@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.1

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts

@@ -0,0 +1,300 @@
+import { OpenId4VciCredentialOfferPayload } from "../../shared/models/index.mjs";
+import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
+import "../../shared/index.mjs";
+import { OpenId4VciVersion } from "../OpenId4VcIssuerServiceOptions.mjs";
+import { BaseRecord, RecordTags, TagsBase } from "@credo-ts/core";
+import { AccessTokenResponse, AuthorizationServerMetadata, PkceCodeChallengeMethod } from "@openid4vc/oauth2";
+
+//#region src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts
+interface OpenId4VcIssuanceSessionDpop {
+  /**
+   * Whether dpop is required. Can be set to false to override the
+   * global config
+   */
+  required: boolean;
+  /**
+   * JWK thumbprint of the dpop key. This is mostly used when a dpop key is bound
+   * to the issuance session before the access token is created (which contains the dpop key)
+   */
+  dpopJkt?: string;
+}
+interface OpenId4VcIssuanceSessionWalletAttestation {
+  /**
+   * Whether presentation of a wallet attestation is required.
+   * Can be set to false to override the global config
+   */
+  required: boolean;
+}
+interface OpenId4VcIssuanceSessionAuthorization {
+  code?: string;
+  /**
+   * @todo: I saw in google's library that for codes they encrypt an id with expiration time.
+   * You know the code was created by you because you can decrypt it, and you don't have to store
+   * additional metadata on your server. It's similar to the signed / encrypted nonce
+   */
+  codeExpiresAt?: Date;
+  /**
+   * String value created by the Credential Issuer and opaque to the Wallet that
+   * is used to bind the subsequent Authorization Request with the Credential Issuer to a context set up during previous steps.
+   */
+  issuerState?: string;
+  /**
+   * Scopes that are granted when the authorization is complete.
+   */
+  scopes?: string[];
+  /**
+   * Subject the issuance session is bound to. For internal authorization this will be defined
+   * from the moment the token is issued. For external authorization this will be defined after
+   * the first time the credential endpoint has been called.
+   */
+  subject?: string;
+}
+interface OpenId4VcIssuanceSessionPresentation {
+  /**
+   * Whether presentation during issuance is required. Mutually exclusive with `chainedIdentity`.
+   */
+  required: true;
+  /**
+   * Auth session for the presentation during issuance flow
+   */
+  authSession?: string;
+  /**
+   * The id of the `OpenId4VcVerificationSessionRecord` record this issuance session is linked to
+   */
+  openId4VcVerificationSessionId?: string;
+}
+interface OpenId4VcIssuanceSessionPkce {
+  codeChallengeMethod: PkceCodeChallengeMethod;
+  codeChallenge: string;
+}
+interface OpenId4VcIssuanceSessionChainedIdentity {
+  /**
+   * The identifier of the external identity provider's authorization server.
+   * Mutually exclusive with `presentation`.
+   */
+  externalAuthorizationServerUrl: string;
+  /**
+   * The <reference-value> from the `request_uri` parameter returned to the client
+   * in the form of `urn:ietf:params:oauth:request_uri:<reference-value>`.
+   */
+  requestUriReferenceValue?: string;
+  /**
+   * The expiry time of the request URI.
+   *
+   * @todo: I saw in google's library that for codes they encrypt an id with expiration time.
+   * You know the code was created by you because you can decrypt it, and you don't have to store
+   * additional metadata on your server. It's similar to the signed / encrypted nonce
+   */
+  requestUriExpiresAt?: Date;
+  /**
+   * The state value that was received in the pushed authorization request.
+   */
+  state?: string;
+  /**
+   * The redirect uri to redirect to after the authorization code has been granted.
+   */
+  redirectUri?: string;
+  /**
+   * The PKCE code verifier used in the authorization request to the external identity provider.
+   */
+  pkceCodeVerifier?: string;
+  /**
+   * The chained identity authorization request url, used to authorize to the external identity provider.
+   */
+  externalAuthorizationRequestUrl?: string;
+  /**
+   * The state value used in the authorization request to the external identity provider.
+   */
+  externalState?: string;
+  /**
+   * The metadata of the external identity provider's authorization server.
+   */
+  externalAuthorizationServerMetadata?: AuthorizationServerMetadata;
+  /**
+   * The access token response received from the external identity provider.
+   *
+   * If the scope 'openid' is requested, we automatically verify if the
+   * ID Token JWT is valid.
+   */
+  externalAccessTokenResponse?: AccessTokenResponse;
+}
+type DefaultOpenId4VcIssuanceSessionRecordTags = {
+  issuerId: string;
+  cNonce?: string;
+  state: OpenId4VcIssuanceSessionState;
+  credentialOfferUri?: string;
+  credentialOfferId?: string;
+  preAuthorizedCode?: string;
+  authorizationCode?: string;
+  issuerState?: string;
+  authorizationSubject?: string;
+  presentationAuthSession?: string;
+  chainedIdentityRequestUriReferenceValue?: string;
+  chainedIdentityState?: string;
+};
+interface OpenId4VcIssuanceSessionRecordTransaction {
+  transactionId: string;
+  numberOfCredentials: number;
+  credentialConfigurationId: string;
+}
+interface OpenId4VcIssuanceSessionRecordProps {
+  createdAt: Date;
+  expiresAt: Date;
+  id?: string;
+  tags?: TagsBase;
+  state: OpenId4VcIssuanceSessionState;
+  issuerId: string;
+  /**
+   * Client id will mostly be used when doing auth flow
+   */
+  clientId?: string;
+  walletAttestation?: OpenId4VcIssuanceSessionWalletAttestation;
+  dpop?: OpenId4VcIssuanceSessionDpop;
+  preAuthorizedCode?: string;
+  userPin?: string;
+  pkce?: {
+    codeChallengeMethod: PkceCodeChallengeMethod;
+    codeChallenge: string;
+  };
+  /**
+   * When authorization code flow is used, this links the authorization
+   */
+  authorization?: OpenId4VcIssuanceSessionAuthorization;
+  /**
+   * When presentation during issuance is required this should link the
+   * `OpenId4VcVerificationSessionRecord` and state
+   */
+  presentation?: OpenId4VcIssuanceSessionPresentation;
+  transactions?: OpenId4VcIssuanceSessionRecordTransaction[];
+  /**
+   * Identity chaining enables doing another OAuth2 authentication flow as part
+   * of the OpenID4VCI authorization flow. This allows leveraging the advanced OAuth2
+   * functionality from Credo (e.g. Wallet Attestations, DPoP, PAR) while still allowing
+   * integration with existing IDPs.
+   */
+  chainedIdentity?: OpenId4VcIssuanceSessionChainedIdentity;
+  credentialOfferUri?: string;
+  credentialOfferId: string;
+  credentialOfferPayload: OpenId4VciCredentialOfferPayload;
+  issuanceMetadata?: Record<string, unknown>;
+  errorMessage?: string;
+  generateRefreshTokens?: boolean;
+  /**
+   * The version of openid4ci used for the request
+   */
+  openId4VciVersion: OpenId4VciVersion;
+}
+declare class OpenId4VcIssuanceSessionRecord extends BaseRecord<DefaultOpenId4VcIssuanceSessionRecordTags> {
+  static readonly type = "OpenId4VcIssuanceSessionRecord";
+  readonly type = "OpenId4VcIssuanceSessionRecord";
+  /**
+   * Expiry time for the issuance session. This can change dynamically during
+   * the session lifetime, based on the possible deferrals.
+   *
+   * @since 0.6
+   */
+  expiresAt?: Date;
+  /**
+   * The id of the issuer that this session is for.
+   */
+  issuerId: string;
+  /**
+   * The state of the issuance session.
+   */
+  state: OpenId4VcIssuanceSessionState;
+  /**
+   * The credentials that were issued during this session.
+   */
+  issuedCredentials: string[];
+  /**
+   * The credential transactions for deferred credentials.
+   */
+  transactions: OpenId4VcIssuanceSessionRecordTransaction[];
+  /**
+   * Pre authorized code used for the issuance session. Only used when a pre-authorized credential
+   * offer is created.
+   */
+  preAuthorizedCode?: string;
+  /**
+   * Optional user pin that needs to be provided by the user in the access token request.
+   */
+  userPin?: string;
+  /**
+   * Client id of the exchange
+   */
+  clientId?: string;
+  /**
+   * Proof Key Code Exchange
+   */
+  pkce?: OpenId4VcIssuanceSessionPkce;
+  walletAttestation?: OpenId4VcIssuanceSessionWalletAttestation;
+  dpop?: OpenId4VcIssuanceSessionDpop;
+  /**
+   * Authorization code flow specific metadata values
+   */
+  authorization?: OpenId4VcIssuanceSessionAuthorization;
+  /**
+   * Presentation during issuance specific metadata values
+   */
+  presentation?: OpenId4VcIssuanceSessionPresentation;
+  /**
+   * Chained identity specific metadata values
+   */
+  chainedIdentity?: OpenId4VcIssuanceSessionChainedIdentity;
+  /**
+   * User-defined metadata that will be provided to the credential request to credential mapper
+   * to allow to retrieve the needed credential input data. Can be the credential data itself,
+   * or some other data that is needed to retrieve the credential data.
+   */
+  issuanceMetadata?: Record<string, unknown>;
+  /**
+   * The credential offer that was used to create the issuance session.
+   */
+  credentialOfferPayload: OpenId4VciCredentialOfferPayload;
+  /**
+   * URI of the credential offer. This is the url that cn can be used to retrieve
+   * the credential offer
+   */
+  credentialOfferUri?: string;
+  /**
+   * The public id for the credential offer. This is used in the credential
+   * offer uri.
+   *
+   * @since 0.6
+   */
+  credentialOfferId?: string;
+  /**
+   * Whether to generate refresh tokens for the issuance session.
+   *
+   * @since 0.6
+   */
+  generateRefreshTokens?: boolean;
+  /**
+   * The version of openid4ci used for the request
+   *
+   * @since 0.6
+   */
+  openId4VciVersion?: OpenId4VciVersion;
+  /**
+   * Optional error message of the error that occurred during the issuance session. Will be set when state is {@link OpenId4VcIssuanceSessionState.Error}
+   */
+  errorMessage?: string;
+  constructor(props: OpenId4VcIssuanceSessionRecordProps);
+  assertState(expectedStates: OpenId4VcIssuanceSessionState | OpenId4VcIssuanceSessionState[]): void;
+  getTags(): {
+    issuerId: string;
+    credentialOfferUri: string | undefined;
+    credentialOfferId: string | undefined;
+    state: OpenId4VcIssuanceSessionState;
+    preAuthorizedCode: string | undefined;
+    issuerState: string | undefined;
+    authorizationCode: string | undefined;
+    authorizationSubject: string | undefined;
+    presentationAuthSession: string | undefined;
+    chainedIdentityRequestUriReferenceValue: string | undefined;
+    chainedIdentityState: string | undefined;
+  };
+}
+//#endregion
+export { DefaultOpenId4VcIssuanceSessionRecordTags, OpenId4VcIssuanceSessionAuthorization, OpenId4VcIssuanceSessionChainedIdentity, OpenId4VcIssuanceSessionDpop, OpenId4VcIssuanceSessionPkce, OpenId4VcIssuanceSessionPresentation, OpenId4VcIssuanceSessionRecord, OpenId4VcIssuanceSessionRecordProps, OpenId4VcIssuanceSessionRecordTransaction, OpenId4VcIssuanceSessionWalletAttestation };
+//# sourceMappingURL=OpenId4VcIssuanceSessionRecord.d.mts.map

