npm - @credo-ts/openid4vc - Versions diffs - 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534 - Mend

@credo-ts/openid4vc 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/build/openid4vc-holder/OpenId4vpHolderService.mjs CHANGED Viewed

@@ -83,8 +83,8 @@ let OpenId4VpHolderService = class OpenId4VpHolderService$1 {
 	}
 	extendCredentialsWithTransactionDataHashes(selectedCredentials, transactionData, selectedTransactionDataCredentials) {
 		if (!transactionData && !selectedTransactionDataCredentials) return selectedCredentials;
-		if (!selectedTransactionDataCredentials) throw new CredoError("Autohrization request contains transaction data entries, but no credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method.");
-		if (!transactionData) throw new CredoError("Autohrization request doe not contains transaction data entries, but credentail ids were provided to sign transaction data hashes in acceptAuthorizationRequest method.");
+		if (!selectedTransactionDataCredentials) throw new CredoError("Authorization request contains transaction data entries, but no credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method.");
+		if (!transactionData) throw new CredoError("Authorization request doe not contains transaction data entries, but credentail ids were provided to sign transaction data hashes in acceptAuthorizationRequest method.");
 		if (transactionData.length !== selectedTransactionDataCredentials.length) throw new CredoError("Credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method, but the length does not match the number of transaction data entries from the authorization request.");
 		const credentialsToTransactionData = {};
 		transactionData.forEach((transactionDataEntry, transactionDataIndex) => {
@@ -138,7 +138,7 @@ let OpenId4VpHolderService = class OpenId4VpHolderService$1 {
 		const isDcApiRequest = isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload);
 		const shouldEncryptResponse = authorizationRequestPayload.response_mode && isJarmResponseMode(authorizationRequestPayload.response_mode);
 		const audience = openid4vpVersion === "v1" && isDcApiRequest ? `origin:${options.origin}` : clientId;
-		let encryptionJwk = void 0;
+		let encryptionJwk;
 		if (shouldEncryptResponse) {
 			const clientMetadata = authorizationRequestPayload.client_metadata;
 			if (!clientMetadata) throw new CredoError("Authorization request payload does not contain 'client_metadata' needed to extract response encryption JWK.");
@@ -180,7 +180,7 @@ let OpenId4VpHolderService = class OpenId4VpHolderService$1 {
 			};
 		}
 		let vpToken;
-		let presentationSubmission = void 0;
+		let presentationSubmission;
 		const parsedTransactionData = authorizationRequestPayload.transaction_data ? parseTransactionData({ transactionData: authorizationRequestPayload.transaction_data }) : void 0;
 		if (authorizationRequestPayload.presentation_definition || presentationExchange) {
 			if (!presentationExchange) throw new CredoError("Authorization request included presentation definition. `presentationExchange` MUST be supplied to accept authorization requests.");

package/build/openid4vc-holder/OpenId4vpHolderService.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"OpenId4vpHolderService.mjs","names":["OpenId4VpHolderService","presentationExchangeService: DifPresentationExchangeService","dcqlService: DcqlService","credentialsToTransactionData: Record<string, ParsedTransactionDataEntry[]>","openid4vpVersion: OpenId4VpVersion","encryptionJwk: Jwk \| undefined","mdocSessionTranscript: MdocSessionTranscriptOptions","vpToken: VpToken","presentationSubmission: DifPresentationExchangeSubmission \| undefined"],"sources":["../../src/openid4vc-holder/OpenId4vpHolderService.ts"],"sourcesContent":["import type {\n AgentContext,\n DcqlCredentialsForRequest,\n DifPexInputDescriptorToCredentials,\n DifPresentationExchangeDefinition,\n DifPresentationExchangeSubmission,\n EncodedX509Certificate,\n HashName,\n MdocSessionTranscriptOptions,\n} from '@credo-ts/core'\nimport type {\n OpenId4VpAcceptAuthorizationRequestOptions,\n OpenId4VpResolvedAuthorizationRequest,\n ParsedTransactionDataEntry,\n ResolveOpenId4VpAuthorizationRequestOptions,\n} from './OpenId4vpHolderServiceOptions'\n\nimport {\n ClaimFormat,\n CredoError,\n DcqlService,\n DifPresentationExchangeService,\n DifPresentationExchangeSubmissionLocation,\n Hasher,\n Kms,\n TypedArrayEncoder,\n injectable,\n} from '@credo-ts/core'\nimport {\n type Openid4vpAuthorizationResponse,\n Openid4vpClient,\n type VpToken,\n extractEncryptionJwkFromJwks,\n getOpenid4vpClientId,\n isJarmResponseMode,\n isOpenid4vpAuthorizationRequestDcApi,\n parseAuthorizationRequestVersion,\n parseTransactionData,\n} from '@openid4vc/openid4vp'\n\nimport type { Jwk } from '@openid4vc/oauth2'\nimport type { OpenId4VpVersion } from '../openid4vc-verifier'\nimport { getOid4vcCallbacks } from '../shared/callbacks'\n\n@injectable()\nexport class OpenId4VpHolderService {\n public constructor(\n private presentationExchangeService: DifPresentationExchangeService,\n private dcqlService: DcqlService\n ) {}\n\n private getOpenid4vpClient(\n agentContext: AgentContext,\n options?: { trustedCertificates?: EncodedX509Certificate[]; isVerifyOpenId4VpAuthorizationRequest?: boolean }\n ) {\n const callbacks = getOid4vcCallbacks(agentContext, {\n trustedCertificates: options?.trustedCertificates,\n isVerifyOpenId4VpAuthorizationRequest: options?.isVerifyOpenId4VpAuthorizationRequest,\n })\n return new Openid4vpClient({ callbacks })\n }\n\n private async handlePresentationExchangeRequest(\n agentContext: AgentContext,\n _presentationDefinition: unknown,\n transactionData?: ParsedTransactionDataEntry[]\n ) {\n const presentationDefinition = _presentationDefinition as DifPresentationExchangeDefinition\n this.presentationExchangeService.validatePresentationDefinition(presentationDefinition)\n\n const presentationExchange = {\n definition: presentationDefinition,\n credentialsForRequest: await this.presentationExchangeService.getCredentialsForRequest(\n agentContext,\n presentationDefinition\n ),\n }\n\n const availableCredentialIds = presentationExchange.credentialsForRequest.requirements.flatMap((requirement) =>\n requirement.submissionEntry.map((entry) => entry.inputDescriptorId)\n )\n\n // for each transaction data entry, get all credentials that can be used to sign the respective transaction\n const matchedTransactionData = transactionData?.map((entry) => ({\n entry,\n matchedCredentialIds: entry.transactionData.credential_ids.filter((credentialId) =>\n availableCredentialIds.includes(credentialId)\n ),\n }))\n\n return { pex: presentationExchange, matchedTransactionData }\n }\n\n private async handleDcqlRequest(\n agentContext: AgentContext,\n dcql: unknown,\n transactionData?: ParsedTransactionDataEntry[]\n ) {\n const dcqlQuery = this.dcqlService.validateDcqlQuery(dcql)\n const dcqlQueryResult = await this.dcqlService.getCredentialsForRequest(agentContext, dcqlQuery)\n\n // for each transaction data entry, get all credentials that can fore used to sign the respective transaction\n const matchedTransactionData = transactionData?.map((entry) => ({\n entry,\n matchedCredentialIds: entry.transactionData.credential_ids.filter(\n (credentialId) => dcqlQueryResult.credential_matches[credentialId].success\n ),\n }))\n\n return { dcql: { queryResult: dcqlQueryResult }, matchedTransactionData }\n }\n\n public async resolveAuthorizationRequest(\n agentContext: AgentContext,\n /*\n Can be:\n * - JWT\n * - URI containing request or request_uri param\n * - Request payload\n */\n authorizationRequest: string \| Record<string, unknown>,\n options?: ResolveOpenId4VpAuthorizationRequestOptions\n ): Promise<OpenId4VpResolvedAuthorizationRequest> {\n const openid4vpClient = this.getOpenid4vpClient(agentContext, {\n trustedCertificates: options?.trustedCertificates,\n isVerifyOpenId4VpAuthorizationRequest: true,\n })\n const { params } = openid4vpClient.parseOpenid4vpAuthorizationRequest({ authorizationRequest })\n\n const verifiedAuthorizationRequest = await openid4vpClient.resolveOpenId4vpAuthorizationRequest({\n authorizationRequestPayload: params,\n origin: options?.origin,\n })\n\n const { client, pex, transactionData, dcql } = verifiedAuthorizationRequest\n\n // Prefix on client is normalized, so also includes did/web-orgin\n if (\n client.prefix !== 'x509_san_dns' &&\n client.prefix !== 'x509_hash' &&\n client.prefix !== 'decentralized_identifier' &&\n client.prefix !== 'origin' &&\n client.prefix !