@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.1

package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.ts

@@ -1,238 +0,0 @@
-import type { OpenId4VcCredentialHolderBinding, OpenId4VciCredentialConfigurationsSupportedWithFormats } from '../shared';
-import type { CredentialOfferObject, IssuerMetadataResult } from '@animo-id/oid4vci';
-import type { AgentContext, JwaSignatureAlgorithm, Jwk, KeyType, VerifiableCredential } from '@credo-ts/core';
-import { AuthorizationFlow as OpenId4VciAuthorizationFlow } from '@animo-id/oid4vci';
-import { OpenId4VciCredentialFormatProfile } from '../shared/models/OpenId4VciCredentialFormatProfile';
-export { OpenId4VciAuthorizationFlow };
-export type OpenId4VciSupportedCredentialFormats = OpenId4VciCredentialFormatProfile.JwtVcJson | OpenId4VciCredentialFormatProfile.JwtVcJsonLd | OpenId4VciCredentialFormatProfile.SdJwtVc | OpenId4VciCredentialFormatProfile.LdpVc | OpenId4VciCredentialFormatProfile.MsoMdoc;
-export declare const openId4VciSupportedCredentialFormats: OpenId4VciSupportedCredentialFormats[];
-export interface OpenId4VciDpopRequestOptions {
-    jwk: Jwk;
-    alg: JwaSignatureAlgorithm;
-    nonce?: string;
-}
-/**
- * 'credential_accepted' The Credential was successfully stored in the Wallet.
- * 'credential_deleted' when the unsuccessful Credential issuance was caused by a user action.
- * 'credential_failure' otherwise.
- */
-export type OpenId4VciNotificationEvent = 'credential_accepted' | 'credential_failure' | 'credential_deleted';
-export type OpenId4VciRequestTokenResponse = {
-    accessToken: string;
-    cNonce?: string;
-    dpop?: OpenId4VciDpopRequestOptions;
-};
-type UnionToArrayUnion<T> = T extends any ? T[] : never;
-export interface OpenId4VciCredentialResponse {
-    credentialConfigurationId: string;
-    credentials: UnionToArrayUnion<VerifiableCredential>;
-    notificationId?: string;
-}
-export interface OpenId4VciResolvedCredentialOffer {
-    metadata: IssuerMetadataResult;
-    credentialOfferPayload: CredentialOfferObject;
-    /**
-     * Offered credential configurations with known formats
-     */
-    offeredCredentialConfigurations: OpenId4VciCredentialConfigurationsSupportedWithFormats;
-}
-export type OpenId4VciResolvedAuthorizationRequest = {
-    oid4vpRequestUrl: string;
-    authorizationFlow: OpenId4VciAuthorizationFlow.PresentationDuringIssuance;
-    authSession: string;
-} | {
-    authorizationRequestUrl: string;
-    authorizationFlow: OpenId4VciAuthorizationFlow.Oauth2Redirect;
-    codeVerifier?: string;
-};
-export interface OpenId4VciSendNotificationOptions {
-    metadata: IssuerMetadataResult;
-    notificationId: string;
-    /**
-     * The access token obtained through @see requestToken
-     */
-    accessToken: string;
-    /**
-     * The notification event
-     *
-     * 'credential_accepted' The Credential was successfully stored in the Wallet.
-     * 'credential_deleted' when the unsuccessful Credential issuance was caused by a user action.
-     * 'credential_failure' otherwise.
-     */
-    notificationEvent: OpenId4VciNotificationEvent;
-    dpop?: OpenId4VciDpopRequestOptions;
-}
-export interface OpenId4VcAuthorizationCodeTokenRequestOptions {
-    resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer;
-    code: string;
-    clientId: string;
-    codeVerifier?: string;
-    redirectUri?: string;
-    txCode?: never;
-}
-export interface OpenId4VciPreAuthorizedTokenRequestOptions {
-    resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer;
-    txCode?: string;
-    code?: undefined;
-}
-export type OpenId4VciTokenRequestOptions = OpenId4VciPreAuthorizedTokenRequestOptions | OpenId4VcAuthorizationCodeTokenRequestOptions;
