npm - @credo-ts/openid4vc - Versions diffs - 0.6.1-pr-2091-20241119140918 → 0.6.1 - Mend

@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (409) hide show

package/build/shared/callbacks.mjs ADDED Viewed

@@ -0,0 +1,279 @@
+import { getPublicJwkFromDid } from "./utils.mjs";
+import { AgentContext, Buffer, CredoError, Hasher, JsonEncoder, JwsService, JwtPayload, Kms, TypedArrayEncoder, X509Certificate, X509ModuleConfig, X509Service } from "@credo-ts/core";
+import { clientAuthenticationDynamic, decodeJwtHeader } from "@openid4vc/oauth2";
+//#region src/shared/callbacks.ts
+function getOid4vcJwtVerifyCallback(agentContext, options) {
+	const jwsService = agentContext.dependencyManager.resolve(JwsService);
+	return async (signer, { compact, header, payload }) => {
+		let trustedCertificates = options?.trustedCertificates;
+		if (signer.method === "x5c" && (header.typ === "oauth-authz-req+jwt" || options?.isAuthorizationRequestJwt) && !trustedCertificates) {
+			const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig);
+			const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert));
+			trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+				certificateChain,
+				verification: {
+					type: "oauth2SecuredAuthorizationRequest",
+					authorizationRequest: {
+						jwt: compact,
+						payload: JwtPayload.fromJson(payload)
+					}
+				}
+			});
+		}
+		if (signer.method === "x5c" && (header.typ === "keyattestation+jwt" || header.typ === "key-attestation+jwt") && options?.issuanceSessionId && !trustedCertificates) {
+			const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig);
+			const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert));
+			trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+				certificateChain,
+				verification: {
+					type: "openId4VciKeyAttestation",
+					openId4VcIssuanceSessionId: options.issuanceSessionId,
+					keyAttestation: {
+						jwt: compact,
+						payload: JwtPayload.fromJson(payload)
+					}
+				}
+			});
+		}
+		if (signer.method === "x5c" && header.typ === "openidvci-issuer-metadata+jwt" && !trustedCertificates) {
+			const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig);
+			const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert));
+			trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+				certificateChain,
+				verification: {
+					type: "openId4VciCredentialIssuerMetadata",
+					credentialIssuerMetadata: {
+						jwt: compact,
+						payload: JwtPayload.fromJson(payload)
+					}
+				}
+			});
+		}
+		if (signer.method === "x5c" && header.typ === "oauth-client-attestation+jwt" && options?.issuanceSessionId && !trustedCertificates) {
+			const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig);
+			const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert));
+			trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+				certificateChain,
+				verification: {
+					type: "oauth2ClientAttestation",
+					openId4VcIssuanceSessionId: options.issuanceSessionId,
+					clientAttestation: {
+						jwt: compact,
+						payload: JwtPayload.fromJson(payload)
+					}
+				}
+			});
+		}
+		const alg = signer.alg;
+		if (!Object.values(Kms.KnownJwaSignatureAlgorithms).includes(alg)) throw new CredoError(`Unsupported jwa signatre algorithm '${alg}'`);
+		const jwsSigner = signer.method === "did" ? {
+			method: "did",
+			didUrl: signer.didUrl,
+			jwk: await getPublicJwkFromDid(agentContext, signer.didUrl)
+		} : signer.method === "jwk" ? {
+			method: "jwk",
+			jwk: Kms.PublicJwk.fromUnknown(signer.publicJwk)
+		} : signer.method === "x5c" ? {
+			method: "x5c",
+			x5c: signer.x5c,
+			jwk: X509Certificate.fromEncodedCertificate(signer.x5c[0]).publicJwk
+		} : void 0;
+		if (!jwsSigner) throw new CredoError(`Unable to verify jws with unsupported jws signer method '${signer.method}'`);
+		const { isValid, jwsSigners } = await jwsService.verifyJws(agentContext, {
+			jws: compact,
+			trustedCertificates,
+			jwsSigner
+		});
+		if (!isValid) return {
+			verified: false,
+			signerJwk: void 0
+		};
+		return {
+			verified: true,
+			signerJwk: jwsSigners[0].jwk.toJson()
+		};
+	};
+}
+function getOid4vcEncryptJweCallback(agentContext) {
+	const kms = agentContext.dependencyManager.resolve(Kms.KeyManagementApi);
+	return async (jweEncryptor, compact) => {
+		if (jweEncryptor.method !== "jwk") throw new CredoError(`Jwt encryption method '${jweEncryptor.method}' is not supported for jwt signer. Only 'jwk' is supported.`);
+		const jwk = Kms.PublicJwk.fromUnknown(jweEncryptor.publicJwk);
+		if (!jwk.hasKeyId) throw new CredoError("Expected kid to be defined on the JWK");
+		if (jweEncryptor.alg !== "ECDH-ES") throw new CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption");
+		if (jweEncryptor.enc !== "A256GCM" && jweEncryptor.enc !== "A128GCM" && jweEncryptor.enc !== "A128CBC-HS256") throw new CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response encryption");
+		const jwkJson = jwk.toJson();
+		if (jwkJson.kty !== "EC" && jwkJson.kty !== "OKP") throw new CredoError(`Expected EC or OKP jwk for encryption, found ${Kms.getJwkHumanDescription(jwkJson)}`);
+		if (jwkJson.crv === "Ed25519") throw new CredoError(`Expected ${jwkJson.kty} with crv X25519, found ${Kms.getJwkHumanDescription(jwkJson)}`);
+		const ephmeralKey = await kms.createKey({ type: jwkJson });
+		try {
+			const header = {
+				kid: jweEncryptor.publicJwk.kid,
+				apu: jweEncryptor.apu,
+				apv: jweEncryptor.apv,
+				enc: jweEncryptor.enc,
+				alg: "ECDH-ES",
+				epk: ephmeralKey.publicJwk
+			};
+			const encodedHeader = JsonEncoder.toBase64URL(header);
+			const encrypted = await kms.encrypt({
+				key: { keyAgreement: {
+					keyId: ephmeralKey.keyId,
+					algorithm: "ECDH-ES",
+					apu: jweEncryptor.apu ? TypedArrayEncoder.fromBase64(jweEncryptor.apu) : void 0,
+					apv: jweEncryptor.apv ? TypedArrayEncoder.fromBase64(jweEncryptor.apv) : void 0,
+					externalPublicJwk: jwkJson
+				} },
+				data: Buffer.from(compact),
+				encryption: {
+					algorithm: jweEncryptor.enc,
+					aad: Buffer.from(encodedHeader)
+				}
+			});
+			if (!encrypted.iv || !encrypted.tag) throw new CredoError("Expected 'iv' and 'tag' to be defined");
+			const compactJwe = `${encodedHeader}..${TypedArrayEncoder.toBase64URL(encrypted.iv)}.${TypedArrayEncoder.toBase64URL(encrypted.encrypted)}.${TypedArrayEncoder.toBase64URL(encrypted.tag)}`;
+			return {
+				encryptionJwk: jweEncryptor.publicJwk,
+				jwe: compactJwe
+			};
+		} finally {
+			await kms.deleteKey({ keyId: ephmeralKey.keyId });
+		}
+	};
+}
+function getOid4vcDecryptJweCallback(agentContext) {
+	const kms = agentContext.resolve(Kms.KeyManagementApi);
+	return async (jwe, options) => {
+		const { header } = decodeJwtHeader({ jwt: jwe });
+		let kid = options?.jwk?.kid ?? header.kid;
+		if (!kid) throw new CredoError("Uanbel to decrypt jwe. No kid or jwk found");
+		if (kid.startsWith("z")) try {
+			const publicJwk$1 = Kms.PublicJwk.fromFingerprint(kid);
+			if (publicJwk$1) kid = publicJwk$1.legacyKeyId;
+		} catch {}
+		const [encodedHeader, , encodedIv, encodedCiphertext, encodedTag] = jwe.split(".");
+		if (header.alg !== "ECDH-ES") throw new CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response decryption");
+		if (header.enc !== "A256GCM" && header.enc !== "A128GCM" && header.enc !== "A128CBC-HS256") throw new CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response decryption");
+		let decryptedPayload;
+		let publicJwk;
+		const epk = Kms.PublicJwk.fromUnknown(header.epk);
+		try {
+			const decrypted = await kms.decrypt({
+				encrypted: TypedArrayEncoder.fromBase64(encodedCiphertext),
+				decryption: {
+					algorithm: header.enc,
+					aad: TypedArrayEncoder.fromString(encodedHeader),
+					iv: TypedArrayEncoder.fromBase64(encodedIv),
+					tag: TypedArrayEncoder.fromBase64(encodedTag)
+				},
+				key: { keyAgreement: {
+					algorithm: header.alg,
+					externalPublicJwk: epk.toJson(),
+					keyId: kid,
+					apu: typeof header.apu === "string" ? TypedArrayEncoder.fromBase64(header.apu) : void 0,
+					apv: typeof header.apv === "string" ? TypedArrayEncoder.fromBase64(header.apv) : void 0
+				} }
+			});
+			publicJwk = Kms.PublicJwk.fromUnknown(await kms.getPublicKey({ keyId: kid }));
+			decryptedPayload = TypedArrayEncoder.toUtf8String(decrypted.data);
+		} catch (error) {
+			agentContext.config.logger.error("Error decrypting JWE", { error });
+			return {
+				decrypted: false,
+				encryptionJwk: options?.jwk,
+				payload: void 0,
+				header
+			};
+		}
+		return {
+			decrypted: true,
+			decryptionJwk: publicJwk.toJson(),
+			payload: decryptedPayload,
+			header
+		};
+	};
+}
+function getOid4vcJwtSignCallback(agentContext) {
+	const jwsService = agentContext.dependencyManager.resolve(JwsService);
+	return async (signer, { payload, header }) => {
+		if (signer.method === "custom" || signer.method === "federation") throw new CredoError(`Jwt signer method 'custom' and 'federation' are not supported for jwt signer.`);
+		if (signer.method === "x5c") {
+			const leafCertificate = X509Service.getLeafCertificate(agentContext, { certificateChain: signer.x5c });
+			return {
+				jwt: await jwsService.createJwsCompact(agentContext, {
+					protectedHeaderOptions: {
+						...header,
+						alg: signer.alg,
+						jwk: void 0
+					},
+					payload: JwtPayload.fromJson(payload),
+					keyId: signer.kid ?? leafCertificate.publicJwk.keyId
+				}),
+				signerJwk: leafCertificate.publicJwk.toJson()
+			};
+		}
+		const publicJwk = signer.method === "did" ? await getPublicJwkFromDid(agentContext, signer.didUrl) : Kms.PublicJwk.fromUnknown(signer.publicJwk);
+		if (!publicJwk.supportedSignatureAlgorithms.includes(signer.alg)) throw new CredoError(`jwk ${publicJwk.jwkTypeHumanDescription} does not support JWS signature alg '${signer.alg}'`);
+		return {
+			jwt: await jwsService.createJwsCompact(agentContext, {
+				protectedHeaderOptions: {
+					...header,
+					jwk: header.jwk ? publicJwk : void 0,
+					alg: signer.alg
+				},
+				payload: JsonEncoder.toBuffer(payload),
+				keyId: signer.kid ?? publicJwk.keyId
+			}),
+			signerJwk: publicJwk.toJson()
+		};
+	};
+}
+function getOid4vcCallbacks(agentContext, options) {
+	const kms = agentContext.resolve(Kms.KeyManagementApi);
+	return {
+		hash: (data, alg) => Hasher.hash(data, alg.toLowerCase()),
+		generateRandom: (length) => kms.randomBytes({ length }),
+		signJwt: getOid4vcJwtSignCallback(agentContext),
+		clientAuthentication: () => {
+			throw new CredoError("Did not expect client authentication to be called.");
+		},
+		verifyJwt: getOid4vcJwtVerifyCallback(agentContext, {
+			trustedCertificates: options?.trustedCertificates,
+			isAuthorizationRequestJwt: options?.isVerifyOpenId4VpAuthorizationRequest,
+			issuanceSessionId: options?.issuanceSessionId
+		}),
+		fetch: agentContext.config.agentDependencies.fetch,
+		encryptJwe: getOid4vcEncryptJweCallback(agentContext),
+		decryptJwe: getOid4vcDecryptJweCallback(agentContext),
+		getX509CertificateMetadata: (certificate) => {
+			const leafCertificate = X509Service.getLeafCertificate(agentContext, { certificateChain: [certificate] });
+			return {
+				sanDnsNames: leafCertificate.sanDnsNames,
+				sanUriNames: leafCertificate.sanUriNames
+			};
+		}
+	};
+}
+/**
+* Allows us to authenticate when making requests to an external
+* authorization server
+*/
+function dynamicOid4vciClientAuthentication(agentContext, issuerRecord) {
+	return (callbackOptions) => {
+		const authorizationServer = issuerRecord.authorizationServerConfigs?.find((a) => a.issuer === callbackOptions.authorizationServerMetadata.issuer);
+		if (!authorizationServer) {
+			agentContext.config.logger.debug(`Unknown authorization server '${callbackOptions.authorizationServerMetadata.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'`);
+			return;
+		}
+		if (!authorizationServer.clientAuthentication) throw new CredoError(`Unable to authenticate to authorization server '${authorizationServer.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'. Make sure to configure a 'clientId' and 'clientSecret' for the authorization server on the issuer record.`);
+		return clientAuthenticationDynamic({
+			clientId: authorizationServer.clientAuthentication.clientId,
+			clientSecret: authorizationServer.clientAuthentication.clientSecret
+		})(callbackOptions);
+	};
+}
+//#endregion
+export { dynamicOid4vciClientAuthentication, getOid4vcCallbacks, getOid4vcDecryptJweCallback, getOid4vcEncryptJweCallback, getOid4vcJwtSignCallback, getOid4vcJwtVerifyCallback };
+//# sourceMappingURL=callbacks.mjs.map