== 'redirect_uri'\n ) {\n throw new CredoError(`Client id prefix '${client.prefix}' is not supported`)\n }\n\n const returnValue = {\n authorizationRequestPayload: verifiedAuthorizationRequest.authorizationRequestPayload,\n origin: options?.origin,\n signedAuthorizationRequest: verifiedAuthorizationRequest.jar\n ? {\n signer: verifiedAuthorizationRequest.jar?.signer,\n payload: verifiedAuthorizationRequest.jar.jwt.payload,\n header: verifiedAuthorizationRequest.jar.jwt.header,\n }\n : undefined,\n }\n\n const pexResult = pex?.presentation_definition\n ? await this.handlePresentationExchangeRequest(agentContext, pex.presentation_definition, transactionData)\n : undefined\n\n const dcqlResult = dcql?.query ? await this.handleDcqlRequest(agentContext, dcql.query, transactionData) : undefined\n\n agentContext.config.logger.debug('verified Authorization Request')\n agentContext.config.logger.debug(`request '${authorizationRequest}'`)\n\n return {\n ...returnValue,\n verifier: {\n clientIdPrefix: client.prefix,\n effectiveClientId: client.effective,\n },\n transactionData: pexResult?.matchedTransactionData ?? dcqlResult?.matchedTransactionData,\n presentationExchange: pexResult?.pex,\n dcql: dcqlResult?.dcql,\n }\n }\n\n private extendCredentialsWithTransactionDataHashes<\n T extends DifPexInputDescriptorToCredentials \| DcqlCredentialsForRequest,\n >(\n // Either PEX or DCQL\n selectedCredentials: T,\n transactionData?: ParsedTransactionDataEntry[],\n selectedTransactionDataCredentials?: Array<{ credentialId: string }>\n ): T {\n // TODO: it would make sense for oid4vc to also handle this validation logic, but it would require\n // knowledge of PEX / DCQL...\n if (!transactionData && !selectedTransactionDataCredentials) return selectedCredentials\n\n if (!selectedTransactionDataCredentials) {\n throw new CredoError(\n 'Autohrization request contains transaction data entries, but no credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method.'\n )\n }\n\n if (!transactionData) {\n throw new CredoError(\n 'Autohrization request doe not contains transaction data entries, but credentail ids were provided to sign transaction data hashes in acceptAuthorizationRequest method.'\n )\n }\n\n if (transactionData.length !== selectedTransactionDataCredentials.length) {\n throw new CredoError(\n 'Credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method, but the length does not match the number of transaction data entries from the authorization request.'\n )\n }\n\n const credentialsToTransactionData: Record<string, ParsedTransactionDataEntry[]> = {}\n\n transactionData.forEach((transactionDataEntry, transactionDataIndex) => {\n const { credentialId } = selectedTransactionDataCredentials[transactionDataIndex]\n\n if (!transactionDataEntry.transactionData.credential_ids.includes(credentialId)) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' is not present in allowed credential ids for transaction. Allowed credential ids are ${transactionDataEntry.transactionData.credential_ids.join(', ')}`\n )\n }\n\n if (!selectedCredentials[credentialId]) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}', but credential is not included in the credentials for the presentation.`\n )\n }\n\n const unsupportedFormats = selectedCredentials[credentialId]\n .filter((c) => c.claimFormat !== ClaimFormat.SdJwtDc)\n .map((c) => c.claimFormat)\n\n if (unsupportedFormats.length > 0) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' unsupported format(s) ${unsupportedFormats.join(', ')}. Only '${ClaimFormat.SdJwtDc}' is supported for transaction data signing in Credo at the moment.`\n )\n }\n\n if (!credentialsToTransactionData[credentialId]) {\n credentialsToTransactionData[credentialId] = []\n }\n credentialsToTransactionData[credentialId].push(transactionDataEntry)\n })\n\n const updatedCredentials = {\n ...selectedCredentials,\n }\n for (const [credentialId, entries] of Object.entries(credentialsToTransactionData)) {\n const allowedHashAlgs = entries.reduce<string[] \| undefined>(\n (allowedHashValues, entry) =>\n (entry.transactionData.transaction_data_hashes_alg ?? ['sha-256']).filter(\n (value) => !allowedHashValues \|\| allowedHashValues.includes(value)\n ),\n undefined\n )\n\n if (!allowedHashAlgs \|\| allowedHashAlgs.length === 0) {\n throw new CredoError(\n `Unable to determine hash alg for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}, no common 'transaction_data_hashes_alg' value found.`\n )\n }\n\n const supportedHashAlgs = ['sha-1', 'sha-256'] satisfies HashName[]\n const supportedAllowedHashAlgs = supportedHashAlgs.filter((alg) => allowedHashAlgs.includes(alg))\n if (supportedAllowedHashAlgs.length === 0) {\n throw new CredoError(\n `Unable to create transaction data hash for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}. None of the common allowed hash algorithms is supported by Credo: ${allowedHashAlgs.join(', ')}. Supported hash algs are ${supportedHashAlgs.join(', ')}.`\n )\n }\n\n // Not required, but we include it by default as otherwise we need to look at all entries to\n // see if any specified an alg array\n const [transactionDataHahsesAlg] = supportedAllowedHashAlgs\n const transactionDataHashes = entries.map((entry) =>\n TypedArrayEncoder.toBase64URL(Hasher.hash(entry.encoded, transactionDataHahsesAlg))\n )\n\n updatedCredentials[credentialId] = updatedCredentials[credentialId].map((credential) => {\n if (credential.claimFormat !== ClaimFormat.SdJwtDc) {\n // We already verified this above\n throw new CredoError(\n `Unexpected claim format '${credential.claimFormat}' for transaction data, expected '${ClaimFormat.SdJwtDc}'`\n )\n }\n\n return {\n ...credential,\n additionalPayload: {\n ...(credential.additionalPayload ?? {}),\n transaction_data_hashes: transactionDataHashes,\n transaction_data_hashes_alg: transactionDataHahsesAlg,\n },\n }\n })\n }\n\n return updatedCredentials\n }\n\n public async acceptAuthorizationRequest(\n agentContext: AgentContext,\n options: OpenId4VpAcceptAuthorizationRequestOptions\n ) {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n const { authorizationRequestPayload, presentationExchange, dcql, transactionData } = options\n\n const openid4vpClient = this.getOpenid4vpClient(agentContext)\n const authorizationResponseNonce = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }))\n const { nonce } = authorizationRequestPayload\n\n let openid4vpVersionNumber = parseAuthorizationRequestVersion(authorizationRequestPayload)\n\n // It's hard to detect draft 24 for x509_san_dns/unsigned dc-api. In draft 27 a new vp_formats structure was introduced\n // so if the client id prefix is 'x509_san_dns' or there's no client_id and still uses the old vp_formats structure, we parse it\n // as draft 24 (to at least ensure compatibility with credo)\n if (\n openid4vpVersionNumber >= 24 &&\n openid4vpVersionNumber < 27 &&\n (!authorizationRequestPayload.client_id \|\| authorizationRequestPayload.client_id?.startsWith('x509_san_dns:'))\n ) {\n openid4vpVersionNumber = 24\n }\n\n // We mainly support draft 21/24 and 1.0, but we try to parse in-between versions\n // as one of the supported versions, to not throw errors even before trying.\n const openid4vpVersion: OpenId4VpVersion =\n openid4vpVersionNumber > 24 ? 'v1' : openid4vpVersionNumber <= 21 ? 'v1.draft21' : 'v1.draft24'\n\n const parsedClientId = getOpenid4vpClientId({\n responseMode: authorizationRequestPayload.response_mode,\n clientId: authorizationRequestPayload.client_id,\n legacyClientIdScheme: authorizationRequestPayload.client_id_scheme,\n origin: options.origin,\n version: openid4vpVersionNumber,\n })\n\n const clientId = parsedClientId.effectiveClientId\n const isDcApiRequest = isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)\n\n const shouldEncryptResponse =\n authorizationRequestPayload.response_mode && isJarmResponseMode(authorizationRequestPayload.response_mode)\n\n // TODO: we should return the effectiveAudience in the returned value of openid4vp lib\n // Since it differs based on the version of openid4vp used\n // NOTE: in v1 DC API request the audience is always origin: (not the client id)\n const audience = openid4vpVersion === 'v1' && isDcApiRequest ? `origin:${options.origin}` : clientId\n\n let encryptionJwk: Jwk \| undefined = undefined\n if (shouldEncryptResponse) {\n // NOTE: Once we add support for federation we need to require the clientMetadata as input to the accept method.