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuanceSessionRecord.d.mts","names":[],"sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.ts"],"sourcesContent":[],"mappings":";;;;;;;;UAUiB,4BAAA;EAAA;AAcjB;AAQA;AA6BA;EAiBiB,QAAA,EAAA,OAAA;EAKA;;;;EA0DkC,OAAA,CAAA,EAAA,MAAA;AAGnD;AAwBiB,UAhJA,yCAAA,CAgJyC;EAUzC;;;;EAOR,QAAA,EAAA,OAAA;;AASA,UAlKQ,qCAAA,CAkKR;EAQgB,IAAA,CAAA,EAAA,MAAA;EAOP;;;;;EAwBG,aAAA,CAAA,EAjMH,IAiMG;EAQA;;AAGrB;;EAWqB,WAAA,CAAA,EAAA,MAAA;EAkBJ;;;EAiCK,MAAA,CAAA,EAAA,MAAA,EAAA;EACb;;;;;EAmFyB,OAAA,CAAA,EAAA,MAAA;;AAmCN,UA5WX,oCAAA,CA4WW;EA+BS;;;EApNe,QAAA,EAAA,IAAA;EAAU;;;;;;;;;UAtK7C,4BAAA;uBACM;;;UAIN,uCAAA;;;;;;;;;;;;;;;;;;wBAoBO;;;;;;;;;;;;;;;;;;;;;;;;wCA8BgB;;;;;;;gCAQR;;KAGpB,yCAAA;;;SAGH;;;;;;;;;;;UAqBQ,yCAAA;;;;;UAUA,mCAAA;aACJ;aACA;;SAGJ;SAEA;;;;;;sBAQa;SACb;;;;yBAQgB;;;;;;kBAOP;;;;;iBAMD;iBAGA;;;;;;;oBAQG;;;0BAKM;qBAEL;;;;;;qBAQA;;cAGR,8BAAA,SAAuC,WAAW;;;;;;;;;cAW1C;;;;;;;;SAkBJ;;;;;;;;gBAUM;;;;;;;;;;;;;;;;;SAqBP;sBAEM;SACb;;;;kBA2BgB;;;;iBAKD;;;;oBAuCG;;;;;;qBAOC;;;;0BAKM;;;;;;;;;;;;;;;;;;;;;;;;sBA4BL;;;;;qBAOD;8BA+BS,gCAAgC"}