package/build/shared/callbacks.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"callbacks.mjs","names":["jwsSigner: JwsSignerWithJwk | undefined","publicJwk","decryptedPayload: string","publicJwk: Kms.PublicJwk"],"sources":["../../src/shared/callbacks.ts"],"sourcesContent":["import {\n AgentContext,\n Buffer,\n CredoError,\n Hasher,\n JsonEncoder,\n JwsService,\n type JwsSignerWithJwk,\n JwtPayload,\n Kms,\n TypedArrayEncoder,\n X509Certificate,\n X509ModuleConfig,\n X509Service,\n} from '@credo-ts/core'\nimport type {\n CallbackContext,\n ClientAuthenticationCallback,\n DecryptJweCallback,\n EncryptJweCallback,\n Jwk,\n SignJwtCallback,\n VerifyJwtCallback,\n} from '@openid4vc/oauth2'\nimport { clientAuthenticationDynamic, decodeJwtHeader } from '@openid4vc/oauth2'\nimport type { OpenId4VcIssuerRecord } from '../openid4vc-issuer/repository'\n\nimport { getPublicJwkFromDid } from './utils'\n\nexport function getOid4vcJwtVerifyCallback(\n agentContext: AgentContext,\n options?: {\n trustedCertificates?: string[]\n\n issuanceSessionId?: string\n\n /**\n * Whether this verification callback should assume a JAR authorization is verified\n * Starting from OID4VP draft 24 the JAR must use oauth-authz-req+jwt header typ\n * but for backwards compatiblity we need to also handle the case where the header typ is different\n * @default false\n */\n isAuthorizationRequestJwt?: boolean\n }\n): VerifyJwtCallback {\n const jwsService = agentContext.dependencyManager.resolve(JwsService)\n\n return async (signer, { compact, header, payload }) => {\n let trustedCertificates = options?.trustedCertificates\n if (\n signer.method === 'x5c' &&\n (header.typ === 'oauth-authz-req+jwt' || options?.isAuthorizationRequestJwt) &&\n !trustedCertificates\n ) {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'oauth2SecuredAuthorizationRequest',\n authorizationRequest: {\n jwt: compact,\n payload: JwtPayload.fromJson(payload),\n },\n },\n })\n }\n\n if (\n signer.method === 'x5c' &&\n (header.typ === 'keyattestation+jwt' || header.typ === 'key-attestation+jwt') &&\n options?.issuanceSessionId &&\n !trustedCertificates\n ) {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'openId4VciKeyAttestation',\n openId4VcIssuanceSessionId: options.issuanceSessionId,\n keyAttestation: {\n jwt: compact,\n payload: JwtPayload.fromJson(payload),\n },\n },\n })\n }\n\n if (signer.method === 'x5c' && header.typ === 'openidvci-issuer-metadata+jwt' && !trustedCertificates) {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'openId4VciCredentialIssuerMetadata',\n credentialIssuerMetadata: {\n jwt: compact,\n payload: JwtPayload.fromJson(payload),\n },\n },\n })\n }\n\n if (\n signer.method === 'x5c' &&\n header.typ === 'oauth-client-attestation+jwt' &&\n options?.issuanceSessionId &&\n !trustedCertificates\n ) {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = signer.x5c?.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'oauth2ClientAttestation',\n openId4VcIssuanceSessionId: options.issuanceSessionId,\n clientAttestation: {\n jwt: compact,\n payload: JwtPayload.fromJson(payload),\n },\n },\n })\n }\n\n const alg = signer.alg as Kms.KnownJwaSignatureAlgorithm\n if (!Object.values(Kms.KnownJwaSignatureAlgorithms).includes(alg)) {\n throw new CredoError(`Unsupported jwa signatre algorithm '${alg}'`)\n }\n\n const jwsSigner: JwsSignerWithJwk | undefined =\n signer.method === 'did'\n ? {\n method: 'did',\n didUrl: signer.didUrl,\n jwk: await getPublicJwkFromDid(agentContext, signer.didUrl),\n }\n : signer.method === 'jwk'\n ? {\n method: 'jwk',\n jwk: Kms.PublicJwk.fromUnknown(signer.publicJwk),\n }\n : signer.method === 'x5c'\n ? {\n method: 'x5c',\n x5c: signer.x5c,\n jwk: X509Certificate.fromEncodedCertificate(signer.x5c[0]).publicJwk,\n }\n : undefined\n\n if (!jwsSigner) {\n throw new CredoError(`Unable to verify jws with unsupported jws signer method '${signer.method}'`)\n }\n\n const { isValid, jwsSigners } = await jwsService.verifyJws(agentContext, {\n jws: compact,\n trustedCertificates,\n jwsSigner,\n })\n\n if (!isValid) {\n return { verified: false, signerJwk: undefined }\n }\n\n const signerJwk = jwsSigners[0].jwk.toJson() as Jwk\n return { verified: true, signerJwk }\n }\n}\n\nexport function getOid4vcEncryptJweCallback(agentContext: AgentContext): EncryptJweCallback {\n const kms = agentContext.dependencyManager.resolve(Kms.KeyManagementApi)\n\n return async (jweEncryptor, compact) => {\n if (jweEncryptor.method !== 'jwk') {\n throw new CredoError(\n `Jwt encryption method '${jweEncryptor.method}' is not supported for jwt signer. Only 'jwk' is supported.`\n )\n }\n\n // TODO: we should probably add a key id or ference to the jweEncryptor/jwsSigner in\n // oid4vc-ts so we can keep a reference to the key\n const jwk = Kms.PublicJwk.fromUnknown(jweEncryptor.publicJwk)\n if (!jwk.hasKeyId) {\n throw new CredoError('Expected kid to be defined on the JWK')\n }\n\n if (jweEncryptor.alg !== 'ECDH-ES') {\n throw new CredoError(\"Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption\")\n }\n\n if (jweEncryptor.enc !== 'A256GCM' && jweEncryptor.enc !== 'A128GCM' && jweEncryptor.enc !== 'A128CBC-HS256') {\n throw new CredoError(\n \"Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response encryption\"\n )\n }\n\n const jwkJson = jwk.toJson()\n if (jwkJson.kty !== 'EC' && jwkJson.kty !== 'OKP') {\n throw new CredoError(`Expected EC or OKP jwk for encryption, found ${Kms.getJwkHumanDescription(jwkJson)}`)\n }\n\n if (jwkJson.crv === 'Ed25519') {\n throw new CredoError(`Expected ${jwkJson.kty} with crv X25519, found ${Kms.getJwkHumanDescription(jwkJson)}`)\n }\n\n // TODO: create a JWE service that handles this\n const ephmeralKey = await kms.createKey({\n type: jwkJson,\n })\n\n try {\n const header = {\n kid: jweEncryptor.publicJwk.kid,\n apu: jweEncryptor.apu,\n apv: jweEncryptor.apv,\n enc: jweEncryptor.enc,\n alg: 'ECDH-ES',\n epk: ephmeralKey.publicJwk,\n }\n const encodedHeader = JsonEncoder.toBase64URL(header)\n\n const encrypted = await kms.encrypt({\n key: {\n keyAgreement: {\n // FIXME: We can make the keyId optional for ECDH-ES\n // That way we don't have to store the key\n keyId: ephmeralKey.keyId,\n algorithm: 'ECDH-ES',\n apu: jweEncryptor.apu ? TypedArrayEncoder.fromBase64(jweEncryptor.apu) : undefined,\n apv: jweEncryptor.apv ? TypedArrayEncoder.fromBase64(jweEncryptor.apv) : undefined,\n externalPublicJwk: jwkJson,\n },\n },\n data: Buffer.from(compact),\n encryption: {\n algorithm: jweEncryptor.enc,\n aad: Buffer.from(encodedHeader),\n },\n })\n\n if (!encrypted.iv || !encrypted.tag) {\n throw new CredoError(\"Expected 'iv' and 'tag' to be defined\")\n }\n\n const compactJwe = `${encodedHeader}..${TypedArrayEncoder.toBase64URL(encrypted.iv)}.${TypedArrayEncoder.toBase64URL(\n encrypted.encrypted\n )}.