\n const clientMetadata = authorizationRequestPayload.client_metadata\n\n if (!clientMetadata) {\n throw new CredoError(\n \"Authorization request payload does not contain 'client_metadata' needed to extract response encryption JWK.\"\n )\n }\n if (!clientMetadata.jwks) {\n throw new CredoError(\n \"Authorization request payload 'client_metadata' does not contain 'jwks' needed to extract response encryption JWK.\"\n )\n }\n\n encryptionJwk = extractEncryptionJwkFromJwks(clientMetadata.jwks, {\n supportedAlgValues: ['ECDH-ES'],\n })\n\n if (!encryptionJwk) {\n throw new CredoError(\"Unable to extract encryption JWK from 'client_metadata' for supported alg 'ECDH-ES'\")\n }\n }\n\n let mdocSessionTranscript: MdocSessionTranscriptOptions\n if (isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {\n if (!options.origin) {\n throw new CredoError('Missing required parameter `origin` parameter for accepting openid4vp dc api requests.')\n }\n\n if (openid4vpVersion === 'v1') {\n mdocSessionTranscript = {\n type: 'openId4VpDcApi',\n origin: options.origin,\n verifierGeneratedNonce: nonce,\n encryptionJwk: encryptionJwk ? Kms.PublicJwk.fromUnknown(encryptionJwk) : undefined,\n }\n } else {\n mdocSessionTranscript = {\n type: 'openId4VpDcApiDraft24',\n clientId,\n origin: options.origin,\n verifierGeneratedNonce: nonce,\n }\n }\n } else {\n const responseUri = authorizationRequestPayload.response_uri ?? authorizationRequestPayload.redirect_uri\n if (!responseUri) {\n throw new CredoError(\n 'Missing required parameter `response_uri` or `redirect_uri` in the authorization request.'\n )\n }\n\n if (openid4vpVersion === 'v1') {\n mdocSessionTranscript = {\n type: 'openId4Vp',\n responseUri,\n clientId,\n verifierGeneratedNonce: nonce,\n encryptionJwk: encryptionJwk ? Kms.PublicJwk.fromUnknown(encryptionJwk) : undefined,\n }\n } else {\n mdocSessionTranscript = {\n type: 'openId4VpDraft18',\n mdocGeneratedNonce: authorizationResponseNonce,\n responseUri,\n clientId,\n verifierGeneratedNonce: nonce,\n }\n }\n }\n\n let vpToken: VpToken\n let presentationSubmission: DifPresentationExchangeSubmission \| undefined = undefined\n\n const parsedTransactionData = authorizationRequestPayload.transaction_data\n ? parseTransactionData({\n transactionData: authorizationRequestPayload.transaction_data,\n })\n : undefined\n\n // Handle presentation exchange part\n if (authorizationRequestPayload.presentation_definition \|\| presentationExchange) {\n if (!presentationExchange) {\n throw new CredoError(\n 'Authorization request included presentation definition. `presentationExchange` MUST be supplied to accept authorization requests.'\n )\n }\n if (!authorizationRequestPayload.presentation_definition) {\n throw new CredoError(\n '`presentationExchange` was supplied, but no presentation definition was found in the presentation request.'\n )\n }\n\n const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(\n presentationExchange.credentials,\n parsedTransactionData,\n transactionData\n )\n\n const { presentationSubmission: _presentationSubmission, encodedVerifiablePresentations } =\n await this.presentationExchangeService.createPresentation(agentContext, {\n credentialsForInputDescriptor: credentialsWithTransactionData,\n presentationDefinition:\n authorizationRequestPayload.presentation_definition as unknown as DifPresentationExchangeDefinition,\n challenge: nonce,\n domain: audience,\n presentationSubmissionLocation: DifPresentationExchangeSubmissionLocation.EXTERNAL,\n mdocSessionTranscript: mdocSessionTranscript,\n })\n\n vpToken =\n encodedVerifiablePresentations.length === 1 && _presentationSubmission?.descriptor_map[0]?.path === '$'\n ? encodedVerifiablePresentations[0]\n : encodedVerifiablePresentations\n presentationSubmission = _presentationSubmission\n } else if (authorizationRequestPayload.dcql_query \|\| dcql) {\n if (!authorizationRequestPayload.dcql_query) {\n throw new CredoError(`'dcql' was supplied, but no dcql request was found in the presentation request.`)\n }\n if (!dcql) {\n throw new CredoError(\n `Authorization request included dcql request. 'dcql' MUST be supplied to accept authorization requests.`\n )\n }\n\n const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(\n dcql.credentials,\n parsedTransactionData,\n transactionData\n )\n\n const { encodedDcqlPresentation } = await this.dcqlService.createPresentation(agentContext, {\n credentialQueryToCredential: credentialsWithTransactionData,\n challenge: nonce,\n domain: audience,\n mdocSessionTranscript: mdocSessionTranscript,\n })\n\n vpToken = encodedDcqlPresentation\n\n // Pre 1.0 the vp_token directly maps from query id to presentation instead of array\n if (openid4vpVersion !== 'v1') {\n vpToken = Object.fromEntries(\n Object.entries(encodedDcqlPresentation).map(([credentialQueryId, presentations]) => {\n if (presentations.length > 1) {\n throw new CredoError(\n `Multiple presentations for a single dcql query credential are not supported when using OpenID4VP version '${openid4vpVersion}'.`\n )\n }\n\n return [credentialQueryId, presentations[0]]\n })\n )\n }\n } else {\n throw new CredoError('Either pex or dcql must be provided')\n }\n\n const response = await openid4vpClient.createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload,\n origin: options.origin,\n authorizationResponsePayload: {\n vp_token: vpToken,\n presentation_submission: presentationSubmission,\n },\n jarm: encryptionJwk\n ? {\n encryption: { nonce: authorizationResponseNonce, jwk: encryptionJwk },\n serverMetadata: {\n authorization_signing_alg_values_supported: [],\n authorization_encryption_alg_values_supported: ['ECDH-ES'],\n authorization_encryption_enc_values_supported: ['A128GCM', 'A256GCM', 'A128CBC-HS256'],\n },\n }\n : undefined,\n })\n\n const authorizationResponsePayload = response.authorizationResponsePayload as Openid4vpAuthorizationResponse & {\n presentation_submission?: DifPresentationExchangeSubmission\n }\n const authorizationResponse = response.jarm?.responseJwt\n ? { response: response.jarm.responseJwt }\n : authorizationResponsePayload\n\n // TODO: we should include more typing here that the user\n // still needs to submit the response. or as we discussed, split\n // this method up in create and submit\n if (isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {\n return {\n ok: true,\n authorizationResponse,\n authorizationResponsePayload,\n } as const\n }\n\n // TODO: parse response in openi4vp library so we can have typed error\n // as well as typed response (with redirect_uri/presentation_during_issuance_session)\n const result = await openid4vpClient.submitOpenid4vpAuthorizationResponse({\n authorizationRequestPayload,\n authorizationResponsePayload: response.authorizationResponsePayload,\n jarm: response.jarm ? { responseJwt: response.jarm.responseJwt } : undefined,\n })\n\n const responseText = await result.response\n .clone()\n .text()\n .catch(() => null)\n\n const responseJson = (await result.response\n .clone()\n .json()\n .catch(() => null)) as null \| Record<string, unknown>\n\n if (!result.response.ok) {\n return {\n ok: false,\n serverResponse: {\n status: result.response.status,\n body: responseJson ?? responseText,\n },\n authorizationResponse,\n authorizationResponsePayload,\n } as const\n }\n\n return {\n ok: true,\n serverResponse: {\n status: result.response.status,\n body: responseJson ?? {},\n },\n authorizationResponse,\n authorizationResponsePayload,\n redirectUri: responseJson?.redirect_uri as string \| undefined,\n presentationDuringIssuanceSession: responseJson?.presentation_during_issuance_session as string \| undefined,\n } as const\n }\n}\n"],"mappings":";;;;;;;;AA6CO,mCAAMA,yBAAuB;CAClC,AAAO,YACL,AAAQC,6BACR,AAAQC,aACR;EAFQ;EACA;;CAGV,AAAQ,mBACN,cACA,SACA;AAKA,SAAO,IAAI,gBAAgB,EAAE,WAJX,mBAAmB,cAAc;GACjD,qBAAqB,SAAS;GAC9B,uCAAuC,SAAS;GACjD,CAAC,EACsC,CAAC;;CAG3C,MAAc,kCACZ,cACA,yBACA,iBACA;EACA,MAAM,yBAAyB;AAC/B,OAAK,4BAA4B,+BAA+B,uBAAuB;EAEvF,MAAM,uBAAuB;GAC3B,YAAY;GACZ,uBAAuB,MAAM,KAAK,4BAA4B,yBAC5D,cACA,uBACD;GACF;EAED,MAAM,yBAAyB,qBAAqB,sBAAsB,aAAa,SAAS,gBAC9F,YAAY,gBAAgB,KAAK,UAAU,MAAM,kBAAkB,CACpE;AAUD,SAAO;GAAE,KAAK;GAAsB,wBAPL,iBAAiB,KAAK,WAAW;IAC9D;IACA,sBAAsB,MAAM,gBAAgB,eAAe,QAAQ,iBACjE,uBAAuB,SAAS,aAAa,CAC9C;IACF,EAAE;GAEyD;;CAG9D,MAAc,kBACZ,cACA,MACA,iBACA;EACA,MAAM,YAAY,KAAK,YAAY,kBAAkB,KAAK;EAC1D,MAAM,kBAAkB,MAAM,KAAK,YAAY,yBAAyB,cAAc,UAAU;EAGhG,MAAM,yBAAyB,iBAAiB,KAAK,WAAW;GAC9D;GACA,sBAAsB,MAAM,gBAAgB,eAAe,QACxD,iBAAiB,gBAAgB,mBAAmB,cAAc,QACpE;GACF,EAAE;AAEH,SAAO;GAAE,MAAM,EAAE,aAAa,iBAAiB;GAAE;GAAwB;;CAG3E,MAAa,4BACX,cAOA,sBACA,SACgD;EAChD,MAAM,kBAAkB,KAAK,mBAAmB,cAAc;GAC5D,qBAAqB,SAAS;GAC9B,uCAAuC;GACxC,CAAC;EACF,MAAM,EAAE,WAAW,gBAAgB,mCAAmC,EAAE,sBAAsB,CAAC;EAE/F,MAAM,+BAA+B,MAAM,gBAAgB,qCAAqC;GAC9F,6BAA6B;GAC7B,QAAQ,SAAS;GAClB,CAAC;EAEF,MAAM,EAAE,QAAQ,KAAK,iBAAiB,SAAS;AAG/C,MACE,OAAO,WAAW,kBAClB,OAAO,WAAW,eAClB,OAAO,WAAW,8BAClB,OAAO,WAAW,YAClB,OAAO,WAAW,eAElB,OAAM,IAAI,WAAW,qBAAqB,OAAO,OAAO,oBAAoB;EAG9E,MAAM,cAAc;GAClB,6BAA6B,6BAA6B;GAC1D,QAAQ,SAAS;GACjB,4BAA4B,6BAA6B,MACrD;IACE,QAAQ,6BAA6B,KAAK;IAC1C,SAAS,6BAA6B,IAAI,IAAI;IAC9C,QAAQ,6BAA6B,IAAI,IAAI;IAC9C,GACD;GACL;EAED,MAAM,YAAY,KAAK,0BACnB,MAAM,KAAK,kCAAkC,cAAc,IAAI,yBAAyB,gBAAgB,GACxG;EAEJ,MAAM,aAAa,MAAM,QAAQ,MAAM,KAAK,kBAAkB,cAAc,KAAK,OAAO,gBAAgB,GAAG;AAE3G,eAAa,OAAO,OAAO,MAAM,iCAAiC;AAClE,eAAa,OAAO,OAAO,MAAM,YAAY,qBAAqB,GAAG;AAErE,SAAO;GACL,GAAG;GACH,UAAU;IACR,gBAAgB,OAAO;IACvB,mBAAmB,OAAO;IAC3B;GACD,iBAAiB,WAAW,0BAA0B,YAAY;GAClE,sBAAsB,WAAW;GACjC,MAAM,YAAY;GACnB;;CAGH,AAAQ,2CAIN,qBACA,iBACA,oCACG;AAGH,MAAI,CAAC,mBAAmB,CAAC,mCAAoC,QAAO;AAEpE,MAAI,CAAC,mCACH,OAAM,IAAI,WACR,gKACD;AAGH,MAAI,CAAC,gBACH,OAAM,IAAI,WACR,0KACD;AAGH,MAAI,gBAAgB,WAAW,mCAAmC,OAChE,OAAM,IAAI,WACR,qMACD;EAGH,MAAMC,+BAA6E,EAAE;AAErF,kBAAgB,SAAS,sBAAsB,yBAAyB;GACtE,MAAM,EAAE,iBAAiB,mCAAmC;AAE5D,OAAI,CAAC,qBAAqB,gBAAgB,eAAe,SAAS,aAAa,CAC7E,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,yFAAyF,qBAAqB,gBAAgB,eAAe,KAAK,KAAK,GAC9P;AAGH,OAAI,CAAC,oBAAoB,cACvB,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,4EACvG;GAGH,MAAM,qBAAqB,oBAAoB,cAC5C,QAAQ,MAAM,EAAE,gBAAgB,YAAY,QAAQ,CACpD,KAAK,MAAM,EAAE,YAAY;AAE5B,OAAI,mBAAmB,SAAS,EAC9B,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,0BAA0B,mBAAmB,KAAK,KAAK,CAAC,UAAU,YAAY,QAAQ,qEAC7L;AAGH,OAAI,CAAC,6BAA6B,cAChC,8BAA6B,gBAAgB,EAAE;AAEjD,gCAA6B,cAAc,KAAK,qBAAqB;IACrE;EAEF,MAAM,qBAAqB,EACzB,GAAG,qBACJ;AACD,OAAK,MAAM,CAAC,cAAc,YAAY,OAAO,QAAQ,6BAA6B,EAAE;GAClF,MAAM,kBAAkB,QAAQ,QAC7B,mBAAmB,WACjB,MAAM,gBAAgB,+BAA+B,CAAC,UAAU,EAAE,QAChE,UAAU,CAAC,qBAAqB,kBAAkB,SAAS,MAAM,CACnE,EACH,OACD;AAED,OAAI,CAAC,mBAAmB,gBAAgB,WAAW,EACjD,OAAM,IAAI,WACR,wDAAwD,aAAa,iCAAiC,QAAQ,KAAK,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC,wDAC5J;GAGH,MAAM,oBAAoB,CAAC,SAAS,UAAU;GAC9C,MAAM,2BAA2B,kBAAkB,QAAQ,QAAQ,gBAAgB,SAAS,IAAI,CAAC;AACjG,OAAI,yBAAyB,WAAW,EACtC,OAAM,IAAI,WACR,kEAAkE,aAAa,iCAAiC,QAAQ,KAAK,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC,sEAAsE,gBAAgB,KAAK,KAAK,CAAC,4BAA4B,kBAAkB,KAAK,KAAK,CAAC,GAChU;GAKH,MAAM,CAAC,4BAA4B;GACnC,MAAM,wBAAwB,QAAQ,KAAK,UACzC,kBAAkB,YAAY,OAAO,KAAK,MAAM,SAAS,yBAAyB,CAAC,CACpF;AAED,sBAAmB,gBAAgB,mBAAmB,cAAc,KAAK,eAAe;AACtF,QAAI,WAAW,gBAAgB,YAAY,QAEzC,OAAM,IAAI,WACR,4BAA4B,WAAW,YAAY,oCAAoC,YAAY,QAAQ,GAC5G;AAGH,WAAO;KACL,GAAG;KACH,mBAAmB;MACjB,GAAI,WAAW,qBAAqB,EAAE;MACtC,yBAAyB;MACzB,6BAA6B;MAC9B;KACF;KACD;;AAGJ,SAAO;;CAGT,MAAa,2BACX,cACA,SACA;EACA,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;EACtD,MAAM,EAAE,6BAA6B,sBAAsB,MAAM,oBAAoB;EAErF,MAAM,kBAAkB,KAAK,mBAAmB,aAAa;EAC7D,MAAM,6BAA6B,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC;EACjG,MAAM,EAAE,UAAU;EAElB,IAAI,yBAAyB,iCAAiC,4BAA4B;AAK1F,MACE,0BAA0B,MAC1B,yBAAyB,OACxB,CAAC,4BAA4B,aAAa,4BAA4B,WAAW,WAAW,gBAAgB,EAE7G,0BAAyB;EAK3B,MAAMC,mBACJ,yBAAyB,KAAK,OAAO,0BAA0B,KAAK,eAAe;EAUrF,MAAM,WARiB,qBAAqB;GAC1C,cAAc,4BAA4B;GAC1C,UAAU,4BAA4B;GACtC,sBAAsB,4BAA4B;GAClD,QAAQ,QAAQ;GAChB,SAAS;GACV,CAAC,CAE8B;EAChC,MAAM,iBAAiB,qCAAqC,4BAA4B;EAExF,MAAM,wBACJ,4BAA4B,iBAAiB,mBAAmB,4BAA4B,cAAc;EAK5G,MAAM,WAAW,qBAAqB,QAAQ,iBAAiB,UAAU,QAAQ,WAAW;EAE5F,IAAIC,gBAAiC;AACrC,MAAI,uBAAuB;GAEzB,MAAM,iBAAiB,4BAA4B;AAEnD,OAAI,CAAC,eACH,OAAM,IAAI,WACR,8GACD;AAEH,OAAI,CAAC,eAAe,KAClB,OAAM,IAAI,WACR,qHACD;AAGH,mBAAgB,6BAA6B,eAAe,MAAM,EAChE,oBAAoB,CAAC,UAAU,EAChC,CAAC;AAEF,OAAI,CAAC,cACH,OAAM,IAAI,WAAW,sFAAsF;;EAI/G,IAAIC;AACJ,MAAI,qCAAqC,4BAA4B,EAAE;AACrE,OAAI,CAAC,QAAQ,OACX,OAAM,IAAI,WAAW,yFAAyF;AAGhH,OAAI,qBAAqB,KACvB,yBAAwB;IACtB,MAAM;IACN,QAAQ,QAAQ;IAChB,wBAAwB;IACxB,eAAe,gBAAgB,IAAI,UAAU,YAAY,cAAc,GAAG;IAC3E;OAED,yBAAwB;IACtB,MAAM;IACN;IACA,QAAQ,QAAQ;IAChB,wBAAwB;IACzB;SAEE;GACL,MAAM,cAAc,4BAA4B,gBAAgB,4BAA4B;AAC5F,OAAI,CAAC,YACH,OAAM,IAAI,WACR,4FACD;AAGH,OAAI,qBAAqB,KACvB,yBAAwB;IACtB,MAAM;IACN;IACA;IACA,wBAAwB;IACxB,eAAe,gBAAgB,IAAI,UAAU,YAAY,cAAc,GAAG;IAC3E;OAED,yBAAwB;IACtB,MAAM;IACN,oBAAoB;IACpB;IACA;IACA,wBAAwB;IACzB;;EAIL,IAAIC;EACJ,IAAIC,yBAAwE;EAE5E,MAAM,wBAAwB,4BAA4B,mBACtD,qBAAqB,EACnB,iBAAiB,4BAA4B,kBAC9C,CAAC,GACF;AAGJ,MAAI,4BAA4B,2BAA2B,sBAAsB;AAC/E,OAAI,CAAC,qBACH,OAAM,IAAI,WACR,oIACD;AAEH,OAAI,CAAC,4BAA4B,wBAC/B,OAAM,IAAI,WACR,6GACD;GAGH,MAAM,iCAAiC,KAAK,2CAC1C,qBAAqB,aACrB,uBACA,gBACD;GAED,MAAM,EAAE,wBAAwB,yBAAyB,mCACvD,MAAM,KAAK,4BAA4B,mBAAmB,cAAc;IACtE,+BAA+B;IAC/B,wBACE,4BAA4B;IAC9B,WAAW;IACX,QAAQ;IACR,gCAAgC,0CAA0C;IACnD;IACxB,CAAC;AAEJ,aACE,+BAA+B,WAAW,KAAK,yBAAyB,eAAe,IAAI,SAAS,MAChG,+BAA+B,KAC/B;AACN,4BAAyB;aAChB,4BAA4B,cAAc,MAAM;AACzD,OAAI,CAAC,4BAA4B,WAC/B,OAAM,IAAI,WAAW,kFAAkF;AAEzG,OAAI,CAAC,KACH,OAAM,IAAI,WACR,yGACD;GAGH,MAAM,iCAAiC,KAAK,2CAC1C,KAAK,aACL,uBACA,gBACD;GAED,MAAM,EAAE,4BAA4B,MAAM,KAAK,YAAY,mBAAmB,cAAc;IAC1F,6BAA6B;IAC7B,WAAW;IACX,QAAQ;IACe;IACxB,CAAC;AAEF,aAAU;AAGV,OAAI,qBAAqB,KACvB,WAAU,OAAO,YACf,OAAO,QAAQ,wBAAwB,CAAC,KAAK,CAAC,mBAAmB,mBAAmB;AAClF,QAAI,cAAc,SAAS,EACzB,OAAM,IAAI,WACR,6GAA6G,iBAAiB,IAC/H;AAGH,WAAO,CAAC,mBAAmB,cAAc,GAAG;KAC5C,CACH;QAGH,OAAM,IAAI,WAAW,sCAAsC;EAG7D,MAAM,WAAW,MAAM,gBAAgB,qCAAqC;GAC1E;GACA,QAAQ,QAAQ;GAChB,8BAA8B;IAC5B,UAAU;IACV,yBAAyB;IAC1B;GACD,MAAM,gBACF;IACE,YAAY;KAAE,OAAO;KAA4B,KAAK;KAAe;IACrE,gBAAgB;KACd,4CAA4C,EAAE;KAC9C,+CAA+C,CAAC,UAAU;KAC1D,+CAA+C;MAAC;MAAW;MAAW;MAAgB;KACvF;IACF,GACD;GACL,CAAC;EAEF,MAAM,+BAA+B,SAAS;EAG9C,MAAM,wBAAwB,SAAS,MAAM,cACzC,EAAE,UAAU,SAAS,KAAK,aAAa,GACvC;AAKJ,MAAI,qCAAqC,4BAA4B,CACnE,QAAO;GACL,IAAI;GACJ;GACA;GACD;EAKH,MAAM,SAAS,MAAM,gBAAgB,qCAAqC;GACxE;GACA,8BAA8B,SAAS;GACvC,MAAM,SAAS,OAAO,EAAE,aAAa,SAAS,KAAK,aAAa,GAAG;GACpE,CAAC;EAEF,MAAM,eAAe,MAAM,OAAO,SAC/B,OAAO,CACP,MAAM,CACN,YAAY,KAAK;EAEpB,MAAM,eAAgB,MAAM,OAAO,SAChC,OAAO,CACP,MAAM,CACN,YAAY,KAAK;AAEpB,MAAI,CAAC,OAAO,SAAS,GACnB,QAAO;GACL,IAAI;GACJ,gBAAgB;IACd,QAAQ,OAAO,SAAS;IACxB,MAAM,gBAAgB;IACvB;GACD;GACA;GACD;AAGH,SAAO;GACL,IAAI;GACJ,gBAAgB;IACd,QAAQ,OAAO,SAAS;IACxB,MAAM,gBAAgB,EAAE;IACzB;GACD;GACA;GACA,aAAa,cAAc;GAC3B,mCAAmC,cAAc;GAClD;;;qCA3hBJ,YAAY"}
1	+ {"version":3,"file":"OpenId4vpHolderService.mjs","names":["OpenId4VpHolderService","presentationExchangeService: DifPresentationExchangeService","dcqlService: DcqlService","credentialsToTransactionData: Record<string, ParsedTransactionDataEntry[]>","openid4vpVersion: OpenId4VpVersion","encryptionJwk: Jwk \| undefined","mdocSessionTranscript: MdocSessionTranscriptOptions","vpToken: VpToken","presentationSubmission: DifPresentationExchangeSubmission \| undefined"],"sources":["../../src/openid4vc-holder/OpenId4vpHolderService.ts"],"sourcesContent":["import type {\n AgentContext,\n DcqlCredentialsForRequest,\n DifPexInputDescriptorToCredentials,\n DifPresentationExchangeDefinition,\n DifPresentationExchangeSubmission,\n EncodedX509Certificate,\n HashName,\n MdocSessionTranscriptOptions,\n} from '@credo-ts/core'\nimport {\n ClaimFormat,\n CredoError,\n DcqlService,\n DifPresentationExchangeService,\n DifPresentationExchangeSubmissionLocation,\n Hasher,\n injectable,\n Kms,\n TypedArrayEncoder,\n} from '@credo-ts/core'\nimport type { Jwk } from '@openid4vc/oauth2'\nimport {\n extractEncryptionJwkFromJwks,\n getOpenid4vpClientId,\n isJarmResponseMode,\n isOpenid4vpAuthorizationRequestDcApi,\n type Openid4vpAuthorizationResponse,\n Openid4vpClient,\n parseAuthorizationRequestVersion,\n parseTransactionData,\n type VpToken,\n} from '@openid4vc/openid4vp'\nimport type { OpenId4VpVersion } from '../openid4vc-verifier'\nimport { getOid4vcCallbacks } from '../shared/callbacks'\nimport type {\n OpenId4VpAcceptAuthorizationRequestOptions,\n OpenId4VpResolvedAuthorizationRequest,\n ParsedTransactionDataEntry,\n ResolveOpenId4VpAuthorizationRequestOptions,\n} from './OpenId4vpHolderServiceOptions'\n\n@injectable()\nexport class OpenId4VpHolderService {\n public constructor(\n private presentationExchangeService: DifPresentationExchangeService,\n private dcqlService: DcqlService\n ) {}\n\n private getOpenid4vpClient(\n agentContext: AgentContext,\n options?: { trustedCertificates?: EncodedX509Certificate[]; isVerifyOpenId4VpAuthorizationRequest?: boolean }\n ) {\n const callbacks = getOid4vcCallbacks(agentContext, {\n trustedCertificates: options?.trustedCertificates,\n isVerifyOpenId4VpAuthorizationRequest: options?.isVerifyOpenId4VpAuthorizationRequest,\n })\n return new Openid4vpClient({ callbacks })\n }\n\n private async handlePresentationExchangeRequest(\n agentContext: AgentContext,\n _presentationDefinition: unknown,\n transactionData?: ParsedTransactionDataEntry[]\n ) {\n