-export interface OpenId4VciRetrieveAuthorizationCodeUsingPresentationOptions {
-    resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer;
-    dpop?: OpenId4VciDpopRequestOptions;
-    /**
-     * auth session returned at an earlier call to the authorization challenge endpoint
-     */
-    authSession: string;
-    /**
-     * Presentation during issuance session returned by the verifier after submitting a valid presentation
-     */
-    presentationDuringIssuanceSession?: string;
-}
-export interface OpenId4VciCredentialRequestOptions extends Omit<OpenId4VciAcceptCredentialOfferOptions, 'userPin'> {
-    resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer;
-    accessToken: string;
-    cNonce?: string;
-    dpop?: OpenId4VciDpopRequestOptions;
-    /**
-     * The client id used for authorization. Only required if authorization_code flow was used.
-     */
-    clientId?: string;
-}
-/**
- * Options that are used to accept a credential offer for both the pre-authorized code flow and authorization code flow.
- * NOTE: Merge with @see OpenId4VciCredentialRequestOptions for 0.6
- */
-export interface OpenId4VciAcceptCredentialOfferOptions {
-    /**
-     * This is the list of credentials configuration ids that will be requested from the issuer.
-     * Should be a list of ids of the credentials that are included in the credential offer.
-     * If not provided all offered credentials will be requested.
-     */
-    credentialConfigurationIds?: string[];
-    /**
-     * Whether to request a batch of credentials if supported by the crednetial issuer.
-     *
-     * You can also provide a number to indicate the batch size. If `true` is provided
-     * the max size from the credential issuer will be used.
-     *
-     * If a number is passed that is higher than the max batch size of the credential issuer,
-     * an error will be thrown.
-     *
-     * @default false
-     */
-    requestBatch?: boolean | number;
-    verifyCredentialStatus?: boolean;
-    /**
-     * A list of allowed proof of possession signature algorithms in order of preference.
-     *
-     * Note that the signature algorithms must be supported by the wallet implementation.
-     * Signature algorithms that are not supported by the wallet will be ignored.
-     *
-     * The proof of possession (pop) signature algorithm is used in the credential request
-     * to bind the credential to a did. In most cases the JWA signature algorithm
-     * that is used in the pop will determine the cryptographic suite that is used
-     * for signing the credential, but this not a requirement for the spec. E.g. if the
-     * pop uses EdDsa, the credential will most commonly also use EdDsa, or Ed25519Signature2018/2020.
-     */
-    allowedProofOfPossessionSignatureAlgorithms?: JwaSignatureAlgorithm[];
-    /**
-     * A function that should resolve key material for binding the to-be-issued credential
-     * to the holder based on the options passed. This key material will be used for signing
-     * the proof of possession included in the credential request.
-     *
-     * This method will be called once for each of the credentials that are included
-     * in the credential offer.
-     *
-     * Based on the credential format, JWA signature algorithm, verification method types
-     * and binding methods (did methods, jwk), the resolver must return an object
-     * conformant to the `CredentialHolderBinding` interface, which will be used
-     * for the proof of possession signature.
-     */
-    credentialBindingResolver: OpenId4VciCredentialBindingResolver;
-}
-/**
- * Options that are used for the authorization code flow.