${TypedArrayEncoder.toBase64URL(encrypted.tag)}`\n\n return { encryptionJwk: jweEncryptor.publicJwk, jwe: compactJwe }\n } finally {\n // Delete the key\n await kms.deleteKey({\n keyId: ephmeralKey.keyId,\n })\n }\n }\n}\n\nexport function getOid4vcDecryptJweCallback(agentContext: AgentContext): DecryptJweCallback {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n return async (jwe, options) => {\n // TODO: use custom header zod schema to limit which algorithms can be used\n const { header } = decodeJwtHeader({ jwt: jwe })\n\n let kid = options?.jwk?.kid ?? header.kid\n if (!kid) {\n throw new CredoError('Uanbel to decrypt jwe. No kid or jwk found')\n }\n\n // Previously we used the fingerprint as the kid for JARM\n // We try to parse it as fingerprint if it starts with z (base58 encoding)\n // It's not 100%\n if (kid.startsWith('z')) {\n try {\n const publicJwk = Kms.PublicJwk.fromFingerprint(kid)\n if (publicJwk) kid = publicJwk.legacyKeyId\n } catch {\n // no-op\n }\n }\n\n // TODO: decodeJwe method in oid4vc-ts\n // encryption key is not used (we don't use key wrapping)\n const [encodedHeader /* encryptionKey */, , encodedIv, encodedCiphertext, encodedTag] = jwe.split('.')\n\n if (header.alg !== 'ECDH-ES') {\n throw new CredoError(\"Only 'ECDH-ES' is supported as 'alg' value for JARM response decryption\")\n }\n\n if (header.enc !== 'A256GCM' && header.enc !== 'A128GCM' && header.enc !== 'A128CBC-HS256') {\n throw new CredoError(\n \"Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response decryption\"\n )\n }\n\n let decryptedPayload: string\n let publicJwk: Kms.PublicJwk\n\n const epk = Kms.PublicJwk.fromUnknown(header.epk)\n\n try {\n const decrypted = await kms.decrypt({\n encrypted: TypedArrayEncoder.fromBase64(encodedCiphertext),\n decryption: {\n algorithm: header.enc,\n // aad is the base64 encoded bytes (not just the bytes)\n aad: TypedArrayEncoder.fromString(encodedHeader),\n iv: TypedArrayEncoder.fromBase64(encodedIv),\n tag: TypedArrayEncoder.fromBase64(encodedTag),\n },\n key: {\n keyAgreement: {\n algorithm: header.alg,\n externalPublicJwk: epk.toJson() as Kms.KmsJwkPublicEcdh,\n keyId: kid,\n apu: typeof header.apu === 'string' ? TypedArrayEncoder.fromBase64(header.apu) : undefined,\n apv: typeof header.apv === 'string' ? TypedArrayEncoder.fromBase64(header.apv) : undefined,\n },\n },\n })\n\n // TODO: decrypt should return the public jwk instance\n publicJwk = Kms.PublicJwk.fromUnknown(\n await kms.getPublicKey({\n keyId: kid,\n })\n )\n\n decryptedPayload = TypedArrayEncoder.toUtf8String(decrypted.data)\n } catch (error) {\n agentContext.config.logger.error('Error decrypting JWE', {\n error,\n })\n return {\n decrypted: false,\n encryptionJwk: options?.jwk,\n payload: undefined,\n header,\n }\n }\n\n return {\n decrypted: true,\n decryptionJwk: publicJwk.toJson() as Jwk,\n payload: decryptedPayload,\n header,\n }\n }\n}\n\nexport function getOid4vcJwtSignCallback(agentContext: AgentContext): SignJwtCallback {\n const jwsService = agentContext.dependencyManager.resolve(JwsService)\n\n return async (signer, { payload, header }) => {\n if (signer.method === 'custom' || signer.method === 'federation') {\n throw new CredoError(`Jwt signer method 'custom' and 'federation' are not supported for jwt signer.`)\n }\n\n if (signer.method === 'x5c') {\n const leafCertificate = X509Service.getLeafCertificate(agentContext, { certificateChain: signer.x5c })\n\n const jws = await jwsService.createJwsCompact(agentContext, {\n protectedHeaderOptions: { ...header, alg: signer.alg as Kms.KnownJwaSignatureAlgorithm, jwk: undefined },\n payload: JwtPayload.fromJson(payload),\n keyId: signer.kid ?? leafCertificate.publicJwk.keyId,\n })\n\n return { jwt: jws, signerJwk: leafCertificate.publicJwk.toJson() as Jwk }\n }\n\n // TOOD: createJwsCompact should return the Jwk, so we don't have to reoslve it here\n const publicJwk =\n signer.method === 'did'\n ? await getPublicJwkFromDid(agentContext, signer.didUrl)\n : Kms.PublicJwk.fromUnknown(signer.publicJwk)\n\n if (!publicJwk.supportedSignatureAlgorithms.includes(signer.alg as Kms.KnownJwaSignatureAlgorithm)) {\n throw new CredoError(\n `jwk ${publicJwk.jwkTypeHumanDescription} does not support JWS signature alg '${signer.alg}'`\n )\n }\n\n const jwt = await jwsService.createJwsCompact(agentContext, {\n protectedHeaderOptions: {\n ...header,\n jwk: header.jwk ? publicJwk : undefined,\n alg: signer.alg as Kms.KnownJwaSignatureAlgorithm,\n },\n payload: JsonEncoder.toBuffer(payload),\n keyId: signer.kid ?? publicJwk.keyId,\n })\n\n return { jwt, signerJwk: publicJwk.toJson() as Jwk }\n }\n}\n\nexport function getOid4vcCallbacks(\n agentContext: AgentContext,\n options?: {\n trustedCertificates?: string[]\n isVerifyOpenId4VpAuthorizationRequest?: boolean\n issuanceSessionId?: string\n }\n) {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n\n return {\n hash: (data, alg) => Hasher.hash(data, alg.toLowerCase()),\n generateRandom: (length) => kms.randomBytes({ length }),\n signJwt: getOid4vcJwtSignCallback(agentContext),\n clientAuthentication: () => {\n throw new CredoError('Did not expect client authentication to be called.')\n },\n verifyJwt: getOid4vcJwtVerifyCallback(agentContext, {\n trustedCertificates: options?.trustedCertificates,\n isAuthorizationRequestJwt: options?.isVerifyOpenId4VpAuthorizationRequest,\n issuanceSessionId: options?.issuanceSessionId,\n }),\n fetch: agentContext.config.agentDependencies.fetch,\n encryptJwe: getOid4vcEncryptJweCallback(agentContext),\n decryptJwe: getOid4vcDecryptJweCallback(agentContext),\n getX509CertificateMetadata: (certificate: string) => {\n const leafCertificate = X509Service.getLeafCertificate(agentContext, { certificateChain: [certificate] })\n return {\n sanDnsNames: leafCertificate.sanDnsNames,\n sanUriNames: leafCertificate.sanUriNames,\n }\n },\n } satisfies Partial<CallbackContext>\n}\n\n/**\n * Allows us to authenticate when making requests to an external\n * authorization server\n */\nexport function dynamicOid4vciClientAuthentication(\n agentContext: AgentContext,\n issuerRecord: OpenId4VcIssuerRecord\n): ClientAuthenticationCallback {\n return (callbackOptions) => {\n const authorizationServer = issuerRecord.authorizationServerConfigs?.find(\n (a) => a.issuer === callbackOptions.authorizationServerMetadata.issuer\n )\n\n if (!authorizationServer) {\n // No client authentication if authorization server is not configured\n agentContext.config.logger.debug(\n `Unknown authorization server '${callbackOptions.authorizationServerMetadata.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'`\n )\n return\n }\n\n if (!authorizationServer.clientAuthentication) {\n throw new CredoError(\n `Unable to authenticate to authorization server '${authorizationServer.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'. Make sure to configure a 'clientId' and 'clientSecret' for the authorization server on the issuer record.