@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.1

package/build/shared/models/OpenId4VciCredentialFormatProfile.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VciCredentialFormatProfile.d.mts","names":[],"sources":["../../../src/shared/models/OpenId4VciCredentialFormatProfile.ts"],"sourcesContent":[],"mappings":";aAAY,iCAAA;EAAA,SAAA,GAAA,aAAA"}

package/build/shared/models/OpenId4VciCredentialFormatProfile.mjs

@@ -0,0 +1,14 @@
+//#region src/shared/models/OpenId4VciCredentialFormatProfile.ts
+let OpenId4VciCredentialFormatProfile = /* @__PURE__ */ function(OpenId4VciCredentialFormatProfile$1) {
+	OpenId4VciCredentialFormatProfile$1["JwtVcJson"] = "jwt_vc_json";
+	OpenId4VciCredentialFormatProfile$1["JwtVcJsonLd"] = "jwt_vc_json-ld";
+	OpenId4VciCredentialFormatProfile$1["LdpVc"] = "ldp_vc";
+	OpenId4VciCredentialFormatProfile$1["SdJwtVc"] = "vc+sd-jwt";
+	OpenId4VciCredentialFormatProfile$1["SdJwtDc"] = "dc+sd-jwt";
+	OpenId4VciCredentialFormatProfile$1["MsoMdoc"] = "mso_mdoc";
+	return OpenId4VciCredentialFormatProfile$1;
+}({});
+
+//#endregion
+export { OpenId4VciCredentialFormatProfile };
+//# sourceMappingURL=OpenId4VciCredentialFormatProfile.mjs.map

package/build/shared/models/OpenId4VciCredentialFormatProfile.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VciCredentialFormatProfile.mjs","names":[],"sources":["../../../src/shared/models/OpenId4VciCredentialFormatProfile.ts"],"sourcesContent":["export enum OpenId4VciCredentialFormatProfile {\n  JwtVcJson = 'jwt_vc_json',\n  JwtVcJsonLd = 'jwt_vc_json-ld',\n  LdpVc = 'ldp_vc',\n  SdJwtVc = 'vc+sd-jwt',\n  SdJwtDc = 'dc+sd-jwt',\n  MsoMdoc = 'mso_mdoc',\n}\n"],"mappings":";AAAA,IAAY,kGAAL;AACL;AACA;AACA;AACA;AACA;AACA"}

package/build/shared/models/index.d.mts

@@ -0,0 +1,30 @@
+import { OpenId4VcCredentialHolderAttestationBinding, OpenId4VcCredentialHolderBinding, OpenId4VcCredentialHolderDidBinding, OpenId4VcCredentialHolderJwkBinding, VerifiedOpenId4VcCredentialHolderBinding } from "./CredentialHolderBinding.mjs";
+import { OpenId4VciAuthorizationServerClientAuthenticationClientSecret, OpenId4VciAuthorizationServerConfig, OpenId4VciChainedAuthorizationServerConfig, OpenId4VciDirectAuthorizationServerConfig } from "./OpenId4VciAuthorizationServerConfig.mjs";
+import { OpenId4VciCredentialFormatProfile } from "./OpenId4VciCredentialFormatProfile.mjs";
+import { OpenId4VcJwtIssuer, OpenId4VcJwtIssuerDid, OpenId4VcJwtIssuerEncoded, OpenId4VcJwtIssuerJwk, OpenId4VcJwtIssuerJwkEncoded, OpenId4VcJwtIssuerX5c, OpenId4VcJwtIssuerX5cEncoded } from "./OpenId4VcJwtIssuer.mjs";
+import { AccessTokenResponse, authorizationCodeGrantIdentifier as authorizationCodeGrantIdentifier$1, preAuthorizedCodeGrantIdentifier as preAuthorizedCodeGrantIdentifier$1 } from "@openid4vc/oauth2";
+import { CredentialConfigurationSupported, CredentialConfigurationSupportedWithFormats, CredentialIssuerMetadata, CredentialIssuerMetadataDisplayEntry, CredentialOfferObject, CredentialOfferPreAuthorizedCodeGrantTxCode, CredentialRequest, CredentialRequestFormatSpecific, CredentialRequestWithFormats, DeferredCredentialRequest, IssuerMetadataResult, ParseCredentialRequestReturn } from "@openid4vc/openid4vci";
+import { Openid4vpAuthorizationRequest, Openid4vpAuthorizationRequest as Openid4vpAuthorizationRequest$1, Openid4vpAuthorizationRequestDcApi, Openid4vpAuthorizationResponse, ResolvedOpenid4vpAuthorizationRequest } from "@openid4vc/openid4vp";
+
+//#region src/shared/models/index.d.ts
+type OpenId4VciCredentialConfigurationSupportedWithFormats = CredentialConfigurationSupportedWithFormats;
+type OpenId4VciCredentialConfigurationSupported = CredentialConfigurationSupported;
+type OpenId4VciCredentialConfigurationsSupported = Record<string, OpenId4VciCredentialConfigurationSupported>;
+type OpenId4VciCredentialConfigurationsSupportedWithFormats = Record<string, OpenId4VciCredentialConfigurationSupportedWithFormats>;
+type OpenId4VciAccessTokenResponse = AccessTokenResponse;
+type OpenId4VciMetadata = IssuerMetadataResult;
+type OpenId4VciTxCode = CredentialOfferPreAuthorizedCodeGrantTxCode;
+type OpenId4VciCredentialIssuerMetadata = CredentialIssuerMetadata;
+type OpenId4VciParsedCredentialRequest = ParseCredentialRequestReturn;
+type OpenId4VciCredentialRequestFormatSpecific = CredentialRequestFormatSpecific;
+type OpenId4VciCredentialIssuerMetadataDisplay = CredentialIssuerMetadataDisplayEntry;
+type OpenId4VciCredentialRequest = CredentialRequest;
+type OpenId4VciCredentialRequestWithFormats = CredentialRequestWithFormats;
+type OpenId4VciDeferredCredentialRequest = DeferredCredentialRequest;
+type OpenId4VciCredentialOfferPayload = CredentialOfferObject;
+type OpenId4VpVerifiedAuthorizationRequest = ResolvedOpenid4vpAuthorizationRequest;
+type OpenId4VpAuthorizationRequestPayload = Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi;
+type OpenId4VpAuthorizationResponsePayload = Openid4vpAuthorizationResponse;
+//#endregion
+export { OpenId4VciAccessTokenResponse, OpenId4VciCredentialConfigurationSupported, OpenId4VciCredentialConfigurationSupportedWithFormats, OpenId4VciCredentialConfigurationsSupported, OpenId4VciCredentialConfigurationsSupportedWithFormats, OpenId4VciCredentialIssuerMetadata, OpenId4VciCredentialIssuerMetadataDisplay, OpenId4VciCredentialOfferPayload, OpenId4VciCredentialRequest, OpenId4VciCredentialRequestFormatSpecific, OpenId4VciCredentialRequestWithFormats, OpenId4VciDeferredCredentialRequest, OpenId4VciMetadata, OpenId4VciParsedCredentialRequest, OpenId4VciTxCode, OpenId4VpAuthorizationRequestPayload, OpenId4VpAuthorizationResponsePayload, OpenId4VpVerifiedAuthorizationRequest, type Openid4vpAuthorizationRequest$1 as Openid4vpAuthorizationRequest, authorizationCodeGrantIdentifier$1 as authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier$1 as preAuthorizedCodeGrantIdentifier };
+//# sourceMappingURL=index.d.mts.map

