
+    /**
+     * Parameters related to DIF Presentation Exchange. Only defined when
+     * the request included
+     */
+    presentationExchange?: {
+        definition: DifPresentationExchangeDefinition;
+        credentialsForRequest: DifPexCredentialsForRequest;
+    };
+    dcql?: {
+        queryResult: DcqlQueryResult;
+    };
+    /**
+     * The transaction data entries, with the matched credential ids.
+     * - For Presentation Exchange the id refers to the presentation exchange id
+     * - For DCQL the id refers to the credential query id
+     *
+     * If no matches were found the `matchedCredentialIds` will be empty and means
+     * the presetnation cannot be satisfied.
+     *
+     * The entries have the same order as the transaction data entries from the request
+     */
+    transactionData?: Array<{
+        entry: ParsedTransactionDataEntry;
+        matchedCredentialIds: string[];
+    }>;
+    /**
+     * The authorization request payload
+     */
+    authorizationRequestPayload: OpenId4VpAuthorizationRequestPayload;
+    /**
+     * Origin of the request, to be used with Digital Credentials API
+     */
+    origin?: string;
+}
+export interface OpenId4VpAcceptAuthorizationRequestOptions {
+    /**
+     * Parameters related to DIF Presentation Exchange. MUST be present when the resolved
+     * authorization request included a `presentationExchange` parameter.
+     */
+    presentationExchange?: {
+        credentials: DifPexInputDescriptorToCredentials;
+    };
+    /**
+     * Parameters related to Dcql. MUST be present when the resolved
+     * authorization request included a `dcql` parameter.
+     */
+    dcql?: {
+        credentials: DcqlCredentialsForRequest;
+    };
+    /**
+     * The credentials to use for the transaction data hashes in the presentation. The length
+     * of the array MUST be the same length as the transaction data entries in the authorization
+     * request, and follow the same order (meaning the first entry in this array matches the first
+     * entry in the transaction data from the request).
+     *
+     * - For Presentation Exchange the id refers to the presentation exchange id
+     * - For DCQL the id refers to the credential query id
+     *
+     */
+    transactionData?: Array<{
+        credentialId: string;
+    }>;
+    /**
+     * The authorization request payload
+     */
+    authorizationRequestPayload: OpenId4VpAuthorizationRequestPayload;
+    /**
+     * The origin of the verifier that is making the request.
+     * Required in combination with the DC Api
+     */
+    origin?: string;
+}

package/build/openid4vc-holder/{OpenId4vcSiopHolderServiceOptions.js → OpenId4vpHolderServiceOptions.js}

@@ -1,3 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=OpenId4vcSiopHolderServiceOptions.js.map
+//# sourceMappingURL=OpenId4vpHolderServiceOptions.js.map

package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4vpHolderServiceOptions.js","sourceRoot":"","sources":["../../src/openid4vc-holder/OpenId4vpHolderServiceOptions.ts"],"names":[],"mappings":""}

package/build/openid4vc-holder/index.d.ts

@@ -2,5 +2,5 @@ export * from './OpenId4VcHolderApi';
 export * from './OpenId4VcHolderModule';
 export * from './OpenId4VciHolderService';
 export * from './OpenId4VciHolderServiceOptions';
-export * from './OpenId4vcSiopHolderService';
-export * from './OpenId4vcSiopHolderServiceOptions';
+export * from './OpenId4vpHolderService';
+export * from './OpenId4vpHolderServiceOptions';

package/build/openid4vc-holder/index.js

@@ -18,6 +18,6 @@ __exportStar(require("./OpenId4VcHolderApi"), exports);
 __exportStar(require("./OpenId4VcHolderModule"), exports);
 __exportStar(require("./OpenId4VciHolderService"), exports);
 __exportStar(require("./OpenId4VciHolderServiceOptions"), exports);
-__exportStar(require("./OpenId4vcSiopHolderService"), exports);
-__exportStar(require("./OpenId4vcSiopHolderServiceOptions"), exports);
+__exportStar(require("./OpenId4vpHolderService"), exports);
+__exportStar(require("./OpenId4vpHolderServiceOptions"), exports);
 //# sourceMappingURL=index.js.map

package/build/openid4vc-holder/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/openid4vc-holder/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,0DAAuC;AACvC,4DAAyC;AACzC,mEAAgD;AAChD,+DAA4C;AAC5C,sEAAmD"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/openid4vc-holder/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,0DAAuC;AACvC,4DAAyC;AACzC,mEAAgD;AAChD,2DAAwC;AACxC,kEAA+C"}

package/build/openid4vc-issuer/OpenId4VcIssuerEvents.d.ts

@@ -1,6 +1,6 @@
+import type { BaseEvent } from '@credo-ts/core';
 import type { OpenId4VcIssuanceSessionState } from './OpenId4VcIssuanceSessionState';
 import type { OpenId4VcIssuanceSessionRecord } from './repository';
-import type { BaseEvent } from '@credo-ts/core';
 export declare enum OpenId4VcIssuerEvents {
     IssuanceSessionStateChanged = "OpenId4VcIssuer.IssuanceSessionStateChanged"
 }

package/build/openid4vc-issuer/OpenId4VcIssuerModule.d.ts

@@ -1,5 +1,5 @@
-import type { OpenId4VcIssuerModuleConfigOptions } from './OpenId4VcIssuerModuleConfig';
 import type { AgentContext, DependencyManager, Module } from '@credo-ts/core';
+import type { OpenId4VcIssuerModuleConfigOptions } from './OpenId4VcIssuerModuleConfig';
 import { OpenId4VcIssuerApi } from './OpenId4VcIssuerApi';
 import { OpenId4VcIssuerModuleConfig } from './OpenId4VcIssuerModuleConfig';
 /**