`\n )\n }\n\n return clientAuthenticationDynamic({\n clientId: authorizationServer.clientAuthentication.clientId,\n clientSecret: authorizationServer.clientAuthentication.clientSecret,\n })(callbackOptions)\n }\n}\n"],"mappings":";;;;;AA6BA,SAAgB,2BACd,cACA,SAamB;CACnB,MAAM,aAAa,aAAa,kBAAkB,QAAQ,WAAW;AAErE,QAAO,OAAO,QAAQ,EAAE,SAAS,QAAQ,cAAc;EACrD,IAAI,sBAAsB,SAAS;AACnC,MACE,OAAO,WAAW,UACjB,OAAO,QAAQ,yBAAyB,SAAS,8BAClD,CAAC,qBACD;GACA,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;GAC3E,MAAM,mBAAmB,OAAO,KAAK,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAEhG,yBAAsB,MAAM,WAAW,wCAAwC,cAAc;IAC3F;IACA,cAAc;KACZ,MAAM;KACN,sBAAsB;MACpB,KAAK;MACL,SAAS,WAAW,SAAS,QAAQ;MACtC;KACF;IACF,CAAC;;AAGJ,MACE,OAAO,WAAW,UACjB,OAAO,QAAQ,wBAAwB,OAAO,QAAQ,0BACvD,SAAS,qBACT,CAAC,qBACD;GACA,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;GAC3E,MAAM,mBAAmB,OAAO,KAAK,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAEhG,yBAAsB,MAAM,WAAW,wCAAwC,cAAc;IAC3F;IACA,cAAc;KACZ,MAAM;KACN,4BAA4B,QAAQ;KACpC,gBAAgB;MACd,KAAK;MACL,SAAS,WAAW,SAAS,QAAQ;MACtC;KACF;IACF,CAAC;;AAGJ,MAAI,OAAO,WAAW,SAAS,OAAO,QAAQ,mCAAmC,CAAC,qBAAqB;GACrG,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;GAC3E,MAAM,mBAAmB,OAAO,KAAK,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAEhG,yBAAsB,MAAM,WAAW,wCAAwC,cAAc;IAC3F;IACA,cAAc;KACZ,MAAM;KACN,0BAA0B;MACxB,KAAK;MACL,SAAS,WAAW,SAAS,QAAQ;MACtC;KACF;IACF,CAAC;;AAGJ,MACE,OAAO,WAAW,SAClB,OAAO,QAAQ,kCACf,SAAS,qBACT,CAAC,qBACD;GACA,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;GAC3E,MAAM,mBAAmB,OAAO,KAAK,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAEhG,yBAAsB,MAAM,WAAW,wCAAwC,cAAc;IAC3F;IACA,cAAc;KACZ,MAAM;KACN,4BAA4B,QAAQ;KACpC,mBAAmB;MACjB,KAAK;MACL,SAAS,WAAW,SAAS,QAAQ;MACtC;KACF;IACF,CAAC;;EAGJ,MAAM,MAAM,OAAO;AACnB,MAAI,CAAC,OAAO,OAAO,IAAI,4BAA4B,CAAC,SAAS,IAAI,CAC/D,OAAM,IAAI,WAAW,uCAAuC,IAAI,GAAG;EAGrE,MAAMA,YACJ,OAAO,WAAW,QACd;GACE,QAAQ;GACR,QAAQ,OAAO;GACf,KAAK,MAAM,oBAAoB,cAAc,OAAO,OAAO;GAC5D,GACD,OAAO,WAAW,QAChB;GACE,QAAQ;GACR,KAAK,IAAI,UAAU,YAAY,OAAO,UAAU;GACjD,GACD,OAAO,WAAW,QAChB;GACE,QAAQ;GACR,KAAK,OAAO;GACZ,KAAK,gBAAgB,uBAAuB,OAAO,IAAI,GAAG,CAAC;GAC5D,GACD;AAEV,MAAI,CAAC,UACH,OAAM,IAAI,WAAW,4DAA4D,OAAO,OAAO,GAAG;EAGpG,MAAM,EAAE,SAAS,eAAe,MAAM,WAAW,UAAU,cAAc;GACvE,KAAK;GACL;GACA;GACD,CAAC;AAEF,MAAI,CAAC,QACH,QAAO;GAAE,UAAU;GAAO,WAAW;GAAW;AAIlD,SAAO;GAAE,UAAU;GAAM,WADP,WAAW,GAAG,IAAI,QAAQ;GACR;;;AAIxC,SAAgB,4BAA4B,cAAgD;CAC1F,MAAM,MAAM,aAAa,kBAAkB,QAAQ,IAAI,iBAAiB;AAExE,QAAO,OAAO,cAAc,YAAY;AACtC,MAAI,aAAa,WAAW,MAC1B,OAAM,IAAI,WACR,0BAA0B,aAAa,OAAO,6DAC/C;EAKH,MAAM,MAAM,IAAI,UAAU,YAAY,aAAa,UAAU;AAC7D,MAAI,CAAC,IAAI,SACP,OAAM,IAAI,WAAW,wCAAwC;AAG/D,MAAI,aAAa,QAAQ,UACvB,OAAM,IAAI,WAAW,0EAA0E;AAGjG,MAAI,aAAa,QAAQ,aAAa,aAAa,QAAQ,aAAa,aAAa,QAAQ,gBAC3F,OAAM,IAAI,WACR,0GACD;EAGH,MAAM,UAAU,IAAI,QAAQ;AAC5B,MAAI,QAAQ,QAAQ,QAAQ,QAAQ,QAAQ,MAC1C,OAAM,IAAI,WAAW,gDAAgD,IAAI,uBAAuB,QAAQ,GAAG;AAG7G,MAAI,QAAQ,QAAQ,UAClB,OAAM,IAAI,WAAW,YAAY,QAAQ,IAAI,0BAA0B,IAAI,uBAAuB,QAAQ,GAAG;EAI/G,MAAM,cAAc,MAAM,IAAI,UAAU,EACtC,MAAM,SACP,CAAC;AAEF,MAAI;GACF,MAAM,SAAS;IACb,KAAK,aAAa,UAAU;IAC5B,KAAK,aAAa;IAClB,KAAK,aAAa;IAClB,KAAK,aAAa;IAClB,KAAK;IACL,KAAK,YAAY;IAClB;GACD,MAAM,gBAAgB,YAAY,YAAY,OAAO;GAErD,MAAM,YAAY,MAAM,IAAI,QAAQ;IAClC,KAAK,EACH,cAAc;KAGZ,OAAO,YAAY;KACnB,WAAW;KACX,KAAK,aAAa,MAAM,kBAAkB,WAAW,aAAa,IAAI,GAAG;KACzE,KAAK,aAAa,MAAM,kBAAkB,WAAW,aAAa,IAAI,GAAG;KACzE,mBAAmB;KACpB,EACF;IACD,MAAM,OAAO,KAAK,QAAQ;IAC1B,YAAY;KACV,WAAW,aAAa;KACxB,KAAK,OAAO,KAAK,cAAc;KAChC;IACF,CAAC;AAEF,OAAI,CAAC,UAAU,MAAM,CAAC,UAAU,IAC9B,OAAM,IAAI,WAAW,wCAAwC;GAG/D,MAAM,aAAa,GAAG,cAAc,IAAI,kBAAkB,YAAY,UAAU,GAAG,CAAC,GAAG,kBAAkB,YACvG,UAAU,UACX,CAAC,GAAG,kBAAkB,YAAY,UAAU,IAAI;AAEjD,UAAO;IAAE,eAAe,aAAa;IAAW,KAAK;IAAY;YACzD;AAER,SAAM,IAAI,UAAU,EAClB,OAAO,YAAY,OACpB,CAAC;;;;AAKR,SAAgB,4BAA4B,cAAgD;CAC1F,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;AACtD,QAAO,OAAO,KAAK,YAAY;EAE7B,MAAM,EAAE,WAAW,gBAAgB,EAAE,KAAK,KAAK,CAAC;EAEhD,IAAI,MAAM,SAAS,KAAK,OAAO,OAAO;AACtC,MAAI,CAAC,IACH,OAAM,IAAI,WAAW,6CAA6C;AAMpE,MAAI,IAAI,WAAW,IAAI,CACrB,KAAI;GACF,MAAMC,cAAY,IAAI,UAAU,gBAAgB,IAAI;AACpD,OAAIA,YAAW,OAAMA,YAAU;UACzB;EAOV,MAAM,CAAC,iBAAqC,WAAW,mBAAmB,cAAc,IAAI,MAAM,IAAI;AAEtG,MAAI,OAAO,QAAQ,UACjB,OAAM,IAAI,WAAW,0EAA0E;AAGjG,MAAI,OAAO,QAAQ,aAAa,OAAO,QAAQ,aAAa,OAAO,QAAQ,gBACzE,OAAM,IAAI,WACR,0GACD;EAGH,IAAIC;EACJ,IAAIC;EAEJ,MAAM,MAAM,IAAI,UAAU,YAAY,OAAO,IAAI;AAEjD,MAAI;GACF,MAAM,YAAY,MAAM,IAAI,QAAQ;IAClC,WAAW,kBAAkB,WAAW,kBAAkB;IAC1D,YAAY;KACV,WAAW,OAAO;KAElB,KAAK,kBAAkB,WAAW,cAAc;KAChD,IAAI,kBAAkB,WAAW,UAAU;KAC3C,KAAK,kBAAkB,WAAW,WAAW;KAC9C;IACD,KAAK,EACH,cAAc;KACZ,WAAW,OAAO;KAClB,mBAAmB,IAAI,QAAQ;KAC/B,OAAO;KACP,KAAK,OAAO,OAAO,QAAQ,WAAW,kBAAkB,WAAW,OAAO,IAAI,GAAG;KACjF,KAAK,OAAO,OAAO,QAAQ,WAAW,kBAAkB,WAAW,OAAO,IAAI,GAAG;KAClF,EACF;IACF,CAAC;AAGF,eAAY,IAAI,UAAU,YACxB,MAAM,IAAI,aAAa,EACrB,OAAO,KACR,CAAC,CACH;AAED,sBAAmB,kBAAkB,aAAa,UAAU,KAAK;WAC1D,OAAO;AACd,gBAAa,OAAO,OAAO,MAAM,wBAAwB,EACvD,OACD,CAAC;AACF,UAAO;IACL,WAAW;IACX,eAAe,SAAS;IACxB,SAAS;IACT;IACD;;AAGH,SAAO;GACL,WAAW;GACX,eAAe,UAAU,QAAQ;GACjC,SAAS;GACT;GACD;;;AAIL,SAAgB,yBAAyB,cAA6C;CACpF,MAAM,aAAa,aAAa,kBAAkB,QAAQ,WAAW;AAErE,QAAO,OAAO,QAAQ,EAAE,SAAS,aAAa;AAC5C,MAAI,OAAO,WAAW,YAAY,OAAO,WAAW,aAClD,OAAM,IAAI,WAAW,gFAAgF;AAGvG,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,kBAAkB,YAAY,mBAAmB,cAAc,EAAE,kBAAkB,OAAO,KAAK,CAAC;AAQtG,UAAO;IAAE,KANG,MAAM,WAAW,iBAAiB,cAAc;KAC1D,wBAAwB;MAAE,GAAG;MAAQ,KAAK,OAAO;MAAuC,KAAK;MAAW;KACxG,SAAS,WAAW,SAAS,QAAQ;KACrC,OAAO,OAAO,OAAO,gBAAgB,UAAU;KAChD,CAAC;IAEiB,WAAW,gBAAgB,UAAU,QAAQ;IAAS;;EAI3E,MAAM,YACJ,OAAO,WAAW,QACd,MAAM,oBAAoB,cAAc,OAAO,OAAO,GACtD,IAAI,UAAU,YAAY,OAAO,UAAU;AAEjD,MAAI,CAAC,UAAU,6BAA6B,SAAS,OAAO,IAAsC,CAChG,OAAM,IAAI,WACR,OAAO,UAAU,wBAAwB,uCAAuC,OAAO,IAAI,GAC5F;AAaH,SAAO;GAAE,KAVG,MAAM,WAAW,iBAAiB,cAAc;IAC1D,wBAAwB;KACtB,GAAG;KACH,KAAK,OAAO,MAAM,YAAY;KAC9B,KAAK,OAAO;KACb;IACD,SAAS,YAAY,SAAS,QAAQ;IACtC,OAAO,OAAO,OAAO,UAAU;IAChC,CAAC;GAEY,WAAW,UAAU,QAAQ;GAAS;;;AAIxD,SAAgB,mBACd,cACA,SAKA;CACA,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;AAEtD,QAAO;EACL,OAAO,MAAM,QAAQ,OAAO,KAAK,MAAM,IAAI,aAAa,CAAC;EACzD,iBAAiB,WAAW,IAAI,YAAY,EAAE,QAAQ,CAAC;EACvD,SAAS,yBAAyB,aAAa;EAC/C,4BAA4B;AAC1B,SAAM,IAAI,WAAW,qDAAqD;;EAE5E,WAAW,2BAA2B,cAAc;GAClD,qBAAqB,SAAS;GAC9B,2BAA2B,SAAS;GACpC,mBAAmB,SAAS;GAC7B,CAAC;EACF,OAAO,aAAa,OAAO,kBAAkB;EAC7C,YAAY,4BAA4B,aAAa;EACrD,YAAY,4BAA4B,aAAa;EACrD,6BAA6B,gBAAwB;GACnD,MAAM,kBAAkB,YAAY,mBAAmB,cAAc,EAAE,kBAAkB,CAAC,YAAY,EAAE,CAAC;AACzG,UAAO;IACL,aAAa,gBAAgB;IAC7B,aAAa,gBAAgB;IAC9B;;EAEJ;;;;;;AAOH,SAAgB,mCACd,cACA,cAC8B;AAC9B,SAAQ,oBAAoB;EAC1B,MAAM,sBAAsB,aAAa,4BAA4B,MAClE,MAAM,EAAE,WAAW,gBAAgB,4BAA4B,OACjE;AAED,MAAI,CAAC,qBAAqB;AAExB,gBAAa,OAAO,OAAO,MACzB,iCAAiC,gBAAgB,4BAA4B,OAAO,gBAAgB,aAAa,SAAS,oBAAoB,gBAAgB,IAAI,GACnK;AACD;;AAGF,MAAI,CAAC,oBAAoB,qBACvB,OAAM,IAAI,WACR,mDAAmD,oBAAoB,OAAO,gBAAgB,aAAa,SAAS,oBAAoB,gBAAgB,IAAI,8GAC7J;AAGH,SAAO,4BAA4B;GACjC,UAAU,oBAAoB,qBAAqB;GACnD,cAAc,oBAAoB,qBAAqB;GACxD,CAAC,CAAC,gBAAgB"}