package/build/shared/models/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../../src/shared/models/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;KAyBY,qDAAA,GAAwD;KACxD,0CAAA,GAA6C;KAE7C,2CAAA,GAA8C,eAAe;KAC7D,sDAAA,GAAyD,eAEnE;AANU,KASA,6BAAA,GAAgC,mBATqB;AACrD,KASA,kBAAA,GAAqB,oBATqB;AAE1C,KASA,gBAAA,GAAmB,2CAT0C;AAC7D,KASA,kCAAA,GAAqC,wBAP/C;AAGU,KAMA,iCAAA,GAAoC,4BANe;AACnD,KAMA,yCAAA,GAA4C,+BANH;AAEzC,KAMA,yCAAA,GAA4C,oCANkB;AAC9D,KAOA,2BAAA,GAA8B,iBAPO;AAErC,KAMA,sCAAA,GAAyC,4BANuB;AAChE,KAOA,mCAAA,GAAsC,yBAPM;AAE5C,KAOA,gCAAA,GAAmC,qBAPS;AAE5C,KAOA,qCAAA,GAAwC,qCAPO;AAC/C,KAOA,oCAAA,GAAuC,6BAPE,GAO8B,kCAPF;AAErE,KAMA,qCAAA,GAAwC,8BANuB"}

package/build/shared/models/index.mjs

@@ -0,0 +1,6 @@
+import "./CredentialHolderBinding.mjs";
+import { OpenId4VciCredentialFormatProfile } from "./OpenId4VciCredentialFormatProfile.mjs";
+import "./OpenId4VcJwtIssuer.mjs";
+import { authorizationCodeGrantIdentifier as authorizationCodeGrantIdentifier$1, preAuthorizedCodeGrantIdentifier as preAuthorizedCodeGrantIdentifier$1 } from "@openid4vc/oauth2";
+
+export { authorizationCodeGrantIdentifier$1 as authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier$1 as preAuthorizedCodeGrantIdentifier };

package/build/shared/router/context.mjs

@@ -0,0 +1,52 @@
+import { CredoError } from "@credo-ts/core";
+import { Oauth2ResourceUnauthorizedError, SupportedAuthenticationScheme } from "@openid4vc/oauth2";
+
+//#region src/shared/router/context.ts
+function sendUnauthorizedError(response, next, logger, error, status) {
+	const errorMessage = error instanceof Error ? error.message : error;
+	logger.warn(`[OID4VC] Sending authorization error response: ${JSON.stringify(errorMessage)}`, { error });
+	const unauhorizedError = error instanceof Oauth2ResourceUnauthorizedError ? error : new Oauth2ResourceUnauthorizedError("Unknown error occured", [{ scheme: SupportedAuthenticationScheme.DPoP }, { scheme: SupportedAuthenticationScheme.Bearer }]);
+	response.setHeader("WWW-Authenticate", unauhorizedError.toHeaderValue()).status(status ?? 403).send();
+	next(error);
+}
+function sendOauth2ErrorResponse(response, next, logger, error) {
+	logger.warn(`[OID4VC] Sending oauth2 error response: ${JSON.stringify(error.message)}`, { error });
+	response.status(error.status).json(error.errorResponse);
+	next(error);
+}
+function sendUnknownServerErrorResponse(response, next, logger, error, additionalParams = {}) {
+	logger.error("[OID4VC] Sending unknown server error response", { error });
+	response.status(500).json({
+		error: "server_error",
+		...additionalParams
+	});
+	next(error instanceof Error ? error : new CredoError("Unknown error in openid4vc error response handler"));
+}
+function sendNotFoundResponse(response, next, logger, internalReason) {
+	logger.debug(`[OID4VC] Sending not found response: ${internalReason}`);
+	response.status(404).send();
+	next(new CredoError(internalReason));
+}
+function sendErrorResponse(response, next, logger, status, errorCode, errorDescription, additionalPayload, error) {
+	const body = {
+		error: errorCode,
+		error_description: errorDescription,
+		...additionalPayload
+	};
+	logger.warn(`[OID4VC] Sending error response: ${JSON.stringify(body)}`, { error });
+	response.status(status).json(body);
+	next(error instanceof Error ? error : new CredoError("Unknown error in openid4vc error response handler"));
+}
+function sendJsonResponse(response, next, body, contentType, status) {
+	response.setHeader("Content-Type", contentType ?? "application/json").status(status ?? 200).send(JSON.stringify(body));
+	next();
+}
+function getRequestContext(request) {
+	const requestContext = request.requestContext;
+	if (!requestContext) throw new CredoError("Request context not set.");
+	return requestContext;
+}
+
+//#endregion
+export { getRequestContext, sendErrorResponse, sendJsonResponse, sendNotFoundResponse, sendOauth2ErrorResponse, sendUnauthorizedError, sendUnknownServerErrorResponse };
+//# sourceMappingURL=context.mjs.map