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs

@@ -0,0 +1,102 @@
+import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
+import { OpenId4VcIssuanceSessionState } from "../OpenId4VcIssuanceSessionState.mjs";
+import { BaseRecord, CredoError, DateTransformer, isJsonObject, utils } from "@credo-ts/core";
+import { PkceCodeChallengeMethod } from "@openid4vc/oauth2";
+import { Transform, TransformationType } from "class-transformer";
+
+//#region src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.ts
+var _ref, _ref2;
+var OpenId4VcIssuanceSessionRecord = class OpenId4VcIssuanceSessionRecord extends BaseRecord {
+	constructor(props) {
+		super();
+		this.type = OpenId4VcIssuanceSessionRecord.type;
+		this.issuedCredentials = [];
+		this.transactions = [];
+		if (props) {
+			this.id = props.id ?? utils.uuid();
+			this.createdAt = props.createdAt;
+			this.expiresAt = props.expiresAt;
+			this._tags = props.tags ?? {};
+			this.issuerId = props.issuerId;
+			this.clientId = props.clientId;
+			this.userPin = props.userPin;
+			this.preAuthorizedCode = props.preAuthorizedCode;
+			this.pkce = props.pkce;
+			this.authorization = props.authorization;
+			this.presentation = props.presentation;
+			this.chainedIdentity = props.chainedIdentity;
+			this.credentialOfferUri = props.credentialOfferUri;
+			this.credentialOfferId = props.credentialOfferId;
+			this.credentialOfferPayload = props.credentialOfferPayload;
+			this.issuanceMetadata = props.issuanceMetadata;
+			this.dpop = props.dpop;
+			this.walletAttestation = props.walletAttestation;
+			this.state = props.state;
+			this.generateRefreshTokens = props.generateRefreshTokens;
+			this.errorMessage = props.errorMessage;
+			this.transactions = props.transactions ?? [];
+			this.openId4VciVersion = props.openId4VciVersion;
+		}
+	}
+	assertState(expectedStates) {
+		if (!Array.isArray(expectedStates)) expectedStates = [expectedStates];
+		if (!expectedStates.includes(this.state)) throw new CredoError(`OpenId4VcIssuanceSessionRecord is in invalid state ${this.state}. Valid states are: ${expectedStates.join(", ")}.`);
+	}
+	getTags() {
+		return {
+			...this._tags,
+			issuerId: this.issuerId,
+			credentialOfferUri: this.credentialOfferUri,
+			credentialOfferId: this.credentialOfferId,
+			state: this.state,
+			preAuthorizedCode: this.preAuthorizedCode,
+			issuerState: this.authorization?.issuerState,
+			authorizationCode: this.authorization?.code,
+			authorizationSubject: this.authorization?.subject,
+			presentationAuthSession: this.presentation?.authSession,
+			chainedIdentityRequestUriReferenceValue: this.chainedIdentity?.requestUriReferenceValue,
+			chainedIdentityState: this.chainedIdentity?.externalState
+		};
+	}
+};
+OpenId4VcIssuanceSessionRecord.type = "OpenId4VcIssuanceSessionRecord";
+__decorate([DateTransformer(), __decorateMetadata("design:type", typeof (_ref = typeof Date !== "undefined" && Date) === "function" ? _ref : Object)], OpenId4VcIssuanceSessionRecord.prototype, "expiresAt", void 0);
+__decorate([Transform(({ value }) => {
+	if (value === "CredentialIssued") return OpenId4VcIssuanceSessionState.Error;
+	return value;
+}), __decorateMetadata("design:type", typeof (_ref2 = typeof OpenId4VcIssuanceSessionState !== "undefined" && OpenId4VcIssuanceSessionState) === "function" ? _ref2 : Object)], OpenId4VcIssuanceSessionRecord.prototype, "state", void 0);
+__decorate([Transform(({ type, value }) => {
+	if (type === TransformationType.PLAIN_TO_CLASS && isJsonObject(value) && typeof value.codeExpiresAt === "string") return {
+		...value,
+		codeExpiresAt: new Date(value.codeExpiresAt)
+	};
+	if (type === TransformationType.CLASS_TO_CLASS && isJsonObject(value) && value.codeExpiresAt instanceof Date) return {
+		...value,
+		codeExpiresAt: new Date(value.codeExpiresAt.getTime())
+	};
+	if (type === TransformationType.CLASS_TO_PLAIN && isJsonObject(value) && value.codeExpiresAt instanceof Date) return {
+		...value,
+		codeExpiresAt: value.codeExpiresAt.toISOString()
+	};
+	return value;
+}), __decorateMetadata("design:type", Object)], OpenId4VcIssuanceSessionRecord.prototype, "authorization", void 0);
+__decorate([Transform(({ type, value }) => {
+	if (type === TransformationType.PLAIN_TO_CLASS && isJsonObject(value) && typeof value.requestUriExpiresAt === "string") return {
+		...value,
+		requestUriExpiresAt: new Date(value.requestUriExpiresAt)
+	};
+	if (type === TransformationType.CLASS_TO_CLASS && isJsonObject(value) && value.requestUriExpiresAt instanceof Date) return {
+		...value,
+		requestUriExpiresAt: new Date(value.requestUriExpiresAt.getTime())
+	};
+	if (type === TransformationType.CLASS_TO_PLAIN && isJsonObject(value) && value.requestUriExpiresAt instanceof Date) return {
+		...value,
+		requestUriExpiresAt: value.requestUriExpiresAt.toISOString()
+	};
+	return value;
+}), __decorateMetadata("design:type", Object)], OpenId4VcIssuanceSessionRecord.prototype, "chainedIdentity", void 0);
+
+//#endregion
+export { OpenId4VcIssuanceSessionRecord };
+//# sourceMappingURL=OpenId4VcIssuanceSessionRecord.mjs.map