package/build/shared/index.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { OpenId4VcCredentialHolderAttestationBinding, OpenId4VcCredentialHolderBinding, OpenId4VcCredentialHolderDidBinding, OpenId4VcCredentialHolderJwkBinding, VerifiedOpenId4VcCredentialHolderBinding } from "./models/CredentialHolderBinding.mjs";
+import { OpenId4VciAuthorizationServerClientAuthenticationClientSecret, OpenId4VciAuthorizationServerConfig, OpenId4VciChainedAuthorizationServerConfig, OpenId4VciDirectAuthorizationServerConfig } from "./models/OpenId4VciAuthorizationServerConfig.mjs";
+import { OpenId4VciCredentialFormatProfile } from "./models/OpenId4VciCredentialFormatProfile.mjs";
+import { OpenId4VcJwtIssuer, OpenId4VcJwtIssuerDid, OpenId4VcJwtIssuerEncoded, OpenId4VcJwtIssuerJwk, OpenId4VcJwtIssuerJwkEncoded, OpenId4VcJwtIssuerX5c, OpenId4VcJwtIssuerX5cEncoded } from "./models/OpenId4VcJwtIssuer.mjs";
+import { OpenId4VciAccessTokenResponse, OpenId4VciCredentialConfigurationSupported, OpenId4VciCredentialConfigurationSupportedWithFormats, OpenId4VciCredentialConfigurationsSupported, OpenId4VciCredentialConfigurationsSupportedWithFormats, OpenId4VciCredentialIssuerMetadata, OpenId4VciCredentialIssuerMetadataDisplay, OpenId4VciCredentialOfferPayload, OpenId4VciCredentialRequest, OpenId4VciCredentialRequestFormatSpecific, OpenId4VciCredentialRequestWithFormats, OpenId4VciDeferredCredentialRequest, OpenId4VciMetadata, OpenId4VciParsedCredentialRequest, OpenId4VciTxCode, OpenId4VpAuthorizationRequestPayload, OpenId4VpAuthorizationResponsePayload, OpenId4VpVerifiedAuthorizationRequest, Openid4vpAuthorizationRequest, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "./models/index.mjs";
+import { dynamicOid4vciClientAuthentication, getOid4vcCallbacks, getOid4vcDecryptJweCallback, getOid4vcEncryptJweCallback, getOid4vcJwtSignCallback, getOid4vcJwtVerifyCallback } from "./callbacks.mjs";
+import { getAllowedAndRequestedScopeValues, getCredentialConfigurationsSupportedForScopes, getOfferedCredentials, getScopesFromCredentialConfigurationsSupported } from "./issuerMetadataUtils.mjs";