package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts

@@ -1,5 +1,5 @@
-import type { OpenId4VciCredentialRequestToCredentialMapper, OpenId4VciGetVerificationSessionForIssuanceSessionAuthorization } from './OpenId4VcIssuerServiceOptions';
 import type { Router } from 'express';
+import type { OpenId4VciCredentialRequestToCredentialMapper, OpenId4VciGetVerificationSessionForIssuanceSessionAuthorization } from './OpenId4VcIssuerServiceOptions';
 export interface OpenId4VcIssuerModuleConfigOptions {
     /**
      * Base url at which the issuer endpoints will be hosted. All endpoints will be exposed with

package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts

@@ -1,7 +1,6 @@
-import type { OpenId4VciCreateCredentialOfferOptions, OpenId4VciCreateCredentialResponseOptions, OpenId4VciCreateIssuerOptions, OpenId4VciCreateStatelessCredentialOfferOptions } from './OpenId4VcIssuerServiceOptions';
 import type { OpenId4VciMetadata } from '../shared';
-import type { AgentContext, Query, QueryOptions } from '@credo-ts/core';
-import { W3cCredentialService } from '@credo-ts/core';
+import type { OpenId4VciCreateCredentialOfferOptions, OpenId4VciCreateCredentialResponseOptions, OpenId4VciCreateIssuerOptions, OpenId4VciCreateStatelessCredentialOfferOptions } from './OpenId4VcIssuerServiceOptions';
+import { AgentContext, Query, QueryOptions, W3cCredentialService } from '@credo-ts/core';
 import { Oauth2AuthorizationServer, Oauth2Client, Oauth2ResourceServer } from '@openid4vc/oauth2';
 import { Openid4vciIssuer } from '@openid4vc/openid4vci';
 import { OpenId4VcIssuanceSessionState } from './OpenId4VcIssuanceSessionState';

package/build/openid4vc-issuer/OpenId4VcIssuerService.js

@@ -82,10 +82,10 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
             throw new core_1.CredoError('You need to offer at least one credential.');
         }
         // We always use shortened URIs currently
+        const credentialOfferId = core_1.utils.uuid();
         const hostedCredentialOfferUri = (0, core_1.joinUriParts)(issuerMetadata.credentialIssuer.credential_issuer, [
             this.openId4VcIssuerConfig.credentialOfferEndpointPath,
-            // It doesn't really matter what the url is, as long as it's unique
-            core_1.utils.uuid(),
+            credentialOfferId,
         ]);
         // Check if all the offered credential configuration ids have a scope value. If not, it won't be possible to actually request
         // issuance of the credential later on. For pre-auth it's not needed to add a scope.
@@ -115,6 +115,7 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
         const issuanceSession = new repository_1.OpenId4VcIssuanceSessionRecord({
             credentialOfferPayload: credentialOfferObject,
             credentialOfferUri: hostedCredentialOfferUri,
+            credentialOfferId,
             issuerId: issuer.issuerId,
             state: OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.OfferCreated,
             authorization: credentialOfferObject.grants?.authorization_code?.issuer_state
@@ -634,7 +635,7 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
                 credentials: (await Promise.all(signOptions.credentials.map((credential) => this.signW3cCredential(agentContext, signOptions.format, credential).then((signed) => signed.encoded)))),
             };
         }
-        else if (signOptions.format === core_1.ClaimFormat.SdJwtVc) {
+        if (signOptions.format === core_1.ClaimFormat.SdJwtVc) {
             if (signOptions.format !== requestFormat.format) {
                 throw new core_1.CredoError(`Invalid credential format returned by sign options. Expected '${requestFormat.format}', received '${signOptions.format}'.`);
             }
@@ -648,7 +649,7 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
                 credentials: await Promise.all(signOptions.credentials.map((credential) => sdJwtVcApi.sign(credential).then((signed) => signed.compact))),
             };
         }
-        else if (signOptions.format === core_1.ClaimFormat.MsoMdoc) {
+        if (signOptions.format === core_1.ClaimFormat.MsoMdoc) {
             if (signOptions.format !== requestFormat.format) {
                 throw new core_1.CredoError(`Invalid credential format returned by sign options. Expected '${requestFormat.format}', received '${signOptions.format}'.`);
             }
@@ -662,9 +663,7 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
                 credentials: await Promise.all(signOptions.credentials.map((credential) => mdocApi.sign(credential).then((signed) => signed.base64Url))),
             };
         }
-        else {
-            throw new core_1.CredoError(`Unsupported credential format ${signOptions.format}`);
-        }
+        throw new core_1.CredoError(`Unsupported credential format ${signOptions.format}`);
     }
     async signW3cCredential(agentContext, format, options) {
         const key = await (0, utils_1.getKeyFromDid)(agentContext, options.verificationMethod);
@@ -684,15 +683,13 @@ let OpenId4VcIssuerService = class OpenId4VcIssuerService {
                 alg,
             });
         }
-        else {
-            const proofType = (0, utils_1.getProofTypeFromKey)(agentContext, key);
-            return await this.w3cCredentialService.signCredential(agentContext, {
-                format: core_1.ClaimFormat.LdpVc,
-                credential: options.credential,
-                verificationMethod: options.verificationMethod,
-                proofType: proofType,
-            });
-        }
+        const proofType = (0, utils_1.getProofTypeFromKey)(agentContext, key);
+        return await this.w3cCredentialService.signCredential(agentContext, {
+            format: core_1.ClaimFormat.LdpVc,
+            credential: options.credential,
+            verificationMethod: options.verificationMethod,
+            proofType: proofType,
+        });
     }
 };
 exports.OpenId4VcIssuerService = OpenId4VcIssuerService;