const presentationDefinition = _presentationDefinition as DifPresentationExchangeDefinition\n this.presentationExchangeService.validatePresentationDefinition(presentationDefinition)\n\n const presentationExchange = {\n definition: presentationDefinition,\n credentialsForRequest: await this.presentationExchangeService.getCredentialsForRequest(\n agentContext,\n presentationDefinition\n ),\n }\n\n const availableCredentialIds = presentationExchange.credentialsForRequest.requirements.flatMap((requirement) =>\n requirement.submissionEntry.map((entry) => entry.inputDescriptorId)\n )\n\n // for each transaction data entry, get all credentials that can be used to sign the respective transaction\n const matchedTransactionData = transactionData?.map((entry) => ({\n entry,\n matchedCredentialIds: entry.transactionData.credential_ids.filter((credentialId) =>\n availableCredentialIds.includes(credentialId)\n ),\n }))\n\n return { pex: presentationExchange, matchedTransactionData }\n }\n\n private async handleDcqlRequest(\n agentContext: AgentContext,\n dcql: unknown,\n transactionData?: ParsedTransactionDataEntry[]\n ) {\n const dcqlQuery = this.dcqlService.validateDcqlQuery(dcql)\n const dcqlQueryResult = await this.dcqlService.getCredentialsForRequest(agentContext, dcqlQuery)\n\n // for each transaction data entry, get all credentials that can fore used to sign the respective transaction\n const matchedTransactionData = transactionData?.map((entry) => ({\n entry,\n matchedCredentialIds: entry.transactionData.credential_ids.filter(\n (credentialId) => dcqlQueryResult.credential_matches[credentialId].success\n ),\n }))\n\n return { dcql: { queryResult: dcqlQueryResult }, matchedTransactionData }\n }\n\n public async resolveAuthorizationRequest(\n agentContext: AgentContext,\n /*\n Can be:\n * - JWT\n * - URI containing request or request_uri param\n * - Request payload\n */\n authorizationRequest: string \| Record<string, unknown>,\n options?: ResolveOpenId4VpAuthorizationRequestOptions\n ): Promise<OpenId4VpResolvedAuthorizationRequest> {\n const openid4vpClient = this.getOpenid4vpClient(agentContext, {\n trustedCertificates: options?.trustedCertificates,\n isVerifyOpenId4VpAuthorizationRequest: true,\n })\n const { params } = openid4vpClient.parseOpenid4vpAuthorizationRequest({ authorizationRequest })\n\n const verifiedAuthorizationRequest = await openid4vpClient.resolveOpenId4vpAuthorizationRequest({\n authorizationRequestPayload: params,\n origin: options?.origin,\n })\n\n const { client, pex, transactionData, dcql } = verifiedAuthorizationRequest\n\n // Prefix on client is normalized, so also includes did/web-orgin\n if (\n client.prefix !== 'x509_san_dns' &&\n client.prefix !== 'x509_hash' &&\n client.prefix !== 'decentralized_identifier' &&\n client.prefix !== 'origin' &&\n client.prefix !== 'redirect_uri'\n ) {\n throw new CredoError(`Client id prefix '${client.prefix}' is not supported`)\n }\n\n const returnValue = {\n authorizationRequestPayload: verifiedAuthorizationRequest.authorizationRequestPayload,\n origin: options?.origin,\n signedAuthorizationRequest: verifiedAuthorizationRequest.jar\n ? {\n signer: verifiedAuthorizationRequest.jar?.signer,\n payload: verifiedAuthorizationRequest.jar.jwt.payload,\n header: verifiedAuthorizationRequest.jar.jwt.header,\n }\n : undefined,\n }\n\n const pexResult = pex?.presentation_definition\n ? await this.handlePresentationExchangeRequest(agentContext, pex.presentation_definition, transactionData)\n : undefined\n\n const dcqlResult = dcql?.query ? await this.handleDcqlRequest(agentContext, dcql.query, transactionData) : undefined\n\n agentContext.config.logger.debug('verified Authorization Request')\n agentContext.config.logger.debug(`request '${authorizationRequest}'`)\n\n return {\n ...returnValue,\n verifier: {\n clientIdPrefix: client.prefix,\n effectiveClientId: client.effective,\n },\n transactionData: pexResult?.matchedTransactionData ?? dcqlResult?.matchedTransactionData,\n presentationExchange: pexResult?.pex,\n dcql: dcqlResult?.dcql,\n }\n }\n\n private extendCredentialsWithTransactionDataHashes<\n T extends DifPexInputDescriptorToCredentials \| DcqlCredentialsForRequest,\n >(\n // Either PEX or DCQL\n selectedCredentials: T,\n transactionData?: ParsedTransactionDataEntry[],\n selectedTransactionDataCredentials?: Array<{ credentialId: string }>\n ): T {\n // TODO: it would make sense for oid4vc to also handle this validation logic, but it would require\n // knowledge of PEX / DCQL...\n if (!transactionData && !selectedTransactionDataCredentials) return selectedCredentials\n\n if (!selectedTransactionDataCredentials) {\n throw new CredoError(\n 'Authorization request contains transaction data entries, but no credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method.'\n )\n }\n\n if (!transactionData) {\n throw new CredoError(\n 'Authorization request doe not contains transaction data entries, but credentail ids were provided to sign transaction data hashes in acceptAuthorizationRequest method.'\n )\n }\n\n if (transactionData.length !== selectedTransactionDataCredentials.length) {\n throw new CredoError(\n 'Credential ids to sign transaction data hashes provided in acceptAuthorizationRequest method, but the length does not match the number of transaction data entries from the authorization request.'\n )\n }\n\n const credentialsToTransactionData: Record<string, ParsedTransactionDataEntry[]> = {}\n\n transactionData.forEach((transactionDataEntry, transactionDataIndex) => {\n const { credentialId } = selectedTransactionDataCredentials[transactionDataIndex]\n\n if (!transactionDataEntry.transactionData.credential_ids.includes(credentialId)) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' is not present in allowed credential ids for transaction. Allowed credential ids are ${transactionDataEntry.transactionData.credential_ids.join(', ')}`\n )\n }\n\n if (!selectedCredentials[credentialId]) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}', but credential is not included in the credentials for the presentation.`\n )\n }\n\n const unsupportedFormats = selectedCredentials[credentialId]\n .filter((c) => c.claimFormat !== ClaimFormat.SdJwtDc)\n .map((c) => c.claimFormat)\n\n if (unsupportedFormats.length > 0) {\n throw new CredoError(\n `Credential id '${credentialId}' selected to sign transaction data with index '${transactionDataIndex}' unsupported format(s) ${unsupportedFormats.join(', ')}. Only '${ClaimFormat.SdJwtDc}' is supported for transaction data signing in Credo at the moment.`\n )\n }\n\n if (!credentialsToTransactionData[credentialId]) {\n credentialsToTransactionData[credentialId] = []\n }\n credentialsToTransactionData[credentialId].push(transactionDataEntry)\n })\n\n const updatedCredentials = {\n ...selectedCredentials,\n }\n for (const [credentialId, entries] of Object.entries(credentialsToTransactionData)) {\n const allowedHashAlgs = entries.reduce<string[] \| undefined>(\n (allowedHashValues, entry) =>\n (entry.transactionData.transaction_data_hashes_alg ?? ['sha-256']).filter(\n (value) => !allowedHashValues \|\| allowedHashValues.includes(value)\n ),\n undefined\n )\n\n if (!allowedHashAlgs \|\| allowedHashAlgs.length === 0) {\n throw new CredoError(\n `Unable to determine hash alg for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}, no common 'transaction_data_hashes_alg' value found.`\n )\n }\n\n const supportedHashAlgs = ['sha-1', 'sha-256'] satisfies HashName[]\n const supportedAllowedHashAlgs = supportedHashAlgs.filter((alg) => allowedHashAlgs.includes(alg))\n if (supportedAllowedHashAlgs.length === 0) {\n throw new CredoError(\n `Unable to create transaction data hash for credential with id '${credentialId}' and transaction data indexes ${entries.map((e) => e.transactionDataIndex).join(' ')}. None of the common allowed hash algorithms is supported by Credo: ${allowedHashAlgs.join(', ')}. Supported hash algs are ${supportedHashAlgs.join(', ')}.`\n )\n }\n\n // Not required, but we include it by default as otherwise we need to look at all entries to\n // see if any specified an alg array\n const [transactionDataHahsesAlg] = supportedAllowedHashAlgs\n const transactionDataHashes = entries.map((entry) =>\n TypedArrayEncoder.toBase64URL(Hasher.hash(entry.encoded, transactionDataHahsesAlg))\n )\n\n updatedCredentials[credentialId] = updatedCredentials[credentialId].map((credential) => {\n if (credential.claimFormat !