package/build/shared/router/context.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.mjs","names":[],"sources":["../../../src/shared/router/context.ts"],"sourcesContent":["import type { AgentContext, Logger } from '@credo-ts/core'\nimport { CredoError } from '@credo-ts/core'\nimport type { Oauth2ErrorCodes, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport { Oauth2ResourceUnauthorizedError, SupportedAuthenticationScheme } from '@openid4vc/oauth2'\nimport type { NextFunction, Request, Response } from 'express'\n\nexport interface OpenId4VcRequest<RC extends Record<string, unknown> = Record<string, never>> extends Request {\n  requestContext?: RC & OpenId4VcRequestContext\n}\n\nexport interface OpenId4VcRequestContext {\n  agentContext: AgentContext\n}\n\nexport function sendUnauthorizedError(\n  response: Response,\n  next: NextFunction,\n  logger: Logger,\n  error: unknown | Oauth2ResourceUnauthorizedError,\n  status?: number\n) {\n  const errorMessage = error instanceof Error ? error.message : error\n  logger.warn(`[OID4VC] Sending authorization error response: ${JSON.stringify(errorMessage)}`, {\n    error,\n  })\n\n  const unauhorizedError =\n    error instanceof Oauth2ResourceUnauthorizedError\n      ? error\n      : new Oauth2ResourceUnauthorizedError('Unknown error occured', [\n          { scheme: SupportedAuthenticationScheme.DPoP },\n          { scheme: SupportedAuthenticationScheme.Bearer },\n        ])\n\n  response\n    .setHeader('WWW-Authenticate', unauhorizedError.toHeaderValue())\n    .status(status ?? 403)\n    .send()\n  next(error)\n}\n\nexport function sendOauth2ErrorResponse(\n  response: Response,\n  next: NextFunction,\n  logger: Logger,\n  error: Oauth2ServerErrorResponseError\n) {\n  logger.warn(`[OID4VC] Sending oauth2 error response: ${JSON.stringify(error.message)}`, {\n    error,\n  })\n\n  response.status(error.status).json(error.errorResponse)\n  next(error)\n}\nexport function sendUnknownServerErrorResponse(\n  response: Response,\n  next: NextFunction,\n  logger: Logger,\n  error: unknown,\n  additionalParams: Record<string, unknown> = {}\n) {\n  logger.error('[OID4VC] Sending unknown server error response', {\n    error,\n  })\n\n  response.status(500).json({\n    error: 'server_error',\n    ...additionalParams,\n  })\n\n  const throwError =\n    error instanceof Error ? error : new CredoError('Unknown error in openid4vc error response handler')\n  next(throwError)\n}\n\nexport function sendNotFoundResponse(response: Response, next: NextFunction, logger: Logger, internalReason: string) {\n  logger.debug(`[OID4VC] Sending not found response: ${internalReason}`)\n\n  response.status(404).send()\n  next(new CredoError(internalReason))\n}\n\nexport function sendErrorResponse(\n  response: Response,\n  next: NextFunction,\n  logger: Logger,\n  status: number,\n  errorCode: Oauth2ErrorCodes | string,\n  errorDescription?: string,\n  additionalPayload?: Record<string, unknown>,\n  error?: Error\n) {\n  const body = {\n    error: errorCode,\n    error_description: errorDescription,\n    ...additionalPayload,\n  }\n  logger.warn(`[OID4VC] Sending error response: ${JSON.stringify(body)}`, {\n    error,\n  })\n\n  response.status(status).json(body)\n\n  const throwError =\n    error instanceof Error ? error : new CredoError('Unknown error in openid4vc error response handler')\n  next(throwError)\n}\n\nexport function sendJsonResponse(\n  response: Response,\n  next: NextFunction,\n  // biome-ignore lint/suspicious/noExplicitAny: no explanation\n  body: any,\n  contentType?: string,\n  status?: number\n) {\n  response\n    .setHeader('Content-Type', contentType ?? 'application/json')\n    .status(status ?? 200)\n    .send(JSON.stringify(body))\n\n  next()\n}\n\n// biome-ignore lint/suspicious/noExplicitAny: no explanation\nexport function getRequestContext<T extends OpenId4VcRequest<any>>(request: T): NonNullable<T['requestContext']> {\n  const requestContext = request.requestContext\n  if (!requestContext) throw new CredoError('Request context not set.')\n\n  return requestContext\n}\n"],"mappings":";;;;AAcA,SAAgB,sBACd,UACA,MACA,QACA,OACA,QACA;CACA,MAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAC9D,QAAO,KAAK,kDAAkD,KAAK,UAAU,aAAa,IAAI,EAC5F,OACD,CAAC;CAEF,MAAM,mBACJ,iBAAiB,kCACb,QACA,IAAI,gCAAgC,yBAAyB,CAC3D,EAAE,QAAQ,8BAA8B,MAAM,EAC9C,EAAE,QAAQ,8BAA8B,QAAQ,CACjD,CAAC;AAER,UACG,UAAU,oBAAoB,iBAAiB,eAAe,CAAC,CAC/D,OAAO,UAAU,IAAI,CACrB,MAAM;AACT,MAAK,MAAM;;AAGb,SAAgB,wBACd,UACA,MACA,QACA,OACA;AACA,QAAO,KAAK,2CAA2C,KAAK,UAAU,MAAM,QAAQ,IAAI,EACtF,OACD,CAAC;AAEF,UAAS,OAAO,MAAM,OAAO,CAAC,KAAK,MAAM,cAAc;AACvD,MAAK,MAAM;;AAEb,SAAgB,+BACd,UACA,MACA,QACA,OACA,mBAA4C,EAAE,EAC9C;AACA,QAAO,MAAM,kDAAkD,EAC7D,OACD,CAAC;AAEF,UAAS,OAAO,IAAI,CAAC,KAAK;EACxB,OAAO;EACP,GAAG;EACJ,CAAC;AAIF,MADE,iBAAiB,QAAQ,QAAQ,IAAI,WAAW,oDAAoD,CACtF;;AAGlB,SAAgB,qBAAqB,UAAoB,MAAoB,QAAgB,gBAAwB;AACnH,QAAO,MAAM,wCAAwC,iBAAiB;AAEtE,UAAS,OAAO,IAAI,CAAC,MAAM;AAC3B,MAAK,IAAI,WAAW,eAAe,CAAC;;AAGtC,SAAgB,kBACd,UACA,MACA,QACA,QACA,WACA,kBACA,mBACA,OACA;CACA,MAAM,OAAO;EACX,OAAO;EACP,mBAAmB;EACnB,GAAG;EACJ;AACD,QAAO,KAAK,oCAAoC,KAAK,UAAU,KAAK,IAAI,EACtE,OACD,CAAC;AAEF,UAAS,OAAO,OAAO,CAAC,KAAK,KAAK;AAIlC,MADE,iBAAiB,QAAQ,QAAQ,IAAI,WAAW,oDAAoD,CACtF;;AAGlB,SAAgB,iBACd,UACA,MAEA,MACA,aACA,QACA;AACA,UACG,UAAU,gBAAgB,eAAe,mBAAmB,CAC5D,OAAO,UAAU,IAAI,CACrB,KAAK,KAAK,UAAU,KAAK,CAAC;AAE7B,OAAM;;AAIR,SAAgB,kBAAmD,SAA8C;CAC/G,MAAM,iBAAiB,QAAQ;AAC/B,KAAI,CAAC,eAAgB,OAAM,IAAI,WAAW,2BAA2B;AAErE,QAAO"}

package/build/shared/router/express.browser.d.mts

@@ -0,0 +1,5 @@
+//#region src/shared/router/express.browser.d.ts
+declare function importExpress(): void;
+//#endregion
+export { importExpress };
+//# sourceMappingURL=express.browser.d.mts.map

package/build/shared/router/express.browser.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.browser.d.mts","names":[],"sources":["../../../src/shared/router/express.browser.ts"],"sourcesContent":[],"mappings":";iBAAgB,aAAA,CAAA"}

package/build/shared/router/express.browser.mjs

@@ -0,0 +1,8 @@
+//#region src/shared/router/express.browser.ts
+function importExpress() {
+	throw new Error("Express cannot be imported in the browser. This is probably because you are trying to use the 'OpenId4VcIssuerModule' or the 'OpenId4VcVerifierModule'.");
+}
+
+//#endregion
+export { importExpress };
+//# sourceMappingURL=express.browser.mjs.map

package/build/shared/router/express.browser.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.browser.mjs","names":[],"sources":["../../../src/shared/router/express.browser.ts"],"sourcesContent":["export function importExpress() {\n  throw new Error(\n    \"Express cannot be imported in the browser. This is probably because you are trying to use the 'OpenId4VcIssuerModule' or the 'OpenId4VcVerifierModule'.\"\n  )\n}\n"],"mappings":";AAAA,SAAgB,gBAAgB;AAC9B,OAAM,IAAI,MACR,0JACD"}

package/build/shared/router/express.mjs

@@ -0,0 +1,10 @@
+import express from "express";
+
+//#region src/shared/router/express.ts
+function importExpress() {
+	return express;
+}
+
+//#endregion
+export { importExpress };
+//# sourceMappingURL=express.mjs.map

package/build/shared/router/express.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.mjs","names":[],"sources":["../../../src/shared/router/express.ts"],"sourcesContent":["import express from 'express'\n\n// In React Native the express.native.ts file will be used which will throw when actuall called.\nexport function importExpress() {\n  return express\n}\n"],"mappings":";;;AAGA,SAAgB,gBAAgB;AAC9B,QAAO"}

package/build/shared/router/express.native.d.mts

@@ -0,0 +1,5 @@
+//#region src/shared/router/express.native.d.ts
+declare function importExpress(): void;
+//#endregion
+export { importExpress };
+//# sourceMappingURL=express.native.d.mts.map

package/build/shared/router/express.native.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.native.d.mts","names":[],"sources":["../../../src/shared/router/express.native.ts"],"sourcesContent":[],"mappings":";iBAAgB,aAAA,CAAA"}

package/build/shared/router/express.native.mjs

@@ -0,0 +1,8 @@
+//#region src/shared/router/express.native.ts
+function importExpress() {
+	throw new Error("Express cannot be imported in React Native. This is probably because you are trying to use the 'OpenId4VcIssuerModule' or the 'OpenId4VcVerifierModule'.");
+}
+
+//#endregion
+export { importExpress };
+//# sourceMappingURL=express.native.mjs.map