- * Extends the pre-authorized code flow options.
- */
-export interface OpenId4VciAuthCodeFlowOptions {
-    clientId: string;
-    redirectUri: string;
-    scope?: string[];
-}
-export interface OpenId4VciCredentialBindingOptions {
-    agentContext: AgentContext;
-    /**
-     * The credential format that will be requested from the issuer.
-     * E.g. `jwt_vc` or `ldp_vc`.
-     */
-    credentialFormat: OpenId4VciSupportedCredentialFormats;
-    /**
-     * The JWA Signature Algorithm(s) that can be used in the proof of possession.
-     * This is based on the `allowedProofOfPossessionSignatureAlgorithms` passed
-     * to the request credential method, and the supported signature algorithms.
-     */
-    signatureAlgorithms: JwaSignatureAlgorithm[];
-    /**
-     * This is a list of verification methods types that are supported
-     * for creating the proof of possession signature. The returned
-     * verification method type must be of one of these types.
-     */
-    supportedVerificationMethods: string[];
-    /**
-     * The key type that can be used to create the proof of possession signature.
-     * This is related to the verification method and the signature algorithm, and
-     * is added for convenience.
-     */
-    keyTypes: KeyType[];
-    /**
-     * The credential type that will be requested from the issuer. This is
-     * based on the credential types that are included the credential offer.
-     */
-    credentialConfigurationId?: string;
-    /**
-     * Whether the issuer supports the `did` cryptographic binding method,
-     * indicating they support all did methods. In most cases, they do not
-     * support all did methods, and it means we have to make an assumption
-     * about the did methods they support.
-     *
-     * If this value is `false`, the `supportedDidMethods` property will
-     * contain a list of supported did methods.
-     */
-    supportsAllDidMethods: boolean;
-    /**
-     * A list of supported did methods. This is only used if the `supportsAllDidMethods`
-     * property is `false`. When this array is populated, the returned verification method
-     * MUST be based on one of these did methods.
-     *
-     * The did methods are returned in the format `did:<method>`, e.g. `did:web`.
-     *
-     * The value is undefined in the case the supported did methods could not be extracted.
-     * This is the case when an inline credential was used, or when the issuer didn't include
-     * the supported did methods in the issuer metadata.
-     *
-     * NOTE: an empty array (no did methods supported) has a different meaning from the value
-     * being undefined (the supported did methods could not be extracted). If `supportsAllDidMethods`
-     * is true, the value of this property MUST be ignored.
-     */
-    supportedDidMethods?: string[];
-    /**
-     * Whether the issuer supports the `jwk` cryptographic binding method,
-     * indicating they support proof of possession signatures bound to a jwk.
-     */
-    supportsJwk: boolean;
-}
-/**
- * The proof of possession verification method resolver is a function that can be passed by the
- * user of the framework and allows them to determine which verification method should be used
- * for the proof of possession signature.
- */
-export type OpenId4VciCredentialBindingResolver = (options: OpenId4VciCredentialBindingOptions) => Promise<OpenId4VcCredentialHolderBinding> | OpenId4VcCredentialHolderBinding;
-/**
- * @internal
- */
-export interface OpenId4VciProofOfPossessionRequirements {
-    signatureAlgorithms: JwaSignatureAlgorithm[];
-    supportedDidMethods?: string[];
-    supportsAllDidMethods: boolean;
-    supportsJwk: boolean;
-}