== ClaimFormat.SdJwtDc) {\n // We already verified this above\n throw new CredoError(\n `Unexpected claim format '${credential.claimFormat}' for transaction data, expected '${ClaimFormat.SdJwtDc}'`\n )\n }\n\n return {\n ...credential,\n additionalPayload: {\n ...(credential.additionalPayload ?? {}),\n transaction_data_hashes: transactionDataHashes,\n transaction_data_hashes_alg: transactionDataHahsesAlg,\n },\n }\n })\n }\n\n return updatedCredentials\n }\n\n public async acceptAuthorizationRequest(\n agentContext: AgentContext,\n options: OpenId4VpAcceptAuthorizationRequestOptions\n ) {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n const { authorizationRequestPayload, presentationExchange, dcql, transactionData } = options\n\n const openid4vpClient = this.getOpenid4vpClient(agentContext)\n const authorizationResponseNonce = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }))\n const { nonce } = authorizationRequestPayload\n\n let openid4vpVersionNumber = parseAuthorizationRequestVersion(authorizationRequestPayload)\n\n // It's hard to detect draft 24 for x509_san_dns/unsigned dc-api. In draft 27 a new vp_formats structure was introduced\n // so if the client id prefix is 'x509_san_dns' or there's no client_id and still uses the old vp_formats structure, we parse it\n // as draft 24 (to at least ensure compatibility with credo)\n if (\n openid4vpVersionNumber >= 24 &&\n openid4vpVersionNumber < 27 &&\n (!authorizationRequestPayload.client_id \|\| authorizationRequestPayload.client_id?.startsWith('x509_san_dns:'))\n ) {\n openid4vpVersionNumber = 24\n }\n\n // We mainly support draft 21/24 and 1.0, but we try to parse in-between versions\n // as one of the supported versions, to not throw errors even before trying.\n const openid4vpVersion: OpenId4VpVersion =\n openid4vpVersionNumber > 24 ? 'v1' : openid4vpVersionNumber <= 21 ? 'v1.draft21' : 'v1.draft24'\n\n const parsedClientId = getOpenid4vpClientId({\n responseMode: authorizationRequestPayload.response_mode,\n clientId: authorizationRequestPayload.client_id,\n legacyClientIdScheme: authorizationRequestPayload.client_id_scheme,\n origin: options.origin,\n version: openid4vpVersionNumber,\n })\n\n const clientId = parsedClientId.effectiveClientId\n const isDcApiRequest = isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)\n\n const shouldEncryptResponse =\n authorizationRequestPayload.response_mode && isJarmResponseMode(authorizationRequestPayload.response_mode)\n\n // TODO: we should return the effectiveAudience in the returned value of openid4vp lib\n // Since it differs based on the version of openid4vp used\n // NOTE: in v1 DC API request the audience is always origin: (not the client id)\n const audience = openid4vpVersion === 'v1' && isDcApiRequest ? `origin:${options.origin}` : clientId\n\n let encryptionJwk: Jwk \| undefined\n if (shouldEncryptResponse) {\n // NOTE: Once we add support for federation we need to require the clientMetadata as input to the accept method.\n const clientMetadata = authorizationRequestPayload.client_metadata\n\n if (!clientMetadata) {\n throw new CredoError(\n \"Authorization request payload does not contain 'client_metadata' needed to extract response encryption JWK.\"\n )\n }\n if (!clientMetadata.jwks) {\n throw new CredoError(\n \"Authorization request payload 'client_metadata' does not contain 'jwks' needed to extract response encryption JWK.\"\n )\n }\n\n encryptionJwk = extractEncryptionJwkFromJwks(clientMetadata.jwks, {\n supportedAlgValues: ['ECDH-ES'],\n })\n\n if (!encryptionJwk) {\n throw new CredoError(\"Unable to extract encryption JWK from 'client_metadata' for supported alg 'ECDH-ES'\")\n }\n }\n\n let mdocSessionTranscript: MdocSessionTranscriptOptions\n if (isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {\n if (!options.origin) {\n throw new CredoError('Missing required parameter `origin` parameter for accepting openid4vp dc api requests.')\n }\n\n if (openid4vpVersion === 'v1') {\n mdocSessionTranscript = {\n type: 'openId4VpDcApi',\n origin: options.origin,\n verifierGeneratedNonce: nonce,\n encryptionJwk: encryptionJwk ? Kms.PublicJwk.fromUnknown(encryptionJwk) : undefined,\n }\n } else {\n mdocSessionTranscript = {\n type: 'openId4VpDcApiDraft24',\n clientId,\n origin: options.origin,\n verifierGeneratedNonce: nonce,\n }\n }\n } else {\n const responseUri = authorizationRequestPayload.response_uri ?? authorizationRequestPayload.redirect_uri\n if (!responseUri) {\n throw new CredoError(\n 'Missing required parameter `response_uri` or `redirect_uri` in the authorization request.'\n )\n }\n\n if (openid4vpVersion === 'v1') {\n mdocSessionTranscript = {\n type: 'openId4Vp',\n responseUri,\n clientId,\n verifierGeneratedNonce: nonce,\n encryptionJwk: encryptionJwk ? Kms.PublicJwk.fromUnknown(encryptionJwk) : undefined,\n }\n } else {\n mdocSessionTranscript = {\n type: 'openId4VpDraft18',\n mdocGeneratedNonce: authorizationResponseNonce,\n responseUri,\n clientId,\n verifierGeneratedNonce: nonce,\n }\n }\n }\n\n let vpToken: VpToken\n let presentationSubmission: DifPresentationExchangeSubmission \| undefined\n\n const parsedTransactionData = authorizationRequestPayload.transaction_data\n ? parseTransactionData({\n transactionData: authorizationRequestPayload.transaction_data,\n })\n : undefined\n\n // Handle presentation exchange part\n if (authorizationRequestPayload.presentation_definition \|\| presentationExchange) {\n if (!presentationExchange) {\n throw new CredoError(\n 'Authorization request included presentation definition. `presentationExchange` MUST be supplied to accept authorization requests.'\n )\n }\n if (!authorizationRequestPayload.presentation_definition) {\n throw new CredoError(\n '`presentationExchange` was supplied, but no presentation definition was found in the presentation request.'\n )\n }\n\n const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(\n presentationExchange.credentials,\n parsedTransactionData,\n transactionData\n )\n\n const { presentationSubmission: _presentationSubmission, encodedVerifiablePresentations } =\n await this.presentationExchangeService.createPresentation(agentContext, {\n credentialsForInputDescriptor: credentialsWithTransactionData,\n presentationDefinition:\n authorizationRequestPayload.presentation_definition as unknown as DifPresentationExchangeDefinition,\n challenge: nonce,\n domain: audience,\n presentationSubmissionLocation: DifPresentationExchangeSubmissionLocation.EXTERNAL,\n mdocSessionTranscript: mdocSessionTranscript,\n })\n\n vpToken =\n encodedVerifiablePresentations.length === 1 && _presentationSubmission?.descriptor_map[0]?.path === '$'\n ? encodedVerifiablePresentations[0]\n : encodedVerifiablePresentations\n presentationSubmission = _presentationSubmission\n } else if (authorizationRequestPayload.dcql_query \|\| dcql) {\n if (!authorizationRequestPayload.dcql_query) {\n throw new CredoError(`'dcql' was supplied, but no dcql request was found in the presentation request.`)\n }\n if (!dcql) {\n throw new CredoError(\n `Authorization request included dcql request. 'dcql' MUST be supplied to accept authorization requests.`\n )\n }\n\n const credentialsWithTransactionData = this.extendCredentialsWithTransactionDataHashes(\n dcql.credentials,\n parsedTransactionData,\n transactionData\n )\n\n const { encodedDcqlPresentation } = await this.dcqlService.createPresentation(agentContext, {\n credentialQueryToCredential: credentialsWithTransactionData,\n challenge: nonce,\n domain: audience,\n mdocSessionTranscript: mdocSessionTranscript,\n })\n\n vpToken = encodedDcqlPresentation\n\n // Pre 1.0 the vp_token directly maps from query id to presentation instead of array\n if (openid4vpVersion !== 'v1') {\n vpToken = Object.fromEntries(\n Object.entries(encodedDcqlPresentation).map(([credentialQueryId, presentations]) => {\n if (presentations.length > 1) {\n throw new CredoError(\n `Multiple presentations for a single dcql query credential are not supported when using OpenID4VP version '${openid4vpVersion}'.