package/build/shared/router/express.native.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.native.mjs","names":[],"sources":["../../../src/shared/router/express.native.ts"],"sourcesContent":["export function importExpress() {\n  throw new Error(\n    \"Express cannot be imported in React Native. This is probably because you are trying to use the 'OpenId4VcIssuerModule' or the 'OpenId4VcVerifierModule'.\"\n  )\n}\n"],"mappings":";AAAA,SAAgB,gBAAgB;AAC9B,OAAM,IAAI,MACR,2JACD"}

package/build/shared/router/index.mjs

@@ -0,0 +1,3 @@
+import { getRequestContext, sendErrorResponse, sendJsonResponse, sendNotFoundResponse, sendOauth2ErrorResponse, sendUnauthorizedError, sendUnknownServerErrorResponse } from "./context.mjs";
+import { importExpress } from "./express.mjs";
+import { getAgentContextForActorId, storeActorIdForContextCorrelationId } from "./tenants.mjs";

package/build/shared/router/tenants.mjs

@@ -0,0 +1,36 @@
+import { InjectionSymbols, getApiForModuleByName } from "@credo-ts/core";
+
+//#region src/shared/router/tenants.ts
+const OPENID4VC_ACTOR_IDS_METADATA_KEY = "_openid4vc/openId4VcActorIds";
+async function getAgentContextForActorId(rootAgentContext, actorId) {
+	const tenantsApi = getApiForModuleByName(rootAgentContext, "TenantsModule");
+	if (tenantsApi) {
+		const [tenant] = await tenantsApi.findTenantsByQuery({ [OPENID4VC_ACTOR_IDS_METADATA_KEY]: [actorId] });
+		if (tenant) return rootAgentContext.dependencyManager.resolve(InjectionSymbols.AgentContextProvider).getAgentContextForContextCorrelationId(`tenant-${tenant.id}`);
+	}
+	return rootAgentContext;
+}
+/**
+* Store the actor id associated with a context correlation id. If multi-tenancy is not used
+* this method won't do anything as we can just use the actor from the default context. However
+* if multi-tenancy is used, we will store the actor id in the tenant record metadata so it can
+* be queried when a request comes in for the specific actor id.
+*
+* The reason for doing this is that we don't want to expose the context correlation id in the
+* actor metadata url, as it is then possible to see exactly which actors are registered under
+* the same agent.
+*/
+async function storeActorIdForContextCorrelationId(agentContext, actorId) {
+	const tenantsApi = getApiForModuleByName(agentContext, "TenantsModule");
+	if (tenantsApi && tenantsApi.rootAgentContext.contextCorrelationId !== agentContext.contextCorrelationId) {
+		const tenantRecord = await tenantsApi.getTenantById(agentContext.contextCorrelationId.replace("tenant-", ""));
+		const openId4VcActorIds = [...tenantRecord.metadata.get(OPENID4VC_ACTOR_IDS_METADATA_KEY) ?? [], actorId];
+		tenantRecord.metadata.set(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds);
+		tenantRecord.setTag(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds);
+		await tenantsApi.updateTenant(tenantRecord);
+	}
+}
+
+//#endregion
+export { getAgentContextForActorId, storeActorIdForContextCorrelationId };
+//# sourceMappingURL=tenants.mjs.map

package/build/shared/router/tenants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenants.mjs","names":[],"sources":["../../../src/shared/router/tenants.ts"],"sourcesContent":["import type { AgentContext, AgentContextProvider } from '@credo-ts/core'\nimport { getApiForModuleByName, InjectionSymbols } from '@credo-ts/core'\nimport type { TenantsModule } from '@credo-ts/tenants'\n\nconst OPENID4VC_ACTOR_IDS_METADATA_KEY = '_openid4vc/openId4VcActorIds'\n\nexport async function getAgentContextForActorId(rootAgentContext: AgentContext, actorId: string) {\n  // Check if multi-tenancy is enabled, and if so find the associated multi-tenant record\n  // This is a bit hacky as it uses the tenants module to store the openid4vc actor id\n  // but this way we don't have to expose the contextCorrelationId in the openid metadata\n  const tenantsApi = getApiForModuleByName<TenantsModule>(rootAgentContext, 'TenantsModule')\n  if (tenantsApi) {\n    const [tenant] = await tenantsApi.findTenantsByQuery({\n      [OPENID4VC_ACTOR_IDS_METADATA_KEY]: [actorId],\n    })\n\n    if (tenant) {\n      const agentContextProvider = rootAgentContext.dependencyManager.resolve<AgentContextProvider>(\n        InjectionSymbols.AgentContextProvider\n      )\n      return agentContextProvider.getAgentContextForContextCorrelationId(`tenant-${tenant.id}`)\n    }\n  }\n\n  return rootAgentContext\n}\n\n/**\n * Store the actor id associated with a context correlation id. If multi-tenancy is not used\n * this method won't do anything as we can just use the actor from the default context. However\n * if multi-tenancy is used, we will store the actor id in the tenant record metadata so it can\n * be queried when a request comes in for the specific actor id.\n *\n * The reason for doing this is that we don't want to expose the context correlation id in the\n * actor metadata url, as it is then possible to see exactly which actors are registered under\n * the same agent.\n */\nexport async function storeActorIdForContextCorrelationId(agentContext: AgentContext, actorId: string) {\n  // It's kind of hacky, but we add support for the tenants module specifically here to map an actorId to\n  // a specific tenant. Otherwise we have to expose /:contextCorrelationId/:actorId in all the public URLs\n  // which is of course not so nice.\n  const tenantsApi = getApiForModuleByName<TenantsModule>(agentContext, 'TenantsModule')\n\n  // We don't want to query the tenant record if the current context is the root context\n  if (tenantsApi && tenantsApi.rootAgentContext.contextCorrelationId !== agentContext.contextCorrelationId) {\n    const tenantRecord = await tenantsApi.getTenantById(agentContext.contextCorrelationId.replace('tenant-', ''))\n\n    const currentOpenId4VcActorIds = tenantRecord.metadata.get<string[]>(OPENID4VC_ACTOR_IDS_METADATA_KEY) ?? []\n    const openId4VcActorIds = [...currentOpenId4VcActorIds, actorId]\n\n    tenantRecord.metadata.set(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds)\n    tenantRecord.setTag(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds)\n    await tenantsApi.updateTenant(tenantRecord)\n  }\n}\n"],"mappings":";;;AAIA,MAAM,mCAAmC;AAEzC,eAAsB,0BAA0B,kBAAgC,SAAiB;CAI/F,MAAM,aAAa,sBAAqC,kBAAkB,gBAAgB;AAC1F,KAAI,YAAY;EACd,MAAM,CAAC,UAAU,MAAM,WAAW,mBAAmB,GAClD,mCAAmC,CAAC,QAAQ,EAC9C,CAAC;AAEF,MAAI,OAIF,QAH6B,iBAAiB,kBAAkB,QAC9D,iBAAiB,qBAClB,CAC2B,uCAAuC,UAAU,OAAO,KAAK;;AAI7F,QAAO;;;;;;;;;;;;AAaT,eAAsB,oCAAoC,cAA4B,SAAiB;CAIrG,MAAM,aAAa,sBAAqC,cAAc,gBAAgB;AAGtF,KAAI,cAAc,WAAW,iBAAiB,yBAAyB,aAAa,sBAAsB;EACxG,MAAM,eAAe,MAAM,WAAW,cAAc,aAAa,qBAAqB,QAAQ,WAAW,GAAG,CAAC;EAG7G,MAAM,oBAAoB,CAAC,GADM,aAAa,SAAS,IAAc,iCAAiC,IAAI,EAAE,EACpD,QAAQ;AAEhE,eAAa,SAAS,IAAI,kCAAkC,kBAAkB;AAC9E,eAAa,OAAO,kCAAkC,kBAAkB;AACxE,QAAM,WAAW,aAAa,aAAa"}