package/build/shared/index.mjs ADDED Viewed

@@ -0,0 +1,4 @@
+import { dynamicOid4vciClientAuthentication, getOid4vcCallbacks, getOid4vcDecryptJweCallback, getOid4vcEncryptJweCallback, getOid4vcJwtSignCallback, getOid4vcJwtVerifyCallback } from "./callbacks.mjs";
+import { getAllowedAndRequestedScopeValues, getCredentialConfigurationsSupportedForScopes, getOfferedCredentials, getScopesFromCredentialConfigurationsSupported } from "./issuerMetadataUtils.mjs";
+import { OpenId4VciCredentialFormatProfile } from "./models/OpenId4VciCredentialFormatProfile.mjs";
+import { authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "./models/index.mjs";

package/build/shared/issuerMetadataUtils.d.mts ADDED Viewed

@@ -0,0 +1,22 @@
+import { OpenId4VciCredentialConfigurationsSupported, OpenId4VciCredentialConfigurationsSupportedWithFormats } from "./models/index.mjs";
+import { CredentialConfigurationsSupported } from "@openid4vc/openid4vci";
+//#region src/shared/issuerMetadataUtils.d.ts
+/**
+ * Returns all entries from the credential offer with the associated metadata resolved.
+ */
+declare function getOfferedCredentials<Configurations extends OpenId4VciCredentialConfigurationsSupported | OpenId4VciCredentialConfigurationsSupportedWithFormats>(offeredCredentialConfigurationIds: Array<string>, credentialConfigurationsSupported: Configurations, {
+  ignoreNotFoundIds
+}?: {
+  ignoreNotFoundIds?: boolean;
+}): Configurations extends OpenId4VciCredentialConfigurationsSupportedWithFormats ? OpenId4VciCredentialConfigurationsSupportedWithFormats : OpenId4VciCredentialConfigurationsSupported;
+declare function getScopesFromCredentialConfigurationsSupported(credentialConfigurationsSupported: CredentialConfigurationsSupported): string[];
+declare function getAllowedAndRequestedScopeValues(options: {
+  requestedScope: string;
+  allowedScopes: string[];
+}): string[];
+declare function getCredentialConfigurationsSupportedForScopes(credentialConfigurationsSupported: CredentialConfigurationsSupported, scopes: string[]): CredentialConfigurationsSupported;
+//#endregion
+export { getAllowedAndRequestedScopeValues, getCredentialConfigurationsSupportedForScopes, getOfferedCredentials, getScopesFromCredentialConfigurationsSupported };
+//# sourceMappingURL=issuerMetadataUtils.d.mts.map

package/build/shared/issuerMetadataUtils.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuerMetadataUtils.d.mts","names":[],"sources":["../../src/shared/issuerMetadataUtils.ts"],"sourcesContent":[],"mappings":";;;;;;;AASA;AAEM,iBAFU,qBAEV,CAAA,uBAAA,2CAAA,GACA,sDADA,CAAA,CAAA,iCAAA,EAG+B,KAH/B,CAAA,MAAA,CAAA,EAAA,iCAAA,EAI+B,cAJ/B,EAAA;EAAA;CAG+B,CAH/B,EAAA;EACA,iBAAA,CAAA,EAAA,OAAA;CAE+B,CAAA,EAGlC,cAHkC,SAGX,sDAHW,GAIjC,sDAJiC,GAKjC,2CALiC;AACA,iBA4BrB,8CAAA,CA5BqB,iCAAA,EA6BA,iCA7BA,CAAA,EAAA,MAAA,EAAA;AACjC,iBAuCY,iCAAA,CAvCZ,OAAA,EAAA;EACD,cAAA,EAAA,MAAA;EAAuB,aAAA,EAAA,MAAA,EAAA;CACtB,CAAA,EAAA,MAAA,EAAA;AACA,iBA6CY,6CAAA,CA7CZ,iCAAA,EA8CiC,iCA9CjC,EAAA,MAAA,EAAA,MAAA,EAAA,CAAA,EAgDD,iCAhDC"}

package/build/shared/issuerMetadataUtils.mjs ADDED Viewed

@@ -0,0 +1,30 @@
+//#region src/shared/issuerMetadataUtils.ts
+/**
+* Returns all entries from the credential offer with the associated metadata resolved.
+*/
+function getOfferedCredentials(offeredCredentialConfigurationIds, credentialConfigurationsSupported, { ignoreNotFoundIds = false } = {}) {
+	const offeredCredentialConfigurations = {};
+	for (const offeredCredentialConfigurationId of offeredCredentialConfigurationIds) {
+		const foundCredentialConfiguration = credentialConfigurationsSupported[offeredCredentialConfigurationId];
+		if (!foundCredentialConfiguration) {
+			if (!ignoreNotFoundIds) throw new Error(`Offered credential configuration id '${offeredCredentialConfigurationId}' is not part of credential_configurations_supported of the issuer metadata.`);
+			continue;
+		}
+		offeredCredentialConfigurations[offeredCredentialConfigurationId] = foundCredentialConfiguration;
+	}
+	return offeredCredentialConfigurations;
+}
+function getScopesFromCredentialConfigurationsSupported(credentialConfigurationsSupported) {
+	return Array.from(new Set(Object.values(credentialConfigurationsSupported).map((configuration) => configuration.scope).filter((scope) => scope !== void 0)));
+}
+function getAllowedAndRequestedScopeValues(options) {
+	const requestedScopeValues = options.requestedScope.split(" ");
+	return options.allowedScopes.filter((allowedScope) => requestedScopeValues.includes(allowedScope));
+}
+function getCredentialConfigurationsSupportedForScopes(credentialConfigurationsSupported, scopes) {
+	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter(([, configuration]) => configuration.scope && scopes.includes(configuration.scope)));
+}
+//#endregion
+export { getAllowedAndRequestedScopeValues, getCredentialConfigurationsSupportedForScopes, getOfferedCredentials, getScopesFromCredentialConfigurationsSupported };
+//# sourceMappingURL=issuerMetadataUtils.mjs.map