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuanceSessionRecord.mjs","names":[],"sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.ts"],"sourcesContent":["import type { RecordTags, TagsBase } from '@credo-ts/core'\nimport { BaseRecord, CredoError, DateTransformer, isJsonObject, utils } from '@credo-ts/core'\nimport { type AccessTokenResponse, type AuthorizationServerMetadata, PkceCodeChallengeMethod } from '@openid4vc/oauth2'\nimport { Transform, TransformationType } from 'class-transformer'\nimport type { OpenId4VciCredentialOfferPayload } from '../../shared'\nimport { OpenId4VcIssuanceSessionState } from '../OpenId4VcIssuanceSessionState'\nimport type { OpenId4VciVersion } from '../OpenId4VcIssuerServiceOptions'\n\nexport type OpenId4VcIssuanceSessionRecordTags = RecordTags<OpenId4VcIssuanceSessionRecord>\n\nexport interface OpenId4VcIssuanceSessionDpop {\n  /**\n   * Whether dpop is required. Can be set to false to override the\n   * global config\n   */\n  required: boolean\n\n  /**\n   * JWK thumbprint of the dpop key. This is mostly used when a dpop key is bound\n   * to the issuance session before the access token is created (which contains the dpop key)\n   */\n  dpopJkt?: string\n}\n\nexport interface OpenId4VcIssuanceSessionWalletAttestation {\n  /**\n   * Whether presentation of a wallet attestation is required.\n   * Can be set to false to override the global config\n   */\n  required: boolean\n}\n\nexport interface OpenId4VcIssuanceSessionAuthorization {\n  code?: string\n\n  /**\n   * @todo: I saw in google's library that for codes they encrypt an id with expiration time.\n   * You know the code was created by you because you can decrypt it, and you don't have to store\n   * additional metadata on your server. It's similar to the signed / encrypted nonce\n   */\n  codeExpiresAt?: Date\n\n  /**\n   * String value created by the Credential Issuer and opaque to the Wallet that\n   * is used to bind the subsequent Authorization Request with the Credential Issuer to a context set up during previous steps.\n   */\n  issuerState?: string\n\n  /**\n   * Scopes that are granted when the authorization is complete.\n   */\n  scopes?: string[]\n\n  /**\n   * Subject the issuance session is bound to. For internal authorization this will be defined\n   * from the moment the token is issued. For external authorization this will be defined after\n   * the first time the credential endpoint has been called.\n   */\n  subject?: string\n}\n\nexport interface OpenId4VcIssuanceSessionPresentation {\n  /**\n   * Whether presentation during issuance is required. Mutually exclusive with `chainedIdentity`.\n   */\n  required: true\n\n  /**\n   * Auth session for the presentation during issuance flow\n   */\n  authSession?: string\n\n  /**\n   * The id of the `OpenId4VcVerificationSessionRecord` record this issuance session is linked to\n   */\n  openId4VcVerificationSessionId?: string\n}\n\nexport interface OpenId4VcIssuanceSessionPkce {\n  codeChallengeMethod: PkceCodeChallengeMethod\n  codeChallenge: string\n}\n\nexport interface OpenId4VcIssuanceSessionChainedIdentity {\n  /**\n   * The identifier of the external identity provider's authorization server.\n   * Mutually exclusive with `presentation`.\n   */\n  externalAuthorizationServerUrl: string\n\n  /**\n   * The <reference-value> from the `request_uri` parameter returned to the client\n   * in the form of `urn:ietf:params:oauth:request_uri:<reference-value>`.\n   */\n  requestUriReferenceValue?: string\n\n  /**\n   * The expiry time of the request URI.\n   *\n   * @todo: I saw in google's library that for codes they encrypt an id with expiration time.\n   * You know the code was created by you because you can decrypt it, and you don't have to store\n   * additional metadata on your server. It's similar to the signed / encrypted nonce\n   */\n  requestUriExpiresAt?: Date\n\n  /**\n   * The state value that was received in the pushed authorization request.\n   */\n  state?: string\n\n  /**\n   * The redirect uri to redirect to after the authorization code has been granted.\n   */\n  redirectUri?: string\n\n  /**\n   * The PKCE code verifier used in the authorization request to the external identity provider.\n   */\n  pkceCodeVerifier?: string\n\n  /**\n   * The chained identity authorization request url, used to authorize to the external identity provider.\n   */\n  externalAuthorizationRequestUrl?: string\n\n  /**\n   * The state value used in the authorization request to the external identity provider.\n   */\n  externalState?: string\n\n  /**\n   * The metadata of the external identity provider's authorization server.\n   */\n  externalAuthorizationServerMetadata?: AuthorizationServerMetadata\n\n  /**\n   * The access token response received from the external identity provider.\n   *\n   * If the scope 'openid' is requested, we automatically verify if the\n   * ID Token JWT is valid.\n   */\n  externalAccessTokenResponse?: AccessTokenResponse\n}\n\nexport type DefaultOpenId4VcIssuanceSessionRecordTags = {\n  issuerId: string\n  cNonce?: string\n  state: OpenId4VcIssuanceSessionState\n  credentialOfferUri?: string\n  credentialOfferId?: string\n\n  // pre-auth flow\n  preAuthorizedCode?: string\n\n  // auth flow\n  authorizationCode?: string\n  issuerState?: string\n\n  authorizationSubject?: string\n\n  // presentation during issuance\n  presentationAuthSession?: string\n\n  // identity chaining\n  chainedIdentityRequestUriReferenceValue?: string\n  chainedIdentityState?: string\n}\n\nexport interface OpenId4VcIssuanceSessionRecordTransaction {\n  transactionId: string\n\n  // The expected number of credentials that will be issued in this transaction\n  numberOfCredentials: number\n\n  // The credential configuration that is used for this transaction.