package/build/shared/transactionData.mjs

@@ -0,0 +1,19 @@
+import { CredoError } from "@credo-ts/core";
+
+//#region src/shared/transactionData.ts
+function getSdJwtVcTransactionDataHashes(sdJwtVc) {
+	if (!sdJwtVc.kbJwt) return;
+	const transactionDataHashes = sdJwtVc.kbJwt.payload.transaction_data_hashes;
+	if (!transactionDataHashes) return;
+	if (!Array.isArray(transactionDataHashes) || !transactionDataHashes.every((hash) => typeof hash === "string")) throw new CredoError("Property 'transaction_data_hashes' in SD-JWT VC KB-JWT payload must be an array of strings");
+	const transactionDataHashesAlg = sdJwtVc.kbJwt.payload.transaction_data_hashes_alg;
+	if (typeof transactionDataHashesAlg !== "string" && transactionDataHashes !== void 0) throw new CredoError("Property 'transaction_data_hashes_alg' in SD-JWT VC KB-JWT payload is not of string");
+	return {
+		transaction_data_hashes: transactionDataHashes,
+		transaction_data_hashes_alg: transactionDataHashesAlg
+	};
+}
+
+//#endregion
+export { getSdJwtVcTransactionDataHashes };
+//# sourceMappingURL=transactionData.mjs.map

package/build/shared/transactionData.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"transactionData.mjs","names":[],"sources":["../../src/shared/transactionData.ts"],"sourcesContent":["import { CredoError, type SdJwtVc } from '@credo-ts/core'\n\nexport function getSdJwtVcTransactionDataHashes(sdJwtVc: SdJwtVc) {\n  if (!sdJwtVc.kbJwt) {\n    return undefined\n  }\n\n  const transactionDataHashes = sdJwtVc.kbJwt.payload.transaction_data_hashes\n  if (!transactionDataHashes) {\n    return undefined\n  }\n\n  if (!Array.isArray(transactionDataHashes) || !transactionDataHashes.every((hash) => typeof hash === 'string')) {\n    throw new CredoError(\"Property 'transaction_data_hashes' in SD-JWT VC KB-JWT payload must be an array of strings\")\n  }\n\n  const transactionDataHashesAlg = sdJwtVc.kbJwt.payload.transaction_data_hashes_alg\n  if (typeof transactionDataHashesAlg !== 'string' && transactionDataHashes !== undefined) {\n    throw new CredoError(\"Property 'transaction_data_hashes_alg' in SD-JWT VC KB-JWT payload is not of string\")\n  }\n\n  return {\n    transaction_data_hashes: transactionDataHashes,\n    transaction_data_hashes_alg: transactionDataHashesAlg as string | undefined,\n  }\n}\n"],"mappings":";;;AAEA,SAAgB,gCAAgC,SAAkB;AAChE,KAAI,CAAC,QAAQ,MACX;CAGF,MAAM,wBAAwB,QAAQ,MAAM,QAAQ;AACpD,KAAI,CAAC,sBACH;AAGF,KAAI,CAAC,MAAM,QAAQ,sBAAsB,IAAI,CAAC,sBAAsB,OAAO,SAAS,OAAO,SAAS,SAAS,CAC3G,OAAM,IAAI,WAAW,6FAA6F;CAGpH,MAAM,2BAA2B,QAAQ,MAAM,QAAQ;AACvD,KAAI,OAAO,6BAA6B,YAAY,0BAA0B,OAC5E,OAAM,IAAI,WAAW,sFAAsF;AAG7G,QAAO;EACL,yBAAyB;EACzB,6BAA6B;EAC9B"}

package/build/shared/utils.mjs

@@ -0,0 +1,90 @@
+import { AgentContext, ClaimFormat, CredoError, DidsApi, Kms, SignatureSuiteRegistry, X509Certificate, getPublicJwkFromVerificationMethod } from "@credo-ts/core";
+
+//#region src/shared/utils.ts
+/**
+* Returns the JWA Signature Algorithms that are supported by the wallet.
+*/
+function getSupportedJwaSignatureAlgorithms(agentContext) {
+	const kms = agentContext.resolve(Kms.KeyManagementApi);
+	return Object.values(Kms.KnownJwaSignatureAlgorithms).filter((algorithm) => kms.supportedBackendsForOperation({
+		operation: "sign",
+		algorithm
+	}).length > 0);
+}
+async function getPublicJwkFromDid(agentContext, didUrl, allowedPurposes = ["authentication"]) {
+	return getPublicJwkFromVerificationMethod((await agentContext.dependencyManager.resolve(DidsApi).resolveDidDocument(didUrl)).dereferenceKey(didUrl, allowedPurposes));
+}
+function encodeJwtIssuer(jwtIssuer) {
+	if (jwtIssuer.method === "jwk") return {
+		method: "jwk",
+		jwk: jwtIssuer.jwk.toJson()
+	};
+	if (jwtIssuer.method === "x5c") return {
+		method: "x5c",
+		leafCertificateKeyId: jwtIssuer.x5c[0].keyId,
+		x5c: jwtIssuer.x5c.map((c) => c.toString("base64"))
+	};
+	return jwtIssuer;
+}
+function decodeJwtIssuer(encodedJwtIssuer) {
+	if (encodedJwtIssuer.method === "jwk") return {
+		method: "jwk",
+		jwk: Kms.PublicJwk.fromUnknown(encodedJwtIssuer.jwk)
+	};
+	if (encodedJwtIssuer.method === "x5c") return {
+		method: "x5c",
+		x5c: encodedJwtIssuer.x5c.map((e, i) => {
+			const c = X509Certificate.fromEncodedCertificate(e);
+			if (i === 0) c.keyId = encodedJwtIssuer.leafCertificateKeyId;
+			return c;
+		})
+	};
+	return encodedJwtIssuer;
+}
+async function credoJwtIssuerToOpenId4VcJwtIssuer(agentContext, createJwtIssuer) {
+	if (createJwtIssuer.method === "did") {
+		const { publicJwk } = await agentContext.resolve(DidsApi).resolveVerificationMethodFromCreatedDidRecord(createJwtIssuer.didUrl);
+		return {
+			method: createJwtIssuer.method,
+			didUrl: createJwtIssuer.didUrl,
+			alg: publicJwk.signatureAlgorithm,
+			kid: publicJwk.keyId
+		};
+	}
+	if (createJwtIssuer.method === "x5c") {
+		const leafCertificate = createJwtIssuer.x5c[0];
+		if (!leafCertificate) throw new CredoError("Unable to extract leaf certificate, x5c certificate chain is empty");
+		return {
+			...createJwtIssuer,
+			x5c: createJwtIssuer.x5c.map((certificate) => certificate.toString("base64")),
+			alg: leafCertificate.publicJwk.signatureAlgorithm,
+			kid: leafCertificate.publicJwk.keyId
+		};
+	}
+	if (createJwtIssuer.method === "jwk") return {
+		...createJwtIssuer,
+		publicJwk: createJwtIssuer.jwk.toJson(),
+		alg: createJwtIssuer.jwk.signatureAlgorithm
+	};
+	throw new CredoError(`Unsupported jwt issuer method '${createJwtIssuer.method}'`);
+}
+function getProofTypeFromPublicJwk(agentContext, key) {
+	const supportedSignatureSuites = agentContext.dependencyManager.resolve(SignatureSuiteRegistry).getAllByPublicJwkType(key);
+	if (supportedSignatureSuites.length === 0) throw new CredoError(`Couldn't find a supported signature suite for the given key ${key.jwkTypeHumanDescription}.`);
+	return supportedSignatureSuites[0].proofType;
+}
+function dcqlCredentialQueryToPresentationFormat(credential) {
+	switch (credential.format) {
+		case "dc+sd-jwt": return ClaimFormat.SdJwtDc;
+		case "vc+sd-jwt":
+			if (credential.meta && "type_values" in credential.meta) return ClaimFormat.SdJwtW3cVp;
+			return ClaimFormat.SdJwtDc;
+		case "jwt_vc_json": return ClaimFormat.JwtVp;
+		case "ldp_vc": return ClaimFormat.LdpVp;
+		case "mso_mdoc": return ClaimFormat.MsoMdoc;
+	}
+}
+
+//#endregion
+export { credoJwtIssuerToOpenId4VcJwtIssuer, dcqlCredentialQueryToPresentationFormat, decodeJwtIssuer, encodeJwtIssuer, getProofTypeFromPublicJwk, getPublicJwkFromDid, getSupportedJwaSignatureAlgorithms };
+//# sourceMappingURL=utils.mjs.map