package/build/shared/issuerMetadataUtils.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuerMetadataUtils.mjs","names":["offeredCredentialConfigurations: OpenId4VciCredentialConfigurationsSupported"],"sources":["../../src/shared/issuerMetadataUtils.ts"],"sourcesContent":["import type { CredentialConfigurationsSupported } from '@openid4vc/openid4vci'\nimport type {\n OpenId4VciCredentialConfigurationsSupported,\n OpenId4VciCredentialConfigurationsSupportedWithFormats,\n} from './models'\n\n/**\n * Returns all entries from the credential offer with the associated metadata resolved.\n */\nexport function getOfferedCredentials<\n Configurations extends\n | OpenId4VciCredentialConfigurationsSupported\n | OpenId4VciCredentialConfigurationsSupportedWithFormats,\n>(\n offeredCredentialConfigurationIds: Array<string>,\n credentialConfigurationsSupported: Configurations,\n { ignoreNotFoundIds = false }: { ignoreNotFoundIds?: boolean } = {}\n): Configurations extends OpenId4VciCredentialConfigurationsSupportedWithFormats\n ? OpenId4VciCredentialConfigurationsSupportedWithFormats\n : OpenId4VciCredentialConfigurationsSupported {\n const offeredCredentialConfigurations: OpenId4VciCredentialConfigurationsSupported = {}\n for (const offeredCredentialConfigurationId of offeredCredentialConfigurationIds) {\n const foundCredentialConfiguration = credentialConfigurationsSupported[offeredCredentialConfigurationId]\n\n // Make sure the issuer metadata includes the offered credential.\n if (!foundCredentialConfiguration) {\n if (!ignoreNotFoundIds) {\n throw new Error(\n `Offered credential configuration id '${offeredCredentialConfigurationId}' is not part of credential_configurations_supported of the issuer metadata.`\n )\n }\n\n continue\n }\n\n offeredCredentialConfigurations[offeredCredentialConfigurationId] = foundCredentialConfiguration\n }\n\n return offeredCredentialConfigurations as Configurations extends OpenId4VciCredentialConfigurationsSupportedWithFormats\n ? OpenId4VciCredentialConfigurationsSupportedWithFormats\n : OpenId4VciCredentialConfigurationsSupported\n}\n\nexport function getScopesFromCredentialConfigurationsSupported(\n credentialConfigurationsSupported: CredentialConfigurationsSupported\n): string[] {\n return Array.from(\n new Set(\n Object.values(credentialConfigurationsSupported)\n .map((configuration) => configuration.scope)\n .filter((scope): scope is string => scope !== undefined)\n )\n )\n}\n\nexport function getAllowedAndRequestedScopeValues(options: { requestedScope: string; allowedScopes: string[] }) {\n const requestedScopeValues = options.requestedScope.split(' ')\n const allowedAndRequestedScopeValues = options.allowedScopes.filter((allowedScope) =>\n requestedScopeValues.includes(allowedScope)\n )\n\n return allowedAndRequestedScopeValues\n}\n\nexport function getCredentialConfigurationsSupportedForScopes(\n credentialConfigurationsSupported: CredentialConfigurationsSupported,\n scopes: string[]\n): CredentialConfigurationsSupported {\n return Object.fromEntries(\n Object.entries(credentialConfigurationsSupported).filter(\n ([, configuration]) => configuration.scope && scopes.includes(configuration.scope)\n )\n )\n}\n"],"mappings":";;;;AASA,SAAgB,sBAKd,mCACA,mCACA,EAAE,oBAAoB,UAA2C,EAAE,EAGrB;CAC9C,MAAMA,kCAA+E,EAAE;AACvF,MAAK,MAAM,oCAAoC,mCAAmC;EAChF,MAAM,+BAA+B,kCAAkC;AAGvE,MAAI,CAAC,8BAA8B;AACjC,OAAI,CAAC,kBACH,OAAM,IAAI,MACR,wCAAwC,iCAAiC,8EAC1E;AAGH;;AAGF,kCAAgC,oCAAoC;;AAGtE,QAAO;;AAKT,SAAgB,+CACd,mCACU;AACV,QAAO,MAAM,KACX,IAAI,IACF,OAAO,OAAO,kCAAkC,CAC7C,KAAK,kBAAkB,cAAc,MAAM,CAC3C,QAAQ,UAA2B,UAAU,OAAU,CAC3D,CACF;;AAGH,SAAgB,kCAAkC,SAA8D;CAC9G,MAAM,uBAAuB,QAAQ,eAAe,MAAM,IAAI;AAK9D,QAJuC,QAAQ,cAAc,QAAQ,iBACnE,qBAAqB,SAAS,aAAa,CAC5C;;AAKH,SAAgB,8CACd,mCACA,QACmC;AACnC,QAAO,OAAO,YACZ,OAAO,QAAQ,kCAAkC,CAAC,QAC/C,GAAG,mBAAmB,cAAc,SAAS,OAAO,SAAS,cAAc,MAAM,CACnF,CACF"}

package/build/shared/models/CredentialHolderBinding.d.mts ADDED Viewed

@@ -0,0 +1,71 @@
+import { Kms } from "@credo-ts/core";
+import { Openid4vciIssuer } from "@openid4vc/openid4vci";
+//#region src/shared/models/CredentialHolderBinding.d.ts
+type VerifiedCredentialRequestAttestationProof = Awaited<ReturnType<InstanceType<typeof Openid4vciIssuer>['verifyCredentialRequestAttestationProof']>>;
+type VerifiedCredentialRequestJwtProof = Awaited<ReturnType<InstanceType<typeof Openid4vciIssuer>['verifyCredentialRequestJwtProof']>>['keyAttestation'];
+type OpenId4VcCredentialHolderAttestationBinding = {
+  method: 'attestation';
+  /**
+   * The key attestation JWT to use to request issuance of the credentials based
+   * on the attested_keys.
+   *
+   * When the `keyAttestationJwt` contains a `nonce` payload value it will be sent
+   * as an `attestation` proof (without signing using a key in the attested key).
+   * NOTE that the `nonce` value must match with the `c_nonce` value from the issuer.
+   *
+   * If no nonce is provided, the `jwt` proof type will be used and the proof will be
+   * signed using the first key from the `attested_keys` array.
+   */
+  keyAttestationJwt: string;
+};
+interface OpenId4VcCredentialHolderDidBinding {
+  method: 'did';
+  didUrls: string[];
+}
+interface OpenId4VcCredentialHolderJwkBinding {
+  method: 'jwk';
+  keys: Kms.PublicJwk[];
+}
+type VerifiedOpenId4VcCredentialHolderBinding = {
+  proofType: 'jwt' | 'attestation';
+  /**
+   * The key attestation that was provided to attest the keys.
+   * Always defined if `proofType` is `attestation`, as well
+   * as when `key_attestations_required` is defined in the
+   * credential issuer metadata
+   */
+  keyAttestation?: VerifiedCredentialRequestAttestationProof | VerifiedCredentialRequestJwtProof;
+  /**
+   * The binding method of the keys.
+   *
+   * Binding method `did` is only supported for proof type `jwt`.
+   */
+  bindingMethod: 'did' | 'jwk';
+} & ({
+  bindingMethod: 'did';
+  /**
+   * The DIDs that were provided as part of the `jwt` proofs in the credential request
+   */
+  keys: Array<{
+    method: 'did';
+    jwk: Kms.PublicJwk;
+    didUrl: string;
+  }>;
+} | {
+  bindingMethod: 'jwk';
+  /**
+   * The keys that were provided as part of the credential request proof.
+   * - If `proofType` is `attestation` these keys were extracted from the signed key attestation, but no proof was signed using one of the attested keys
+   * - If `proofType` is `jwt` and `attestation` is defined, the keys were extracted from the attestation, and proof was signed using one of the attested keys
+   * - Otherwise if `proofType` is `jwt` and no `attestation` is defined, the keys were not attested, and for each individual key a proof was signed using that key.
+   */
+  keys: Array<{
+    method: 'jwk';
+    jwk: Kms.PublicJwk;
+  }>;
+});
+type OpenId4VcCredentialHolderBinding = OpenId4VcCredentialHolderDidBinding | OpenId4VcCredentialHolderJwkBinding | OpenId4VcCredentialHolderAttestationBinding;
+//#endregion
+export { OpenId4VcCredentialHolderAttestationBinding, OpenId4VcCredentialHolderBinding, OpenId4VcCredentialHolderDidBinding, OpenId4VcCredentialHolderJwkBinding, VerifiedOpenId4VcCredentialHolderBinding };
+//# sourceMappingURL=CredentialHolderBinding.d.mts.map

package/build/shared/models/CredentialHolderBinding.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CredentialHolderBinding.d.mts","names":[],"sources":["../../../src/shared/models/CredentialHolderBinding.ts"],"sourcesContent":[],"mappings":";;;;KAKK,yCAAA,GAA4C,QAC/C,WAAW,oBAAoB;KAE5B,iCAAA,GAAoC,QACvC,WAAW,oBAAoB;AAJ5B,KAOO,2CAAA,GAPkC;EACb,MAAA,EAAA,aAAA;EAApB;;;;AAD2C;;;;;;AAOxD;EAqBiB,iBAAA,EAAA,MAAA;AAKjB,CAAA;AAKY,UAVK,mCAAA,CAUmC;EASjC,MAAA,EAAA,KAAA;EAA4C,OAAA,EAAA,MAAA,EAAA;;AAenD,UA7BK,mCAAA,CA6BL;EAiBC,MAAI,EAAA,KAAA;EAFL,IAAA,EA1CJ,GAAA,CAAI,SA0CA,EAAA;;AAOA,KA9CA,wCAAA,GA8CgC;EACxC,SAAA,EAAA,KAAA,GAAA,aAAA;EACA;;;;;;mBAvCe,4CAA4C;;;;;;;;;;;;QAenD;;SAEC,GAAA,CAAI;;;;;;;;;;;QAaL;;SAEC,GAAA,CAAI;;;KAKL,gCAAA,GACR,sCACA,sCACA"}