\n  credentialConfigurationId: string\n}\n\nexport interface OpenId4VcIssuanceSessionRecordProps {\n  createdAt: Date\n  expiresAt: Date\n\n  id?: string\n  tags?: TagsBase\n\n  state: OpenId4VcIssuanceSessionState\n  issuerId: string\n\n  /**\n   * Client id will mostly be used when doing auth flow\n   */\n  clientId?: string\n\n  walletAttestation?: OpenId4VcIssuanceSessionWalletAttestation\n  dpop?: OpenId4VcIssuanceSessionDpop\n\n  // Pre auth flow\n  preAuthorizedCode?: string\n  userPin?: string\n\n  // Auth flow (move to authorization?)\n  pkce?: {\n    codeChallengeMethod: PkceCodeChallengeMethod\n    codeChallenge: string\n  }\n\n  /**\n   * When authorization code flow is used, this links the authorization\n   */\n  authorization?: OpenId4VcIssuanceSessionAuthorization\n\n  /**\n   * When presentation during issuance is required this should link the\n   * `OpenId4VcVerificationSessionRecord` and state\n   */\n  presentation?: OpenId4VcIssuanceSessionPresentation\n\n  // Transaction data for deferred credential issuances\n  transactions?: OpenId4VcIssuanceSessionRecordTransaction[]\n\n  /**\n   * Identity chaining enables doing another OAuth2 authentication flow as part\n   * of the OpenID4VCI authorization flow. This allows leveraging the advanced OAuth2\n   * functionality from Credo (e.g. Wallet Attestations, DPoP, PAR) while still allowing\n   * integration with existing IDPs.\n   */\n  chainedIdentity?: OpenId4VcIssuanceSessionChainedIdentity\n\n  credentialOfferUri?: string\n  credentialOfferId: string\n\n  credentialOfferPayload: OpenId4VciCredentialOfferPayload\n\n  issuanceMetadata?: Record<string, unknown>\n  errorMessage?: string\n\n  generateRefreshTokens?: boolean\n\n  /**\n   * The version of openid4ci used for the request\n   */\n  openId4VciVersion: OpenId4VciVersion\n}\n\nexport class OpenId4VcIssuanceSessionRecord extends BaseRecord<DefaultOpenId4VcIssuanceSessionRecordTags> {\n  public static readonly type = 'OpenId4VcIssuanceSessionRecord'\n  public readonly type = OpenId4VcIssuanceSessionRecord.type\n\n  /**\n   * Expiry time for the issuance session. This can change dynamically during\n   * the session lifetime, based on the possible deferrals.\n   *\n   * @since 0.6\n   */\n  @DateTransformer()\n  public expiresAt?: Date\n\n  /**\n   * The id of the issuer that this session is for.\n   */\n  public issuerId!: string\n\n  /**\n   * The state of the issuance session.\n   */\n  @Transform(({ value }) => {\n    // CredentialIssued is an old state that is no longer used. It should be mapped to Error.\n    if (value === 'CredentialIssued') {\n      return OpenId4VcIssuanceSessionState.Error\n    }\n\n    return value\n  })\n  public state!: OpenId4VcIssuanceSessionState\n\n  /**\n   * The credentials that were issued during this session.\n   */\n  public issuedCredentials: string[] = []\n\n  /**\n   * The credential transactions for deferred credentials.\n   */\n  public transactions: OpenId4VcIssuanceSessionRecordTransaction[] = []\n\n  /**\n   * Pre authorized code used for the issuance session. Only used when a pre-authorized credential\n   * offer is created.\n   */\n  public preAuthorizedCode?: string\n\n  /**\n   * Optional user pin that needs to be provided by the user in the access token request.\n   */\n  public userPin?: string\n\n  /**\n   * Client id of the exchange\n   */\n  public clientId?: string\n\n  /**\n   * Proof Key Code Exchange\n   */\n  public pkce?: OpenId4VcIssuanceSessionPkce\n\n  walletAttestation?: OpenId4VcIssuanceSessionWalletAttestation\n  dpop?: OpenId4VcIssuanceSessionDpop\n\n  /**\n   * Authorization code flow specific metadata values\n   */\n  @Transform(({ type, value }) => {\n    if (type === TransformationType.PLAIN_TO_CLASS && isJsonObject(value) && typeof value.codeExpiresAt === 'string') {\n      return {\n        ...value,\n        codeExpiresAt: new Date(value.codeExpiresAt),\n      }\n    }\n    if (type === TransformationType.CLASS_TO_CLASS && isJsonObject(value) && value.codeExpiresAt instanceof Date) {\n      return {\n        ...value,\n        codeExpiresAt: new Date(value.codeExpiresAt.getTime()),\n      }\n    }\n    if (type === TransformationType.CLASS_TO_PLAIN && isJsonObject(value) && value.codeExpiresAt instanceof Date) {\n      return {\n        ...value,\n        codeExpiresAt: value.codeExpiresAt.toISOString(),\n      }\n    }\n\n    return value\n  })\n  public authorization?: OpenId4VcIssuanceSessionAuthorization\n\n  /**\n   * Presentation during issuance specific metadata values\n   */\n  public presentation?: OpenId4VcIssuanceSessionPresentation\n\n  /**\n   * Chained identity specific metadata values\n   */\n  @Transform(({ type, value }) => {\n    if (\n      type === TransformationType.PLAIN_TO_CLASS &&\n      isJsonObject(value) &&\n      typeof value.requestUriExpiresAt === 'string'\n    ) {\n      return {\n        ...value,\n        requestUriExpiresAt: new Date(value.requestUriExpiresAt),\n      }\n    }\n    if (\n      type === TransformationType.CLASS_TO_CLASS &&\n      isJsonObject(value) &&\n      value.requestUriExpiresAt instanceof Date\n    ) {\n      return {\n        ...value,\n        requestUriExpiresAt: new Date(value.requestUriExpiresAt.getTime()),\n      }\n    }\n    if (\n      type === TransformationType.CLASS_TO_PLAIN &&\n      isJsonObject(value) &&\n      value.requestUriExpiresAt instanceof Date\n    ) {\n      return {\n        ...value,\n        requestUriExpiresAt: value.requestUriExpiresAt.toISOString(),\n      }\n    }\n\n    return value\n  })\n  public chainedIdentity?: OpenId4VcIssuanceSessionChainedIdentity\n\n  /**\n   * User-defined metadata that will be provided to the credential request to credential mapper\n   * to allow to retrieve the needed credential input data. Can be the credential data itself,\n   * or some other data that is needed to retrieve the credential data.