package/build/shared/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":[],"sources":["../../src/shared/utils.ts"],"sourcesContent":["import {\n  AgentContext,\n  ClaimFormat,\n  CredoError,\n  type DcqlQuery,\n  type DidPurpose,\n  DidsApi,\n  getPublicJwkFromVerificationMethod,\n  Kms,\n  SignatureSuiteRegistry,\n  X509Certificate,\n} from '@credo-ts/core'\nimport type { Jwk, JwtSigner } from '@openid4vc/oauth2'\nimport type { OpenId4VcJwtIssuer, OpenId4VcJwtIssuerEncoded } from './models'\n\n/**\n * Returns the JWA Signature Algorithms that are supported by the wallet.\n */\nexport function getSupportedJwaSignatureAlgorithms(agentContext: AgentContext): Kms.KnownJwaSignatureAlgorithm[] {\n  const kms = agentContext.resolve(Kms.KeyManagementApi)\n\n  // If we can sign with an algorithm we assume it's supported (also for verification)\n  const supportedJwaSignatureAlgorithms = Object.values(Kms.KnownJwaSignatureAlgorithms).filter(\n    (algorithm) => kms.supportedBackendsForOperation({ operation: 'sign', algorithm }).length > 0\n  )\n\n  return supportedJwaSignatureAlgorithms\n}\n\nexport async function getPublicJwkFromDid(\n  agentContext: AgentContext,\n  didUrl: string,\n  allowedPurposes: DidPurpose[] = ['authentication']\n) {\n  const didsApi = agentContext.dependencyManager.resolve(DidsApi)\n  const didDocument = await didsApi.resolveDidDocument(didUrl)\n  const verificationMethod = didDocument.dereferenceKey(didUrl, allowedPurposes)\n\n  return getPublicJwkFromVerificationMethod(verificationMethod)\n}\n\nexport function encodeJwtIssuer(jwtIssuer: OpenId4VcJwtIssuer): OpenId4VcJwtIssuerEncoded {\n  if (jwtIssuer.method === 'jwk') {\n    return {\n      method: 'jwk',\n      jwk: jwtIssuer.jwk.toJson(),\n    }\n  }\n\n  if (jwtIssuer.method === 'x5c') {\n    return {\n      method: 'x5c',\n      leafCertificateKeyId: jwtIssuer.x5c[0].keyId,\n      x5c: jwtIssuer.x5c.map((c) => c.toString('base64')),\n    }\n  }\n\n  return jwtIssuer\n}\n\nexport function decodeJwtIssuer(encodedJwtIssuer: OpenId4VcJwtIssuerEncoded): OpenId4VcJwtIssuer {\n  if (encodedJwtIssuer.method === 'jwk') {\n    return {\n      method: 'jwk',\n      jwk: Kms.PublicJwk.fromUnknown(encodedJwtIssuer.jwk),\n    }\n  }\n\n  if (encodedJwtIssuer.method === 'x5c') {\n    return {\n      method: 'x5c',\n      x5c: encodedJwtIssuer.x5c.map((e, i) => {\n        const c = X509Certificate.fromEncodedCertificate(e)\n        if (i === 0) c.keyId = encodedJwtIssuer.leafCertificateKeyId\n        return c\n      }),\n    }\n  }\n\n  return encodedJwtIssuer\n}\n\nexport async function credoJwtIssuerToOpenId4VcJwtIssuer(\n  agentContext: AgentContext,\n  createJwtIssuer: OpenId4VcJwtIssuer\n): Promise<JwtSigner> {\n  if (createJwtIssuer.method === 'did') {\n    const dids = agentContext.resolve(DidsApi)\n    const { publicJwk } = await dids.resolveVerificationMethodFromCreatedDidRecord(createJwtIssuer.didUrl)\n\n    return {\n      method: createJwtIssuer.method,\n      didUrl: createJwtIssuer.didUrl,\n      alg: publicJwk.signatureAlgorithm,\n      kid: publicJwk.keyId,\n    }\n  }\n  if (createJwtIssuer.method === 'x5c') {\n    const leafCertificate = createJwtIssuer.x5c[0]\n    if (!leafCertificate) {\n      throw new CredoError('Unable to extract leaf certificate, x5c certificate chain is empty')\n    }\n\n    return {\n      ...createJwtIssuer,\n      x5c: createJwtIssuer.x5c.map((certificate) => certificate.toString('base64')),\n      alg: leafCertificate.publicJwk.signatureAlgorithm,\n      kid: leafCertificate.publicJwk.keyId,\n    }\n  }\n  if (createJwtIssuer.method === 'jwk') {\n    return {\n      ...createJwtIssuer,\n      publicJwk: createJwtIssuer.jwk.toJson() as Jwk,\n      alg: createJwtIssuer.jwk.signatureAlgorithm,\n    }\n  }\n\n  throw new CredoError(`Unsupported jwt issuer method '${(createJwtIssuer as OpenId4VcJwtIssuer).method}'`)\n}\n\nexport function getProofTypeFromPublicJwk(agentContext: AgentContext, key: Kms.PublicJwk) {\n  const signatureSuiteRegistry = agentContext.dependencyManager.resolve(SignatureSuiteRegistry)\n\n  const supportedSignatureSuites = signatureSuiteRegistry.getAllByPublicJwkType(key)\n  if (supportedSignatureSuites.length === 0) {\n    throw new CredoError(`Couldn't find a supported signature suite for the given key ${key.jwkTypeHumanDescription}.`)\n  }\n\n  return supportedSignatureSuites[0].proofType\n}\n\nexport function parseIfJson<T>(input: T): T | Record<string, unknown> {\n  if (typeof input !== 'string') {\n    return input\n  }\n\n  try {\n    // Try to parse the string as JSON\n    return JSON.parse(input)\n  } catch (_error) {\n    /* empty */\n  }\n\n  return input\n}\n\nexport function dcqlCredentialQueryToPresentationFormat(credential: DcqlQuery['credentials'][number]) {\n  switch (credential.format) {\n    case 'dc+sd-jwt':\n      return ClaimFormat.SdJwtDc\n    case 'vc+sd-jwt':\n      if (credential.meta && 'type_values' in credential.meta) {\n        return ClaimFormat.SdJwtW3cVp\n      }\n\n      return ClaimFormat.SdJwtDc\n    case 'jwt_vc_json':\n      return ClaimFormat.JwtVp\n    case 'ldp_vc':\n      return ClaimFormat.LdpVp\n    case 'mso_mdoc':\n      return ClaimFormat.MsoMdoc\n  }\n}\n"],"mappings":";;;;;;AAkBA,SAAgB,mCAAmC,cAA8D;CAC/G,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;AAOtD,QAJwC,OAAO,OAAO,IAAI,4BAA4B,CAAC,QACpF,cAAc,IAAI,8BAA8B;EAAE,WAAW;EAAQ;EAAW,CAAC,CAAC,SAAS,EAC7F;;AAKH,eAAsB,oBACpB,cACA,QACA,kBAAgC,CAAC,iBAAiB,EAClD;AAKA,QAAO,oCAHa,MADJ,aAAa,kBAAkB,QAAQ,QAAQ,CAC7B,mBAAmB,OAAO,EACrB,eAAe,QAAQ,gBAAgB,CAEjB;;AAG/D,SAAgB,gBAAgB,WAA0D;AACxF,KAAI,UAAU,WAAW,MACvB,QAAO;EACL,QAAQ;EACR,KAAK,UAAU,IAAI,QAAQ;EAC5B;AAGH,KAAI,UAAU,WAAW,MACvB,QAAO;EACL,QAAQ;EACR,sBAAsB,UAAU,IAAI,GAAG;EACvC,KAAK,UAAU,IAAI,KAAK,MAAM,EAAE,SAAS,SAAS,CAAC;EACpD;AAGH,QAAO;;AAGT,SAAgB,gBAAgB,kBAAiE;AAC/F,KAAI,iBAAiB,WAAW,MAC9B,QAAO;EACL,QAAQ;EACR,KAAK,IAAI,UAAU,YAAY,iBAAiB,IAAI;EACrD;AAGH,KAAI,iBAAiB,WAAW,MAC9B,QAAO;EACL,QAAQ;EACR,KAAK,iBAAiB,IAAI,KAAK,GAAG,MAAM;GACtC,MAAM,IAAI,gBAAgB,uBAAuB,EAAE;AACnD,OAAI,MAAM,EAAG,GAAE,QAAQ,iBAAiB;AACxC,UAAO;IACP;EACH;AAGH,QAAO;;AAGT,eAAsB,mCACpB,cACA,iBACoB;AACpB,KAAI,gBAAgB,WAAW,OAAO;EAEpC,MAAM,EAAE,cAAc,MADT,aAAa,QAAQ,QAAQ,CACT,8CAA8C,gBAAgB,OAAO;AAEtG,SAAO;GACL,QAAQ,gBAAgB;GACxB,QAAQ,gBAAgB;GACxB,KAAK,UAAU;GACf,KAAK,UAAU;GAChB;;AAEH,KAAI,gBAAgB,WAAW,OAAO;EACpC,MAAM,kBAAkB,gBAAgB,IAAI;AAC5C,MAAI,CAAC,gBACH,OAAM,IAAI,WAAW,qEAAqE;AAG5F,SAAO;GACL,GAAG;GACH,KAAK,gBAAgB,IAAI,KAAK,gBAAgB,YAAY,SAAS,SAAS,CAAC;GAC7E,KAAK,gBAAgB,UAAU;GAC/B,KAAK,gBAAgB,UAAU;GAChC;;AAEH,KAAI,gBAAgB,WAAW,MAC7B,QAAO;EACL,GAAG;EACH,WAAW,gBAAgB,IAAI,QAAQ;EACvC,KAAK,gBAAgB,IAAI;EAC1B;AAGH,OAAM,IAAI,WAAW,kCAAmC,gBAAuC,OAAO,GAAG;;AAG3G,SAAgB,0BAA0B,cAA4B,KAAoB;CAGxF,MAAM,2BAFyB,aAAa,kBAAkB,QAAQ,uBAAuB,CAErC,sBAAsB,IAAI;AAClF,KAAI,yBAAyB,WAAW,EACtC,OAAM,IAAI,WAAW,+DAA+D,IAAI,wBAAwB,GAAG;AAGrH,QAAO,yBAAyB,GAAG;;AAkBrC,SAAgB,wCAAwC,YAA8C;AACpG,SAAQ,WAAW,QAAnB;EACE,KAAK,YACH,QAAO,YAAY;EACrB,KAAK;AACH,OAAI,WAAW,QAAQ,iBAAiB,WAAW,KACjD,QAAO,YAAY;AAGrB,UAAO,YAAY;EACrB,KAAK,cACH,QAAO,YAAY;EACrB,KAAK,SACH,QAAO,YAAY;EACrB,KAAK,WACH,QAAO,YAAY"}