`\n )\n }\n\n return [credentialQueryId, presentations[0]]\n })\n )\n }\n } else {\n throw new CredoError('Either pex or dcql must be provided')\n }\n\n const response = await openid4vpClient.createOpenid4vpAuthorizationResponse({\n authorizationRequestPayload,\n origin: options.origin,\n authorizationResponsePayload: {\n vp_token: vpToken,\n presentation_submission: presentationSubmission,\n },\n jarm: encryptionJwk\n ? {\n encryption: { nonce: authorizationResponseNonce, jwk: encryptionJwk },\n serverMetadata: {\n authorization_signing_alg_values_supported: [],\n authorization_encryption_alg_values_supported: ['ECDH-ES'],\n authorization_encryption_enc_values_supported: ['A128GCM', 'A256GCM', 'A128CBC-HS256'],\n },\n }\n : undefined,\n })\n\n const authorizationResponsePayload = response.authorizationResponsePayload as Openid4vpAuthorizationResponse & {\n presentation_submission?: DifPresentationExchangeSubmission\n }\n const authorizationResponse = response.jarm?.responseJwt\n ? { response: response.jarm.responseJwt }\n : authorizationResponsePayload\n\n // TODO: we should include more typing here that the user\n // still needs to submit the response. or as we discussed, split\n // this method up in create and submit\n if (isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {\n return {\n ok: true,\n authorizationResponse,\n authorizationResponsePayload,\n } as const\n }\n\n // TODO: parse response in openi4vp library so we can have typed error\n // as well as typed response (with redirect_uri/presentation_during_issuance_session)\n const result = await openid4vpClient.submitOpenid4vpAuthorizationResponse({\n authorizationRequestPayload,\n authorizationResponsePayload: response.authorizationResponsePayload,\n jarm: response.jarm ? { responseJwt: response.jarm.responseJwt } : undefined,\n })\n\n const responseText = await result.response\n .clone()\n .text()\n .catch(() => null)\n\n const responseJson = (await result.response\n .clone()\n .json()\n .catch(() => null)) as null \| Record<string, unknown>\n\n if (!result.response.ok) {\n return {\n ok: false,\n serverResponse: {\n status: result.response.status,\n body: responseJson ?? responseText,\n },\n authorizationResponse,\n authorizationResponsePayload,\n } as const\n }\n\n return {\n ok: true,\n serverResponse: {\n status: result.response.status,\n body: responseJson ?? {},\n },\n authorizationResponse,\n authorizationResponsePayload,\n redirectUri: responseJson?.redirect_uri as string \| undefined,\n presentationDuringIssuanceSession: responseJson?.presentation_during_issuance_session as string \| undefined,\n } as const\n }\n}\n"],"mappings":";;;;;;;;AA2CO,mCAAMA,yBAAuB;CAClC,AAAO,YACL,AAAQC,6BACR,AAAQC,aACR;EAFQ;EACA;;CAGV,AAAQ,mBACN,cACA,SACA;AAKA,SAAO,IAAI,gBAAgB,EAAE,WAJX,mBAAmB,cAAc;GACjD,qBAAqB,SAAS;GAC9B,uCAAuC,SAAS;GACjD,CAAC,EACsC,CAAC;;CAG3C,MAAc,kCACZ,cACA,yBACA,iBACA;EACA,MAAM,yBAAyB;AAC/B,OAAK,4BAA4B,+BAA+B,uBAAuB;EAEvF,MAAM,uBAAuB;GAC3B,YAAY;GACZ,uBAAuB,MAAM,KAAK,4BAA4B,yBAC5D,cACA,uBACD;GACF;EAED,MAAM,yBAAyB,qBAAqB,sBAAsB,aAAa,SAAS,gBAC9F,YAAY,gBAAgB,KAAK,UAAU,MAAM,kBAAkB,CACpE;AAUD,SAAO;GAAE,KAAK;GAAsB,wBAPL,iBAAiB,KAAK,WAAW;IAC9D;IACA,sBAAsB,MAAM,gBAAgB,eAAe,QAAQ,iBACjE,uBAAuB,SAAS,aAAa,CAC9C;IACF,EAAE;GAEyD;;CAG9D,MAAc,kBACZ,cACA,MACA,iBACA;EACA,MAAM,YAAY,KAAK,YAAY,kBAAkB,KAAK;EAC1D,MAAM,kBAAkB,MAAM,KAAK,YAAY,yBAAyB,cAAc,UAAU;EAGhG,MAAM,yBAAyB,iBAAiB,KAAK,WAAW;GAC9D;GACA,sBAAsB,MAAM,gBAAgB,eAAe,QACxD,iBAAiB,gBAAgB,mBAAmB,cAAc,QACpE;GACF,EAAE;AAEH,SAAO;GAAE,MAAM,EAAE,aAAa,iBAAiB;GAAE;GAAwB;;CAG3E,MAAa,4BACX,cAOA,sBACA,SACgD;EAChD,MAAM,kBAAkB,KAAK,mBAAmB,cAAc;GAC5D,qBAAqB,SAAS;GAC9B,uCAAuC;GACxC,CAAC;EACF,MAAM,EAAE,WAAW,gBAAgB,mCAAmC,EAAE,sBAAsB,CAAC;EAE/F,MAAM,+BAA+B,MAAM,gBAAgB,qCAAqC;GAC9F,6BAA6B;GAC7B,QAAQ,SAAS;GAClB,CAAC;EAEF,MAAM,EAAE,QAAQ,KAAK,iBAAiB,SAAS;AAG/C,MACE,OAAO,WAAW,kBAClB,OAAO,WAAW,eAClB,OAAO,WAAW,8BAClB,OAAO,WAAW,YAClB,OAAO,WAAW,eAElB,OAAM,IAAI,WAAW,qBAAqB,OAAO,OAAO,oBAAoB;EAG9E,MAAM,cAAc;GAClB,6BAA6B,6BAA6B;GAC1D,QAAQ,SAAS;GACjB,4BAA4B,6BAA6B,MACrD;IACE,QAAQ,6BAA6B,KAAK;IAC1C,SAAS,6BAA6B,IAAI,IAAI;IAC9C,QAAQ,6BAA6B,IAAI,IAAI;IAC9C,GACD;GACL;EAED,MAAM,YAAY,KAAK,0BACnB,MAAM,KAAK,kCAAkC,cAAc,IAAI,yBAAyB,gBAAgB,GACxG;EAEJ,MAAM,aAAa,MAAM,QAAQ,MAAM,KAAK,kBAAkB,cAAc,KAAK,OAAO,gBAAgB,GAAG;AAE3G,eAAa,OAAO,OAAO,MAAM,iCAAiC;AAClE,eAAa,OAAO,OAAO,MAAM,YAAY,qBAAqB,GAAG;AAErE,SAAO;GACL,GAAG;GACH,UAAU;IACR,gBAAgB,OAAO;IACvB,mBAAmB,OAAO;IAC3B;GACD,iBAAiB,WAAW,0BAA0B,YAAY;GAClE,sBAAsB,WAAW;GACjC,MAAM,YAAY;GACnB;;CAGH,AAAQ,2CAIN,qBACA,iBACA,oCACG;AAGH,MAAI,CAAC,mBAAmB,CAAC,mCAAoC,QAAO;AAEpE,MAAI,CAAC,mCACH,OAAM,IAAI,WACR,gKACD;AAGH,MAAI,CAAC,gBACH,OAAM,IAAI,WACR,0KACD;AAGH,MAAI,gBAAgB,WAAW,mCAAmC,OAChE,OAAM,IAAI,WACR,qMACD;EAGH,MAAMC,+BAA6E,EAAE;AAErF,kBAAgB,SAAS,sBAAsB,yBAAyB;GACtE,MAAM,EAAE,iBAAiB,mCAAmC;AAE5D,OAAI,CAAC,qBAAqB,gBAAgB,eAAe,SAAS,aAAa,CAC7E,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,yFAAyF,qBAAqB,gBAAgB,eAAe,KAAK,KAAK,GAC9P;AAGH,OAAI,CAAC,oBAAoB,cACvB,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,4EACvG;GAGH,MAAM,qBAAqB,oBAAoB,cAC5C,QAAQ,MAAM,EAAE,gBAAgB,YAAY,QAAQ,CACpD,KAAK,MAAM,EAAE,YAAY;AAE5B,OAAI,mBAAmB,SAAS,EAC9B,OAAM,IAAI,WACR,kBAAkB,aAAa,kDAAkD,qBAAqB,0BAA0B,mBAAmB,KAAK,KAAK,CAAC,UAAU,YAAY,QAAQ,qEAC7L;AAGH,OAAI,CAAC,6BAA6B,cAChC,8BAA6B,gBAAgB,EAAE;AAEjD,gCAA6B,cAAc,KAAK,qBAAqB;IACrE;EAEF,MAAM,qBAAqB,EACzB,GAAG,qBACJ;AACD,OAAK,MAAM,CAAC,cAAc,YAAY,OAAO,QAAQ,6BAA6B,EAAE;GAClF,MAAM,kBAAkB,QAAQ,QAC7B,mBAAmB,WACjB,MAAM,gBAAgB,+BAA+B,CAAC,UAAU,EAAE,QAChE,UAAU,CAAC,qBAAqB,kBAAkB,SAAS,MAAM,CACnE,EACH,OACD;AAED,OAAI,CAAC,mBAAmB,gBAAgB,WAAW,EACjD,OAAM,IAAI,WACR,wDAAwD,aAAa,iCAAiC,QAAQ,KAAK,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC,wDAC5J;GAGH,MAAM,oBAAoB,CAAC,SAAS,UAAU;GAC9C,MAAM,2BAA2B,kBAAkB,QAAQ,QAAQ,gBAAgB,SAAS,IAAI,CAAC;AACjG,OAAI,yBAAyB,WAAW,EACtC,OAAM,IAAI,WACR,kEAAkE,aAAa,iCAAiC,QAAQ,KAAK,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC,sEAAsE,gBAAgB,KAAK,KAAK,CAAC,4BAA4B,kBAAkB,KAAK,KAAK,CAAC,GAChU;GAKH,MAAM,CAAC,4BAA4B;GACnC,MAAM,wBAAwB,QAAQ,KAAK,UACzC,kBAAkB,YAAY,OAAO,KAAK,MAAM,SAAS,yBAAyB,CAAC,CACpF;AAED,sBAAmB,gBAAgB,mBAAmB,cAAc,KAAK,eAAe;AACtF,QAAI,WAAW,gBAAgB,YAAY,QAEzC,OAAM,IAAI,WACR,4BAA4B,WAAW,YAAY,oCAAoC,YAAY,QAAQ,GAC5G;AAGH,WAAO;KACL,GAAG;KACH,mBAAmB;MACjB,GAAI,WAAW,qBAAqB,EAAE;MACtC,yBAAyB;MACzB,6BAA6B;MAC9B;KACF;KACD;;AAGJ,SAAO;;CAGT,MAAa,2BACX,cACA,SACA;EACA,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;EACtD,MAAM,EAAE,6BAA6B,sBAAsB,MAAM,oBAAoB;EAErF,MAAM,kBAAkB,KAAK,mBAAmB,aAAa;EAC7D,MAAM,6BAA6B,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC;EACjG,MAAM,EAAE,UAAU;EAElB,IAAI,yBAAyB,iCAAiC,4BAA4B;AAK1F,MACE,0BAA0B,MAC1B,yBAAyB,OACxB,CAAC,4BAA4B,aAAa,4BAA4B,WAAW,WAAW,gBAAgB,EAE7G,0BAAyB;EAK3B,MAAMC,mBACJ,yBAAyB,KAAK,OAAO,0BAA0B,KAAK,eAAe;EAUrF,MAAM,WARiB,qBAAqB;GAC1C,cAAc,4BAA4B;GAC1C,UAAU,4BAA4B;GACtC,sBAAsB,4BAA4B;GAClD,QAAQ,QAAQ;GAChB,SAAS;GACV,CAAC,CAE8B;EAChC,MAAM,iBAAiB,qCAAqC,4BAA4B;EAExF,MAAM,wBACJ,4BAA4B,iBAAiB,mBAAmB,4BAA4B,cAAc;EAK5G,MAAM,WAAW,qBAAqB,QAAQ,iBAAiB,UAAU,QAAQ,WAAW;EAE5F,IAAIC;AACJ,MAAI,uBAAuB;GAEzB,MAAM,iBAAiB,4BAA4B;AAEnD,OAAI,CAAC,eACH,OAAM,IAAI,WACR,8GACD;AAEH,OAAI,CAAC,eAAe,KAClB,OAAM,IAAI,WACR,qHACD;AAGH,mBAAgB,6BAA6B,eAAe,MAAM,EAChE,oBAAoB,CAAC,UAAU,EAChC,CAAC;AAEF,OAAI,CAAC,cACH,OAAM,IAAI,WAAW,sFAAsF;;EAI/G,IAAIC;AACJ,MAAI,qCAAqC,4BAA4B,EAAE;AACrE,OAAI,CAAC,QAAQ,OACX,OAAM,IAAI,WAAW,yFAAyF;AAGhH,OAAI,qBAAqB,KACvB,yBAAwB;IACtB,MAAM;IACN,QAAQ,QAAQ;IAChB,wBAAwB;IACxB,eAAe,gBAAgB,IAAI,UAAU,YAAY,cAAc,GAAG;IAC3E;OAED,yBAAwB;IACtB,MAAM;IACN;IACA,QAAQ,QAAQ;IAChB,wBAAwB;IACzB;SAEE;GACL,MAAM,cAAc,4BAA4B,gBAAgB,4BAA4B;AAC5F,OAAI,CAAC,YACH,OAAM,IAAI,WACR,4FACD;AAGH,OAAI,qBAAqB,KACvB,yBAAwB;IACtB,MAAM;IACN;IACA;IACA,wBAAwB;IACxB,eAAe,gBAAgB,IAAI,UAAU,YAAY,cAAc,GAAG;IAC3E;OAED,yBAAwB;IACtB,MAAM;IACN,oBAAoB;IACpB;IACA;IACA,wBAAwB;IACzB;;EAIL,IAAIC;EACJ,IAAIC;EAEJ,MAAM,wBAAwB,4BAA4B,mBACtD,qBAAqB,EACnB,iBAAiB,4BAA4B,kBAC9C,CAAC,GACF;AAGJ,MAAI,4BAA4B,2BAA2B,sBAAsB;AAC/E,OAAI,CAAC,qBACH,OAAM,IAAI,WACR,oIACD;AAEH,OAAI,CAAC,4BAA4B,wBAC/B,OAAM,IAAI,WACR,6GACD;GAGH,MAAM,iCAAiC,KAAK,2CAC1C,qBAAqB,aACrB,uBACA,gBACD;GAED,MAAM,EAAE,wBAAwB,yBAAyB,mCACvD,MAAM,KAAK,4BAA4B,mBAAmB,cAAc;IACtE,+BAA+B;IAC/B,wBACE,4BAA4B;IAC9B,WAAW;IACX,QAAQ;IACR,gCAAgC,0CAA0C;IACnD;IACxB,CAAC;AAEJ,aACE,+BAA+B,WAAW,KAAK,yBAAyB,eAAe,IAAI,SAAS,MAChG,+BAA+B,KAC/B;AACN,4BAAyB;aAChB,4BAA4B,cAAc,MAAM;AACzD,OAAI,CAAC,4BAA4B,WAC/B,OAAM,IAAI,WAAW,kFAAkF;AAEzG,OAAI,CAAC,KACH,OAAM,IAAI,WACR,yGACD;GAGH,MAAM,iCAAiC,KAAK,2CAC1C,KAAK,aACL,uBACA,gBACD;GAED,MAAM,EAAE,4BAA4B,MAAM,KAAK,YAAY,mBAAmB,cAAc;IAC1F,6BAA6B;IAC7B,WAAW;IACX,QAAQ;IACe;IACxB,CAAC;AAEF,aAAU;AAGV,OAAI,qBAAqB,KACvB,WAAU,OAAO,YACf,OAAO,QAAQ,wBAAwB,CAAC,KAAK,CAAC,mBAAmB,mBAAmB;AAClF,QAAI,cAAc,SAAS,EACzB,OAAM,IAAI,WACR,6GAA6G,iBAAiB,IAC/H;AAGH,WAAO,CAAC,mBAAmB,cAAc,GAAG;KAC5C,CACH;QAGH,OAAM,IAAI,WAAW,sCAAsC;EAG7D,MAAM,WAAW,MAAM,gBAAgB,qCAAqC;GAC1E;GACA,QAAQ,QAAQ;GAChB,8BAA8B;IAC5B,UAAU;IACV,yBAAyB;IAC1B;GACD,MAAM,gBACF;IACE,YAAY;KAAE,OAAO;KAA4B,KAAK;KAAe;IACrE,gBAAgB;KACd,4CAA4C,EAAE;KAC9C,+CAA+C,CAAC,UAAU;KAC1D,+CAA+C;MAAC;MAAW;MAAW;MAAgB;KACvF;IACF,GACD;GACL,CAAC;EAEF,MAAM,+BAA+B,SAAS;EAG9C,MAAM,wBAAwB,SAAS,MAAM,cACzC,EAAE,UAAU,SAAS,KAAK,aAAa,GACvC;AAKJ,MAAI,qCAAqC,4BAA4B,CACnE,QAAO;GACL,IAAI;GACJ;GACA;GACD;EAKH,MAAM,SAAS,MAAM,gBAAgB,qCAAqC;GACxE;GACA,8BAA8B,SAAS;GACvC,MAAM,SAAS,OAAO,EAAE,aAAa,SAAS,KAAK,aAAa,GAAG;GACpE,CAAC;EAEF,MAAM,eAAe,MAAM,OAAO,SAC/B,OAAO,CACP,MAAM,CACN,YAAY,KAAK;EAEpB,MAAM,eAAgB,MAAM,OAAO,SAChC,OAAO,CACP,MAAM,CACN,YAAY,KAAK;AAEpB,MAAI,CAAC,OAAO,SAAS,GACnB,QAAO;GACL,IAAI;GACJ,gBAAgB;IACd,QAAQ,OAAO,SAAS;IACxB,MAAM,gBAAgB;IACvB;GACD;GACA;GACD;AAGH,SAAO;GACL,IAAI;GACJ,gBAAgB;IACd,QAAQ,OAAO,SAAS;IACxB,MAAM,gBAAgB,EAAE;IACzB;GACD;GACA;GACA,aAAa,cAAc;GAC3B,mCAAmC,cAAc;GAClD;;;qCA3hBJ,YAAY"}