\n   */\n  public issuanceMetadata?: Record<string, unknown>\n\n  /**\n   * The credential offer that was used to create the issuance session.\n   */\n  public credentialOfferPayload!: OpenId4VciCredentialOfferPayload\n\n  /**\n   * URI of the credential offer. This is the url that cn can be used to retrieve\n   * the credential offer\n   */\n  public credentialOfferUri?: string\n\n  /**\n   * The public id for the credential offer. This is used in the credential\n   * offer uri.\n   *\n   * @since 0.6\n   */\n  public credentialOfferId?: string\n\n  /**\n   * Whether to generate refresh tokens for the issuance session.\n   *\n   * @since 0.6\n   */\n  public generateRefreshTokens?: boolean\n\n  /**\n   * The version of openid4ci used for the request\n   *\n   * @since 0.6\n   */\n  public openId4VciVersion?: OpenId4VciVersion\n\n  /**\n   * Optional error message of the error that occurred during the issuance session. Will be set when state is {@link OpenId4VcIssuanceSessionState.Error}\n   */\n  public errorMessage?: string\n\n  public constructor(props: OpenId4VcIssuanceSessionRecordProps) {\n    super()\n\n    if (props) {\n      this.id = props.id ?? utils.uuid()\n      this.createdAt = props.createdAt\n      this.expiresAt = props.expiresAt\n      this._tags = props.tags ?? {}\n\n      this.issuerId = props.issuerId\n      this.clientId = props.clientId\n      this.userPin = props.userPin\n      this.preAuthorizedCode = props.preAuthorizedCode\n      this.pkce = props.pkce\n      this.authorization = props.authorization\n      this.presentation = props.presentation\n      this.chainedIdentity = props.chainedIdentity\n      this.credentialOfferUri = props.credentialOfferUri\n      this.credentialOfferId = props.credentialOfferId\n      this.credentialOfferPayload = props.credentialOfferPayload\n      this.issuanceMetadata = props.issuanceMetadata\n      this.dpop = props.dpop\n      this.walletAttestation = props.walletAttestation\n      this.state = props.state\n      this.generateRefreshTokens = props.generateRefreshTokens\n      this.errorMessage = props.errorMessage\n      this.transactions = props.transactions ?? []\n      this.openId4VciVersion = props.openId4VciVersion\n    }\n  }\n\n  public assertState(expectedStates: OpenId4VcIssuanceSessionState | OpenId4VcIssuanceSessionState[]) {\n    if (!Array.isArray(expectedStates)) {\n      expectedStates = [expectedStates]\n    }\n\n    if (!expectedStates.includes(this.state)) {\n      throw new CredoError(\n        `OpenId4VcIssuanceSessionRecord is in invalid state ${this.state}. Valid states are: ${expectedStates.join(\n          ', '\n        )}.`\n      )\n    }\n  }\n\n  public getTags() {\n    return {\n      ...this._tags,\n      issuerId: this.issuerId,\n      credentialOfferUri: this.credentialOfferUri,\n      credentialOfferId: this.credentialOfferId,\n      state: this.state,\n\n      // Pre-auth flow\n      preAuthorizedCode: this.preAuthorizedCode,\n\n      // Auth flow\n      issuerState: this.authorization?.issuerState,\n      authorizationCode: this.authorization?.code,\n\n      authorizationSubject: this.authorization?.subject,\n\n      // Presentation during issuance\n      presentationAuthSession: this.presentation?.authSession,\n\n      // Chained identity\n      chainedIdentityRequestUriReferenceValue: this.chainedIdentity?.requestUriReferenceValue,\n      chainedIdentityState: this.chainedIdentity?.externalState,\n    }\n  }\n}\n"],"mappings":";;;;;;;;;AAoPA,IAAa,iCAAb,MAAa,uCAAuC,WAAsD;CAqLxG,AAAO,YAAY,OAA4C;AAC7D,SAAO;OApLO,OAAO,+BAA+B;OAgC/C,oBAA8B,EAAE;OAKhC,eAA4D,EAAE;AAiJnE,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM,MAAM;AAClC,QAAK,YAAY,MAAM;AACvB,QAAK,YAAY,MAAM;AACvB,QAAK,QAAQ,MAAM,QAAQ,EAAE;AAE7B,QAAK,WAAW,MAAM;AACtB,QAAK,WAAW,MAAM;AACtB,QAAK,UAAU,MAAM;AACrB,QAAK,oBAAoB,MAAM;AAC/B,QAAK,OAAO,MAAM;AAClB,QAAK,gBAAgB,MAAM;AAC3B,QAAK,eAAe,MAAM;AAC1B,QAAK,kBAAkB,MAAM;AAC7B,QAAK,qBAAqB,MAAM;AAChC,QAAK,oBAAoB,MAAM;AAC/B,QAAK,yBAAyB,MAAM;AACpC,QAAK,mBAAmB,MAAM;AAC9B,QAAK,OAAO,MAAM;AAClB,QAAK,oBAAoB,MAAM;AAC/B,QAAK,QAAQ,MAAM;AACnB,QAAK,wBAAwB,MAAM;AACnC,QAAK,eAAe,MAAM;AAC1B,QAAK,eAAe,MAAM,gBAAgB,EAAE;AAC5C,QAAK,oBAAoB,MAAM;;;CAInC,AAAO,YAAY,gBAAiF;AAClG,MAAI,CAAC,MAAM,QAAQ,eAAe,CAChC,kBAAiB,CAAC,eAAe;AAGnC,MAAI,CAAC,eAAe,SAAS,KAAK,MAAM,CACtC,OAAM,IAAI,WACR,sDAAsD,KAAK,MAAM,sBAAsB,eAAe,KACpG,KACD,CAAC,GACH;;CAIL,AAAO,UAAU;AACf,SAAO;GACL,GAAG,KAAK;GACR,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,mBAAmB,KAAK;GACxB,OAAO,KAAK;GAGZ,mBAAmB,KAAK;GAGxB,aAAa,KAAK,eAAe;GACjC,mBAAmB,KAAK,eAAe;GAEvC,sBAAsB,KAAK,eAAe;GAG1C,yBAAyB,KAAK,cAAc;GAG5C,yCAAyC,KAAK,iBAAiB;GAC/D,sBAAsB,KAAK,iBAAiB;GAC7C;;;+BAxPoB,OAAO;YAS7B,iBAAiB;YAWjB,WAAW,EAAE,YAAY;AAExB,KAAI,UAAU,mBACZ,QAAO,8BAA8B;AAGvC,QAAO;EACP;YAwCD,WAAW,EAAE,MAAM,YAAY;AAC9B,KAAI,SAAS,mBAAmB,kBAAkB,aAAa,MAAM,IAAI,OAAO,MAAM,kBAAkB,SACtG,QAAO;EACL,GAAG;EACH,eAAe,IAAI,KAAK,MAAM,cAAc;EAC7C;AAEH,KAAI,SAAS,mBAAmB,kBAAkB,aAAa,MAAM,IAAI,MAAM,yBAAyB,KACtG,QAAO;EACL,GAAG;EACH,eAAe,IAAI,KAAK,MAAM,cAAc,SAAS,CAAC;EACvD;AAEH,KAAI,SAAS,mBAAmB,kBAAkB,aAAa,MAAM,IAAI,MAAM,yBAAyB,KACtG,QAAO;EACL,GAAG;EACH,eAAe,MAAM,cAAc,aAAa;EACjD;AAGH,QAAO;EACP;YAWD,WAAW,EAAE,MAAM,YAAY;AAC9B,KACE,SAAS,mBAAmB,kBAC5B,aAAa,MAAM,IACnB,OAAO,MAAM,wBAAwB,SAErC,QAAO;EACL,GAAG;EACH,qBAAqB,IAAI,KAAK,MAAM,oBAAoB;EACzD;AAEH,KACE,SAAS,mBAAmB,kBAC5B,aAAa,MAAM,IACnB,MAAM,+BAA+B,KAErC,QAAO;EACL,GAAG;EACH,qBAAqB,IAAI,KAAK,MAAM,oBAAoB,SAAS,CAAC;EACnE;AAEH,KACE,SAAS,mBAAmB,kBAC5B,aAAa,MAAM,IACnB,MAAM,+BAA+B,KAErC,QAAO;EACL,GAAG;EACH,qBAAqB,MAAM,oBAAoB,aAAa;EAC7D;AAGH,QAAO;EACP"}