package/package.json

@@ -1,8 +1,10 @@
 {
   "name": "@credo-ts/openid4vc",
-  "main": "build/index",
-  "types": "build/index",
-  "version": "0.6.1-pr-2091-20241119140918",
+  "exports": {
+    ".": "./build/index.mjs",
+    "./package.json": "./package.json"
+  },
+  "version": "0.6.1",
   "files": [
     "build"
   ],
@@ -10,6 +12,14 @@
   "publishConfig": {
     "access": "public"
   },
+  "browser": {
+    "./build/shared/router/express.mjs": "./build/shared/router/express.browser.mjs",
+    "./build/shared/router/express.js": "./build/shared/router/express.browser.js"
+  },
+  "react-native": {
+    "./build/shared/router/express.mjs": "./build/shared/router/express.native.mjs",
+    "./build/shared/router/express.js": "./build/shared/router/express.native.js"
+  },
   "homepage": "https://github.com/openwallet-foundation/credo-ts/tree/main/packages/openid4vc",
   "repository": {
     "type": "git",
@@ -17,28 +27,25 @@
     "directory": "packages/openid4vc"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.16.1-fix.173",
-    "@sphereon/oid4vc-common": "0.16.1-fix.173",
-    "@sphereon/ssi-types": "0.30.2-next.135",
-    "class-transformer": "^0.5.1",
-    "rxjs": "^7.8.0",
-    "zod": "^3.23.8",
-    "@animo-id/oid4vci": "0.1.3",
-    "@animo-id/oauth2": "0.1.3",
-    "@credo-ts/core": "0.6.1-pr-2091-20241119140918"
+    "class-transformer": "0.5.1",
+    "rxjs": "^7.8.2",
+    "zod": "^4.1.12",
+    "@openid4vc/openid4vci": "^0.4.1",
+    "@openid4vc/oauth2": "^0.4.1",
+    "@openid4vc/openid4vp": "^0.4.1",
+    "@openid4vc/utils": "^0.4.1",
+    "@types/express": "^5.0.6",
+    "express": "^5.2.0",
+    "@credo-ts/core": "0.6.1"
   },
   "devDependencies": {
-    "@types/express": "^4.17.21",
-    "express": "^4.18.2",
-    "nock": "^14.0.0-beta.16",
-    "rimraf": "^4.4.0",
-    "typescript": "~5.5.2",
-    "@credo-ts/tenants": "0.6.1-pr-2091-20241119140918"
+    "nock": "^14.0.10",
+    "typescript": "~5.9.3",
+    "@credo-ts/tenants": "0.6.1"
   },
   "scripts": {
-    "build": "pnpm run clean && pnpm run compile",
-    "clean": "rimraf ./build",
-    "compile": "tsc -p tsconfig.build.json",
-    "test": "jest"
-  }
+    "build": "tsdown --config-loader unconfig"
+  },
+  "types": "./build/index.d.mts",
+  "module": "./build/index.mjs"
 }

package/build/index.d.ts

@@ -1,4 +0,0 @@
-export * from './openid4vc-holder';
-export * from './openid4vc-verifier';
-export * from './openid4vc-issuer';
-export * from './shared';