package/build/shared/models/CredentialHolderBinding.mjs ADDED Viewed

	@@ -0,0 +1 @@
1	+ import { Openid4vciIssuer } from "@openid4vc/openid4vci";

package/build/shared/models/OpenId4VcJwtIssuer.d.mts ADDED Viewed

@@ -0,0 +1,46 @@
+import { Kms, X509Certificate } from "@credo-ts/core";
+//#region src/shared/models/OpenId4VcJwtIssuer.d.ts
+interface OpenId4VcJwtIssuerDid {
+  method: 'did';
+  /**
+   * The did url pointing to a specific verification method.
+   *
+   * Note a created DID record MUST exist for the did url, enabling extraction of the KMS key id from the did record.
+   */
+  didUrl: string;
+}
+interface OpenId4VcJwtIssuerX5c {
+  method: 'x5c';
+  /**
+   * Array of X.509 certificates
+   *
+   * The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate.
+   * The first certificate MUST also have a key id configured on the public key to enable signing with the KMS.
+   */
+  x5c: X509Certificate[];
+}
+interface OpenId4VcJwtIssuerX5cEncoded {
+  method: 'x5c';
+  /**
+   * x5c encoded as base64
+   */
+  x5c: string[];
+  /**
+   * key id associated with the leaf certificate
+   */
+  leafCertificateKeyId: string;
+}
+interface OpenId4VcJwtIssuerJwk {
+  method: 'jwk';
+  jwk: Kms.PublicJwk;
+}
+interface OpenId4VcJwtIssuerJwkEncoded {
+  method: 'jwk';
+  jwk: Kms.KmsJwkPublic;
+}
+type OpenId4VcJwtIssuer = OpenId4VcJwtIssuerDid | OpenId4VcJwtIssuerX5c | OpenId4VcJwtIssuerJwk;
+type OpenId4VcJwtIssuerEncoded = OpenId4VcJwtIssuerDid | OpenId4VcJwtIssuerX5cEncoded | OpenId4VcJwtIssuerJwkEncoded;
+//#endregion
+export { OpenId4VcJwtIssuer, OpenId4VcJwtIssuerDid, OpenId4VcJwtIssuerEncoded, OpenId4VcJwtIssuerJwk, OpenId4VcJwtIssuerJwkEncoded, OpenId4VcJwtIssuerX5c, OpenId4VcJwtIssuerX5cEncoded };
+//# sourceMappingURL=OpenId4VcJwtIssuer.d.mts.map

package/build/shared/models/OpenId4VcJwtIssuer.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OpenId4VcJwtIssuer.d.mts","names":[],"sources":["../../../src/shared/models/OpenId4VcJwtIssuer.ts"],"sourcesContent":[],"mappings":";;;UAEiB,qBAAA;;EAAA;AAWjB;AAYA;AAcA;AAKA;EAKY,MAAA,EAAA,MAAA;;AAA6C,UApCxC,qBAAA,CAoCwC;EAAwB,MAAA,EAAA,KAAA;EAAqB;AACtG;;;;;OA5BO;;UAGU,4BAAA;;;;;;;;;;;UAcA,qBAAA;;OAEV,GAAA,CAAI;;UAGM,4BAAA;;OAEV,GAAA,CAAI;;KAGC,kBAAA,GAAqB,wBAAwB,wBAAwB;KACrE,yBAAA,GACR,wBACA,+BACA"}

package/build/shared/models/OpenId4VcJwtIssuer.mjs ADDED Viewed

	@@ -0,0 +1 @@
1	+ import { Kms, X509Certificate } from "@credo-ts/core";

package/build/shared/models/OpenId4VciAuthorizationServerConfig.d.mts ADDED Viewed

@@ -0,0 +1,71 @@
+import { Optional } from "@credo-ts/core";
+//#region src/shared/models/OpenId4VciAuthorizationServerConfig.d.ts
+/**
+ * Credo supports two types of authorization servers, indicated by the `type` field:
+ *
+ * - `direct` - The authorization server will be listed as part of the
+ *  `authorization_servers` in the OpenID4VCI issuer metadata and clients/wallets
+ *  will directly interact with the authorization server. Your authorization server
+ *  must be aware of wallet-specific features, such as `issuer_state`, and, optionally,
+ *  wallet attestations, DPoP, PAR, etc.
+ *
+ * - `chained` - The authorization server will **not** be listed as part of the
+ * `authorization_servers` in the OpenID4VCI issuer metadata and clients/wallets
+ *  will not directly interact with the authorization server. This allows all
+ * Credo's features, such as wallet attestations, DPoP & PAR, to be used while
+ * still leveraging the authentication of the external authorization server.
+ */
+type OpenId4VciAuthorizationServerConfig = OpenId4VciDirectAuthorizationServerConfig | OpenId4VciChainedAuthorizationServerConfig;
+/**
+ * Perform authentication based on a client secret. It will dynamically use
+ * `client_secret_post` or `client_secret_basic` based on the method supported
+ * by the authorization server.
+ */
+interface OpenId4VciAuthorizationServerClientAuthenticationClientSecret {
+  /**
+   * @note if no type is defined, the default is `clientSecret` due to older versions
+   * of Credo not having a type
+   */
+  type: 'clientSecret';
+  clientId: string;
+  clientSecret: string;
+}
+interface OpenId4VciDirectAuthorizationServerConfig {
+  type: 'direct';
+  /**
+   * The `issuer` url of your OAuth server. This URL must expose well-known OAuth2 metadata
+   */
+  issuer: string;
+  /**
+   * Optional client authentication for token introspection
+   *
+   * @note `type` is optional for client secret authentication, in this case `clientSecret` is implied
+   * due to older versions of Credo not having a `type`.
+   */
+  clientAuthentication?: Optional<OpenId4VciAuthorizationServerClientAuthenticationClientSecret, 'type'>;
+}
+interface OpenId4VciChainedAuthorizationServerConfig {
+  type: 'chained';
+  /**
+   * The `issuer` url of your OAuth server. This URL must expose well-known OAuth2 metadata
+   */
+  issuer: string;
+  /**
+   * Client authentication for interacting with the external authorization server.
+   *
+   * This will be used for exchanging the authorization code for an access token
+   */
+  clientAuthentication: OpenId4VciAuthorizationServerClientAuthenticationClientSecret;
+  /**
+   * Mapping between credential scopes and authorization server scopes.
+   *
+   * This is mandatory. If a scope is missing, an error will be thrown when making
+   * a credential offer. If no additional scope is needed, use an empty array.
+   */
+  scopesMapping: Record<string, string[]>;
+}
+//#endregion
+export { OpenId4VciAuthorizationServerClientAuthenticationClientSecret, OpenId4VciAuthorizationServerConfig, OpenId4VciChainedAuthorizationServerConfig, OpenId4VciDirectAuthorizationServerConfig };
+//# sourceMappingURL=OpenId4VciAuthorizationServerConfig.d.mts.map

package/build/shared/models/OpenId4VciAuthorizationServerConfig.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"OpenId4VciAuthorizationServerConfig.d.mts","names":[],"sources":["../../../src/shared/models/OpenId4VciAuthorizationServerConfig.ts"],"sourcesContent":[],"mappings":";;;;;;AAiBA;AASA;AAWA;AAiBA;;;;;;;;;;KArCY,mCAAA,GACR,4CACA;;;;;;UAOa,6DAAA;;;;;;;;;UAWA,yCAAA;;;;;;;;;;;;yBAcQ,SAAS;;UAGjB,0CAAA;;;;;;;;;;;wBAaO;;;;;;;iBAQP"}

package/build/shared/models/OpenId4VciCredentialFormatProfile.d.mts ADDED Viewed

@@ -0,0 +1,12 @@
+//#region src/shared/models/OpenId4VciCredentialFormatProfile.d.ts
+declare enum OpenId4VciCredentialFormatProfile {
+  JwtVcJson = "jwt_vc_json",
+  JwtVcJsonLd = "jwt_vc_json-ld",
+  LdpVc = "ldp_vc",
+  SdJwtVc = "vc+sd-jwt",
+  SdJwtDc = "dc+sd-jwt",
+  MsoMdoc = "mso_mdoc",
+}
+//#endregion
+export { OpenId4VciCredentialFormatProfile };
+//# sourceMappingURL=OpenId4VciCredentialFormatProfile.d.mts.map