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.mts

@@ -0,0 +1,10 @@
+import { OpenId4VcIssuanceSessionRecord } from "./OpenId4VcIssuanceSessionRecord.mjs";
+import { EventEmitter, Repository, StorageService } from "@credo-ts/core";
+
+//#region src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.ts
+declare class OpenId4VcIssuanceSessionRepository extends Repository<OpenId4VcIssuanceSessionRecord> {
+  constructor(storageService: StorageService<OpenId4VcIssuanceSessionRecord>, eventEmitter: EventEmitter);
+}
+//#endregion
+export { OpenId4VcIssuanceSessionRepository };
+//# sourceMappingURL=OpenId4VcIssuanceSessionRepository.d.mts.map

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuanceSessionRepository.d.mts","names":[],"sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.ts"],"sourcesContent":[],"mappings":";;;;cAKa,kCAAA,SAA2C,WAAW;8BAEN,eAAe,+CAC1D;AAJlB"}

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs

@@ -0,0 +1,22 @@
+import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
+import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
+import { OpenId4VcIssuanceSessionRecord } from "./OpenId4VcIssuanceSessionRecord.mjs";
+import { EventEmitter, InjectionSymbols, Repository, inject, injectable } from "@credo-ts/core";
+
+//#region src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.ts
+var _ref;
+let OpenId4VcIssuanceSessionRepository = class OpenId4VcIssuanceSessionRepository$1 extends Repository {
+	constructor(storageService, eventEmitter) {
+		super(OpenId4VcIssuanceSessionRecord, storageService, eventEmitter);
+	}
+};
+OpenId4VcIssuanceSessionRepository = __decorate([
+	injectable(),
+	__decorateParam(0, inject(InjectionSymbols.StorageService)),
+	__decorateMetadata("design:paramtypes", [Object, typeof (_ref = typeof EventEmitter !== "undefined" && EventEmitter) === "function" ? _ref : Object])
+], OpenId4VcIssuanceSessionRepository);
+
+//#endregion
+export { OpenId4VcIssuanceSessionRepository };
+//# sourceMappingURL=OpenId4VcIssuanceSessionRepository.mjs.map

package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuanceSessionRepository.mjs","names":["OpenId4VcIssuanceSessionRepository","storageService: StorageService<OpenId4VcIssuanceSessionRecord>"],"sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRepository.ts"],"sourcesContent":["import { EventEmitter, InjectionSymbols, inject, injectable, Repository, type StorageService } from '@credo-ts/core'\n\nimport { OpenId4VcIssuanceSessionRecord } from './OpenId4VcIssuanceSessionRecord'\n\n@injectable()\nexport class OpenId4VcIssuanceSessionRepository extends Repository<OpenId4VcIssuanceSessionRecord> {\n  public constructor(\n    @inject(InjectionSymbols.StorageService) storageService: StorageService<OpenId4VcIssuanceSessionRecord>,\n    eventEmitter: EventEmitter\n  ) {\n    super(OpenId4VcIssuanceSessionRecord, storageService, eventEmitter)\n  }\n}\n"],"mappings":";;;;;;;;AAKO,+CAAMA,6CAA2C,WAA2C;CACjG,AAAO,YACL,AAAyCC,gBACzC,cACA;AACA,QAAM,gCAAgC,gBAAgB,aAAa;;;;CANtE,YAAY;oBAGR,OAAO,iBAAiB,eAAe"}