package/build/index.js

@@ -1,21 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./openid4vc-holder"), exports);
-__exportStar(require("./openid4vc-verifier"), exports);
-__exportStar(require("./openid4vc-issuer"), exports);
-__exportStar(require("./shared"), exports);
-//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC;AAClC,uDAAoC;AACpC,qDAAkC;AAClC,2CAAwB"}

package/build/openid4vc-holder/OpenId4VcHolderApi.d.ts

@@ -1,124 +0,0 @@
-import type { OpenId4VciResolvedCredentialOffer, OpenId4VciAuthCodeFlowOptions, OpenId4VciTokenRequestOptions as OpenId4VciRequestTokenOptions, OpenId4VciCredentialRequestOptions as OpenId4VciRequestCredentialOptions, OpenId4VciSendNotificationOptions, OpenId4VciRequestTokenResponse, OpenId4VciRetrieveAuthorizationCodeUsingPresentationOptions } from './OpenId4VciHolderServiceOptions';
-import type { OpenId4VcSiopAcceptAuthorizationRequestOptions } from './OpenId4vcSiopHolderServiceOptions';
-import { AgentContext, DifPresentationExchangeService, DifPexCredentialsForRequest } from '@credo-ts/core';
-import { OpenId4VciMetadata } from '../shared';
-import { OpenId4VciHolderService } from './OpenId4VciHolderService';
-import { OpenId4VcSiopHolderService } from './OpenId4vcSiopHolderService';
-/**
- * @public
- */
-export declare class OpenId4VcHolderApi {
-    private agentContext;
-    private openId4VciHolderService;
-    private openId4VcSiopHolderService;
-    private difPresentationExchangeService;
-    constructor(agentContext: AgentContext, openId4VciHolderService: OpenId4VciHolderService, openId4VcSiopHolderService: OpenId4VcSiopHolderService, difPresentationExchangeService: DifPresentationExchangeService);
-    /**
-     * Resolves the authentication request given as URI or JWT to a unified format, and
-     * verifies the validity of the request.
-     *
-     * The resolved request can be accepted with the @see acceptSiopAuthorizationRequest.
-     *
-     * If the authorization request uses OpenID4VP and included presentation definitions,
-     * a `presentationExchange` property will be defined with credentials that satisfy the
-     * incoming request. When `presentationExchange` is present, you MUST supply `presentationExchange`
-     * when calling `acceptSiopAuthorizationRequest` as well.
-     *
-     * @param requestJwtOrUri JWT or an SIOPv2 request URI
-     * @returns the resolved and verified authentication request.
-     */
-    resolveSiopAuthorizationRequest(requestJwtOrUri: string): Promise<import("./OpenId4vcSiopHolderServiceOptions").OpenId4VcSiopResolvedAuthorizationRequest>;
-    /**
-     * Accepts the authentication request after it has been resolved and verified with {@link resolveSiopAuthorizationRequest}.
-     *
-     * If the resolved authorization request included a `presentationExchange` property, you MUST supply `presentationExchange`
-     * in the `options` parameter.
-     *
-     * If no `presentationExchange` property is present, you MUST supply `openIdTokenIssuer` in the `options` parameter.
-     */
-    acceptSiopAuthorizationRequest(options: OpenId4VcSiopAcceptAuthorizationRequestOptions): Promise<{
-        readonly ok: false;
-        readonly serverResponse: {
-            readonly status: number;
-            readonly body: string | Record<string, unknown> | null;
-        };
-        readonly submittedResponse: import("@sphereon/did-auth-siop").AuthorizationResponsePayload;
-        readonly redirectUri?: undefined;
-        readonly presentationDuringIssuanceSession?: undefined;
-    } | {
-        readonly ok: true;
-        readonly serverResponse: {
-            readonly status: number;
-            readonly body: Record<string, unknown>;
-        };
-        readonly submittedResponse: import("@sphereon/did-auth-siop").AuthorizationResponsePayload;
-        readonly redirectUri: string | undefined;
-        readonly presentationDuringIssuanceSession: string | undefined;
-    }>;
-    /**
-     * Automatically select credentials from available credentials for a request. Can be called after calling
-     * @see resolveSiopAuthorizationRequest.
-     */
-    selectCredentialsForRequest(credentialsForRequest: DifPexCredentialsForRequest): import("@credo-ts/core").DifPexInputDescriptorToCredentials;
-    resolveIssuerMetadata(credentialIssuer: string): Promise<OpenId4VciMetadata>;
-    /**
-     * Resolves a credential offer given as credential offer URL, or issuance initiation URL,
-     * into a unified format with metadata.
-     *
-     * @param credentialOffer the credential offer to resolve
-     * @returns The uniform credential offer payload, the issuer metadata, protocol version, and the offered credentials with metadata.
-     */
-    resolveCredentialOffer(credentialOffer: string): Promise<OpenId4VciResolvedCredentialOffer>;
-    /**
-     * This function is to be used to receive an credential in OpenID4VCI using the Authorization Code Flow.
-     *
-     * Not to be confused with the {@link resolveSiopAuthorizationRequest}, which is only used for SIOP requests.
-     *
-     * It will generate an authorization session based on the provided options.
-     *
-     * There are two possible flows:
-     * - Oauth2Recirect: an authorization request URI is returend which can be used to obtain the authorization code.
-     *   This needs to be done manually (e.g. by opening a browser window)
-     * - PresentationDuringIssuance: an openid4vp presentation request needs to be handled. A oid4vpRequestUri is returned
-     *   which can be parsed using `resolveSiopAuthorizationRequest`. After the presentation session has been completed,
-     *   the resulting `presentationDuringIssuanceSession` can be used to obtain an authorization code
-     *
-     * Authorization to request credentials can be requested via authorization_details or scopes.
-     * This function automatically generates the authorization_details for all offered credentials.
-     * If scopes are provided, the provided scopes are sent alongside the authorization_details.
-     *
-     * @param resolvedCredentialOffer Obtained through @see resolveCredentialOffer
-     * @param authCodeFlowOptions
-     * @returns The authorization request URI alongside the code verifier and original @param authCodeFlowOptions
-     */
-    resolveIssuanceAuthorizationRequest(resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer, authCodeFlowOptions: OpenId4VciAuthCodeFlowOptions): Promise<import("./OpenId4VciHolderServiceOptions").OpenId4VciResolvedAuthorizationRequest>;
-    /**
-     * Retrieve an authorization code using an `presentationDuringIssuanceSession`.
-     *
-     * The authorization code can be exchanged for an `accessToken` @see requestToken
-     */
-    retrieveAuthorizationCodeUsingPresentation(options: OpenId4VciRetrieveAuthorizationCodeUsingPresentationOptions): Promise<{
-        authorizationCode: string;
-    }>;
-    /**
-     * Requests the token to be used for credential requests.
-     */
-    requestToken(options: OpenId4VciRequestTokenOptions): Promise<OpenId4VciRequestTokenResponse>;
-    /**
-     * Request a set of credentials from the credential isser.
-     * Can be used with both the pre-authorized code flow and the authorization code flow.
-     */
-    requestCredentials(options: OpenId4VciRequestCredentialOptions): Promise<{
-        credentials: import("./OpenId4VciHolderServiceOptions").OpenId4VciCredentialResponse[];
-        dpop: {
-            nonce: string | undefined;
-            jwk: import("@credo-ts/core").Jwk;
-            alg: import("@credo-ts/core").JwaSignatureAlgorithm;
-        } | undefined;
-        cNonce: string | undefined;
-    }>;
-    /**
-     * Send a notification event to the credential issuer
-     */
-    sendNotification(options: OpenId4VciSendNotificationOptions): Promise<void>;
-}