package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts CHANGED Viewed

@@ -1,11 +1,11 @@
+import { OpenId4VciCredentialOfferPayload } from "../shared/models/index.mjs";
 import { OpenId4VcUpdateIssuerRecordOptions, OpenId4VciCreateCredentialOfferOptions, OpenId4VciCreateCredentialResponseOptions, OpenId4VciCreateDeferredCredentialResponseOptions, OpenId4VciCreateIssuerOptions, OpenId4VciCreateStatelessCredentialOfferOptions } from "./OpenId4VcIssuerServiceOptions.mjs";
-import { OpenId4VcIssuerRecord } from "./repository/OpenId4VcIssuerRecord.mjs";
 import { OpenId4VcIssuanceSessionRecord } from "./repository/OpenId4VcIssuanceSessionRecord.mjs";
+import { OpenId4VcIssuerRecord } from "./repository/OpenId4VcIssuerRecord.mjs";
 import { OpenId4VcIssuerModuleConfig } from "./OpenId4VcIssuerModuleConfig.mjs";
 import { OpenId4VcIssuerService } from "./OpenId4VcIssuerService.mjs";
 import { AgentContext } from "@credo-ts/core";
 import * as _openid4vc_openid4vci0 from "@openid4vc/openid4vci";
-import * as zod0 from "zod";
 //#region src/openid4vc-issuer/OpenId4VcIssuerApi.d.ts
 /**
@@ -39,191 +39,7 @@ declare class OpenId4VcIssuerApi {
     issuerId: string;
   }): Promise<{
     credentialOffer: string;
-    credentialOfferObject: zod0.objectInputType<{
-      credential_issuer: zod0.ZodEffects<zod0.ZodString, string, string>;
-      credential_configuration_ids: zod0.ZodArray<zod0.ZodString, "many">;
-      grants: zod0.ZodOptional<zod0.ZodObject<{
-        authorization_code: zod0.ZodOptional<zod0.ZodObject<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-        "urn:ietf:params:oauth:grant-type:pre-authorized_code": zod0.ZodOptional<zod0.ZodObject<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-      }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-        authorization_code: zod0.ZodOptional<zod0.ZodObject<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-        "urn:ietf:params:oauth:grant-type:pre-authorized_code": zod0.ZodOptional<zod0.ZodObject<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-      }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-        authorization_code: zod0.ZodOptional<zod0.ZodObject<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          issuer_state: zod0.ZodOptional<zod0.ZodString>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-        "urn:ietf:params:oauth:grant-type:pre-authorized_code": zod0.ZodOptional<zod0.ZodObject<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-          "pre-authorized_code": zod0.ZodString;
-          tx_code: zod0.ZodOptional<zod0.ZodObject<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, "passthrough", zod0.ZodTypeAny, zod0.objectOutputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">, zod0.objectInputType<{
-            input_mode: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodLiteral<"numeric">, zod0.ZodLiteral<"text">]>>;
-            length: zod0.ZodOptional<zod0.ZodNumber>;
-            description: zod0.ZodOptional<zod0.ZodString>;
-          }, zod0.ZodTypeAny, "passthrough">>>;
-          authorization_server: zod0.ZodOptional<zod0.ZodEffects<zod0.ZodString, string, string>>;
-        }, zod0.ZodTypeAny, "passthrough">>>;
-      }, zod0.ZodTypeAny, "passthrough">>>;
-    }, zod0.ZodTypeAny, "passthrough">;
+    credentialOfferObject: OpenId4VciCredentialOfferPayload;
   }>;
   /**
    * Creates a credential offer. Either the preAuthorizedCodeFlowConfig or the authorizationCodeFlowConfig must be provided.
@@ -242,23 +58,8 @@ declare class OpenId4VcIssuerApi {
   createCredentialResponse(options: OpenId4VciCreateCredentialResponseOptions & {
     issuanceSessionId: string;
   }): Promise<{
-    credentialResponse: zod0.objectOutputType<{
-      credentials: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodArray<zod0.ZodObject<{
-        credential: zod0.ZodUnion<[zod0.ZodString, zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>]>;
-      }, "strip", zod0.ZodTypeAny, {
-        credential: string | Record<string, any>;
-      }, {
-        credential: string | Record<string, any>;
-      }>, "many">, zod0.ZodArray<zod0.ZodUnion<[zod0.ZodString, zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>]>, "many">]>>;
-      interval: zod0.ZodOptional<zod0.ZodNumber>;
-      notification_id: zod0.ZodOptional<zod0.ZodString>;
-    } & {
-      credential: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodString, zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>]>>;
-      transaction_id: zod0.ZodOptional<zod0.ZodString>;
-      c_nonce: zod0.ZodOptional<zod0.ZodString>;
-      c_nonce_expires_in: zod0.ZodOptional<zod0.ZodNumber>;
-    }, zod0.ZodTypeAny, "passthrough">;
     issuanceSession: OpenId4VcIssuanceSessionRecord;
+    credentialResponse: _openid4vc_openid4vci0.CredentialResponse;
   }>;
   /**
    * This function creates a response which can be sent to the holder after receiving a deferred credential issuance request.
@@ -266,18 +67,8 @@ declare class OpenId4VcIssuerApi {
   createDeferredCredentialResponse(options: OpenId4VciCreateDeferredCredentialResponseOptions & {
     issuanceSessionId: string;
   }): Promise<{
-    deferredCredentialResponse: zod0.objectOutputType<{
-      credentials: zod0.ZodOptional<zod0.ZodUnion<[zod0.ZodArray<zod0.ZodObject<{
-        credential: zod0.ZodUnion<[zod0.ZodString, zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>]>;
-      }, "strip", zod0.ZodTypeAny, {
-        credential: string | Record<string, any>;
-      }, {
-        credential: string | Record<string, any>;
-      }>, "many">, zod0.ZodArray<zod0.ZodUnion<[zod0.ZodString, zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>]>, "many">]>>;
-      interval: zod0.ZodOptional<zod0.ZodNumber>;
-      notification_id: zod0.ZodOptional<zod0.ZodString>;
-    }, zod0.ZodTypeAny, "passthrough">;
     issuanceSession: OpenId4VcIssuanceSessionRecord;
+    deferredCredentialResponse: _openid4vc_openid4vci0.DeferredCredentialResponse;
   }>;
   getIssuerMetadata(issuerId: string): Promise<_openid4vc_openid4vci0.IssuerMetadataResult>;
   getIssuanceSessionById(issuanceSessionId: string): Promise<OpenId4VcIssuanceSessionRecord>;

package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"OpenId4VcIssuerApi.d.mts","names":[],"sources":["../../src/openid4vc-issuer/OpenId4VcIssuerApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;~~AAqBa~~,cAAA,kBAAA,CAAkB;EAAA,SAAA,MAAA,EAEH,2BAFG;UAEH,YAAA;UAAA,sBAAA;aACF,CAAA,MAAA,EADE,2BACF,EAAA,YAAA,EAAA,YAAA,EAAA,sBAAA,EACU,sBADV;eACU,CAAA,CAAA,EAGR,OAHQ,CAAsB,qBAAA,EAAtB,CAAA;qBAAsB,CAAA,QAAA,EAAA,MAAA,CAAA,EAOP,OAPO,CAG9B,qBAAA,CAH8B;;;;;cAeQ,CAAA,OAAA,EAA7B,6BAA6B,CAAA,EAAA,OAAA,CAAA,qBAAA,CAAA;;;;6BAYa,CAAA,QAAA,EAAA,MAAA,CAAA,EALpB,OAKoB,CAAA,IAAA,CAAA;sBAwBlE,CAAA,OAAA,EAxBgC,kCAwBhC,CAAA,EAxBkE,OAwBlE,CAAA,IAAA,CAAA;;;;;~~0CAAA~~;;~~MAAsE;;;yCAAvB~~,~~IAAA~~,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAYd;;MAA6D;~~qBAAvB~~;;;;;;oCAUvE;;MAAyE~~;;;mCAAhC,IAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;~~4CAezC;;MAAiF;;;~~mCAAhC,IAAA,CAAA,SAAA;;;;;;;;;;;~~uCAcb,QAd6C,sBAAA,CAc7C,oBAAA;qDAKc,QALd,8BAAA"}
1	+ {"version":3,"file":"OpenId4VcIssuerApi.d.mts","names":[],"sources":["../../src/openid4vc-issuer/OpenId4VcIssuerApi.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;AAmBa,cAAA,kBAAA,CAAkB;EAAA,SAAA,MAAA,EAEH,2BAFG;UAEH,YAAA;UAAA,sBAAA;aACF,CAAA,MAAA,EADE,2BACF,EAAA,YAAA,EAAA,YAAA,EAAA,sBAAA,EACU,sBADV;eACU,CAAA,CAAA,EAGR,OAHQ,CAAsB,qBAAA,EAAtB,CAAA;qBAAsB,CAAA,QAAA,EAAA,MAAA,CAAA,EAOP,OAPO,CAG9B,qBAAA,CAH8B;;;;;cAeQ,CAAA,OAAA,EAA7B,6BAA6B,CAAA,EAAA,OAAA,CAAA,qBAAA,CAAA;;;;6BAYa,CAAA,QAAA,EAAA,MAAA,CAAA,EALpB,OAKoB,CAAA,IAAA,CAAA;sBAwBlE,CAAA,OAAA,EAxBgC,kCAwBhC,CAAA,EAxBkE,OAwBlE,CAAA,IAAA,CAAA;;;;;gCAY8F,CAAA,OAAA,EAZ9F,+CAY8F,GAAA;IAU9F,QAAA,EAAA,MAAA;MAtBsE,OAsB7B,CAAA;;IAAgC,qBAAA,EAtB1B,gCAsB0B;;;;;;;uBA6BrC,CAAA,OAAA,EAvCH,sCAuCG,GAAA;IAKc,QAAA,EAAA,MAAA;EAAA,CAAA,CAAA,EA5C4C,OA4C5C,CAAA;qBA5CqB;;;;;;oCAUvE;;MAAyE;qBAAhC;;;;;;4CAezC;;MAAiF;qBAAhC;;;uCAcb,QAd6C,sBAAA,CAc7C,oBAAA;qDAKc,QALd,8BAAA"}