package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.mts

@@ -0,0 +1,84 @@
+import { OpenId4VciAuthorizationServerConfig, OpenId4VciChainedAuthorizationServerConfig, OpenId4VciDirectAuthorizationServerConfig } from "../../shared/models/OpenId4VciAuthorizationServerConfig.mjs";
+import { OpenId4VcJwtIssuerEncoded } from "../../shared/models/OpenId4VcJwtIssuer.mjs";
+import { OpenId4VciCredentialConfigurationsSupportedWithFormats, OpenId4VciCredentialIssuerMetadataDisplay } from "../../shared/models/index.mjs";
+import "../../shared/index.mjs";
+import { OpenId4VciBatchCredentialIssuanceOptions } from "../OpenId4VcIssuerServiceOptions.mjs";
+import "../../index.mjs";
+import { BaseRecord, Kms, RecordTags, TagsBase } from "@credo-ts/core";
+
+//#region src/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.ts
+type OpenId4VcIssuerRecordTags = RecordTags<OpenId4VcIssuerRecord>;
+type DefaultOpenId4VcIssuerRecordTags = {
+  issuerId: string;
+};
+type OpenId4VcIssuerRecordSignedMetadata = {
+  signer: OpenId4VcJwtIssuerEncoded;
+  /**
+   * The credential issuer metadata as a signed JWT
+   */
+  jwt: string;
+};
+type OpenId4VcIssuerRecordProps = {
+  id?: string;
+  createdAt?: Date;
+  tags?: TagsBase;
+  issuerId: string;
+  /**
+   * The public jwk of the key used to sign access tokens for this issuer. Must include a `kid` parameter.
+   */
+  accessTokenPublicJwk: Kms.KmsJwkPublicAsymmetric;
+  /**
+   * The DPoP signing algorithms supported by this issuer.
+   * If not provided, dPoP is considered unsupported.
+   */
+  dpopSigningAlgValuesSupported?: [Kms.KnownJwaSignatureAlgorithm, ...Kms.KnownJwaSignatureAlgorithm[]];
+  display?: OpenId4VciCredentialIssuerMetadataDisplay[];
+  authorizationServerConfigs?: OpenId4VciAuthorizationServerConfig[];
+  credentialConfigurationsSupported: OpenId4VciCredentialConfigurationsSupportedWithFormats;
+  /**
+   * Indicate support for batch issuance of credentials
+   */
+  batchCredentialIssuance?: OpenId4VciBatchCredentialIssuanceOptions;
+  /**
+   * When signed metadata is supported, this stores the
+   * signed jwt and signer information to update the JWT in the future.
+   */
+  signedMetadata?: OpenId4VcIssuerRecordSignedMetadata;
+};
+/**
+ * For OID4VC you need to expose metadata files. Each issuer needs to host this metadata. This is not the case for DIDComm where we can just have one /didcomm endpoint.
+ * So we create a record per openid issuer/verifier that you want, and each tenant can create multiple issuers/verifiers which have different endpoints
+ * and metadata files
+ * */
+declare class OpenId4VcIssuerRecord extends BaseRecord<DefaultOpenId4VcIssuerRecordTags> {
+  static readonly type = "OpenId4VcIssuerRecord";
+  readonly type = "OpenId4VcIssuerRecord";
+  issuerId: string;
+  /**
+   * @deprecated accessTokenPublicJwk should be used
+   * @todo remove in migration
+   */
+  accessTokenPublicKeyFingerprint?: string;
+  accessTokenPublicJwk?: Kms.KmsJwkPublicAsymmetric;
+  /**
+   * Only here for class transformation. If credentialsSupported is set we transform
+   * it to the new credentialConfigurationsSupported format
+   */
+  private set credentialsSupported(value);
+  credentialConfigurationsSupported: OpenId4VciCredentialConfigurationsSupportedWithFormats;
+  display?: OpenId4VciCredentialIssuerMetadataDisplay[];
+  authorizationServerConfigs?: OpenId4VciAuthorizationServerConfig[];
+  dpopSigningAlgValuesSupported?: [Kms.KnownJwaSignatureAlgorithm, ...Kms.KnownJwaSignatureAlgorithm[]];
+  batchCredentialIssuance?: OpenId4VciBatchCredentialIssuanceOptions;
+  signedMetadata?: OpenId4VcIssuerRecordSignedMetadata;
+  get directAuthorizationServerConfigs(): OpenId4VciDirectAuthorizationServerConfig[] | undefined;
+  get chainedAuthorizationServerConfigs(): OpenId4VciChainedAuthorizationServerConfig[] | undefined;
+  get resolvedAccessTokenPublicJwk(): Kms.PublicJwk<Kms.Ed25519PublicJwk | Kms.P256PublicJwk | Kms.P384PublicJwk | Kms.P521PublicJwk | Kms.RsaPublicJwk | Kms.Secp256k1PublicJwk | Kms.X25519PublicJwk>;
+  constructor(props: OpenId4VcIssuerRecordProps);
+  getTags(): {
+    issuerId: string;
+  };
+}
+//#endregion
+export { DefaultOpenId4VcIssuerRecordTags, OpenId4VcIssuerRecord, OpenId4VcIssuerRecordProps, OpenId4VcIssuerRecordSignedMetadata, OpenId4VcIssuerRecordTags };
+//# sourceMappingURL=OpenId4VcIssuerRecord.d.mts.map

package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuerRecord.d.mts","names":[],"sources":["../../../src/openid4vc-issuer/repository/OpenId4VcIssuerRecord.ts"],"sourcesContent":[],"mappings":";;;;;;;;;KAWY,yBAAA,GAA4B,WAAW;KAEvC,gCAAA;;;KAIA,mCAAA;UACF;EAPE;AAEZ;AAIA;EASY,GAAA,EAAA,MAAA;CAEE;AACL,KAHG,0BAAA,GAGH;EAOe,EAAI,CAAA,EAAA,MAAA;EAMO,SAAI,CAAA,EAdzB,IAcyB;EAA+B,IAAI,CAAA,EAbjE,QAaiE;EAE9D,QAAA,EAAA,MAAA;EACmB;;;EAaZ,oBAAA,EAtBK,GAAA,CAAI,sBAsBT;EAAmC;AAQtD;;;EA0B6C,6BAAA,CAAA,EAAA,CAlDV,GAAA,CAAI,0BAkDM,EAAA,GAlDyB,GAAA,CAAI,0BAkD7B,EAAA,CAAA;EAuB1B,OAAA,CAAA,EAvEP,yCAuEO,EAAA;EAmBmB,0BAAA,CAAA,EAzFP,mCAyFO,EAAA;EAEI,iCAAI,EAzFT,sDAyFS;EAA+B;;;EAGhB,uBAAA,CAAA,EAvFjC,wCAuFiC;EAEhB;;;;EAQJ,cAAA,CAAA,EA3FtB,mCA2FsB;CAAA;;;;;;AAnFY,cAAxC,qBAAA,SAA8B,UAAU,CAAC,gCAAD,CAAA,CAAA;;;;;;;;;yBAWrB,GAAA,CAAI;;;;;;qCAeS;YAuB1B;+BAmBmB;mCAEI,GAAA,CAAI,+BAA+B,GAAA,CAAI;4BAC9C;mBAET;0CAAmC,yCAAA;2CAEhB,0CAAA;sCAQJ,GAAA,CAAA,UAAA,GAAA,CAAA,mBAAA,GAAA,CAAA,gBAAA,GAAA,CAAA,gBAAA,GAAA,CAAA,gBAAA,GAAA,CAAA,eAAA,GAAA,CAAA,qBAAA,GAAA,CAAA;qBAiBb"}