package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.openId4VciSupportedCredentialFormats = exports.OpenId4VciAuthorizationFlow = void 0;
-const oid4vci_1 = require("@animo-id/oid4vci");
-Object.defineProperty(exports, "OpenId4VciAuthorizationFlow", { enumerable: true, get: function () { return oid4vci_1.AuthorizationFlow; } });
-const OpenId4VciCredentialFormatProfile_1 = require("../shared/models/OpenId4VciCredentialFormatProfile");
-exports.openId4VciSupportedCredentialFormats = [
-    OpenId4VciCredentialFormatProfile_1.OpenId4VciCredentialFormatProfile.JwtVcJson,
-    OpenId4VciCredentialFormatProfile_1.OpenId4VciCredentialFormatProfile.JwtVcJsonLd,
-    OpenId4VciCredentialFormatProfile_1.OpenId4VciCredentialFormatProfile.SdJwtVc,
-    OpenId4VciCredentialFormatProfile_1.OpenId4VciCredentialFormatProfile.LdpVc,
-    OpenId4VciCredentialFormatProfile_1.OpenId4VciCredentialFormatProfile.MsoMdoc,
-];
-//# sourceMappingURL=OpenId4VciHolderServiceOptions.js.map

package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"OpenId4VciHolderServiceOptions.js","sourceRoot":"","sources":["../../src/openid4vc-holder/OpenId4VciHolderServiceOptions.ts"],"names":[],"mappings":";;;AAOA,+CAAoF;AAI3E,4GAJqB,2BAA2B,OAIrB;AAFpC,0GAAsG;AAWzF,QAAA,oCAAoC,GAA2C;IAC1F,qEAAiC,CAAC,SAAS;IAC3C,qEAAiC,CAAC,WAAW;IAC7C,qEAAiC,CAAC,OAAO;IACzC,qEAAiC,CAAC,KAAK;IACvC,qEAAiC,CAAC,OAAO;CAC1C,CAAA"}

package/build/openid4vc-holder/OpenId4vcSiopHolderService.d.ts

@@ -1,32 +0,0 @@
-import type { OpenId4VcSiopAcceptAuthorizationRequestOptions, OpenId4VcSiopResolvedAuthorizationRequest } from './OpenId4vcSiopHolderServiceOptions';
-import type { AgentContext } from '@credo-ts/core';
-import type { AuthorizationResponsePayload } from '@sphereon/did-auth-siop';
-import { DifPresentationExchangeService } from '@credo-ts/core';
-export declare class OpenId4VcSiopHolderService {
-    private presentationExchangeService;
-    constructor(presentationExchangeService: DifPresentationExchangeService);
-    resolveAuthorizationRequest(agentContext: AgentContext, requestJwtOrUri: string): Promise<OpenId4VcSiopResolvedAuthorizationRequest>;
-    acceptAuthorizationRequest(agentContext: AgentContext, options: OpenId4VcSiopAcceptAuthorizationRequestOptions): Promise<{
-        readonly ok: false;
-        readonly serverResponse: {
-            readonly status: number;
-            readonly body: string | Record<string, unknown> | null;
-        };
-        readonly submittedResponse: AuthorizationResponsePayload;
-        readonly redirectUri?: undefined;
-        readonly presentationDuringIssuanceSession?: undefined;
-    } | {
-        readonly ok: true;
-        readonly serverResponse: {
-            readonly status: number;
-            readonly body: Record<string, unknown>;
-        };
-        readonly submittedResponse: AuthorizationResponsePayload;
-        readonly redirectUri: string | undefined;
-        readonly presentationDuringIssuanceSession: string | undefined;
-    }>;
-    private getOpenIdProvider;
-    private getOpenIdTokenIssuerFromVerifiablePresentation;
-    private assertValidTokenIssuer;
-    private encryptJarmResponse;
-}

package/build/openid4vc-holder/OpenId4vcSiopHolderService.js

@@ -1,302 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OpenId4VcSiopHolderService = void 0;
-const core_1 = require("@credo-ts/core");
-const did_auth_siop_1 = require("@sphereon/did-auth-siop");
-const transform_1 = require("../shared/transform");
-const utils_1 = require("../shared/utils");
-let OpenId4VcSiopHolderService = class OpenId4VcSiopHolderService {
-    constructor(presentationExchangeService) {
-        this.presentationExchangeService = presentationExchangeService;
-    }
-    async resolveAuthorizationRequest(agentContext, requestJwtOrUri) {
-        var _a, _b;
-        const openidProvider = await this.getOpenIdProvider(agentContext);
-        // parsing happens automatically in verifyAuthorizationRequest
-        const verifiedAuthorizationRequest = await openidProvider.verifyAuthorizationRequest(requestJwtOrUri);
-        agentContext.config.logger.debug(`verified SIOP Authorization Request for issuer '${verifiedAuthorizationRequest.issuer}'`);
-        agentContext.config.logger.debug(`requestJwtOrUri '${requestJwtOrUri}'`);
-        if (verifiedAuthorizationRequest.presentationDefinitions &&
-            verifiedAuthorizationRequest.presentationDefinitions.length > 1) {
-            throw new core_1.CredoError('Only a single presentation definition is supported.');
-        }
-        const presentationDefinition = (_b = (_a = verifiedAuthorizationRequest.presentationDefinitions) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.definition;
-        return {
-            authorizationRequest: verifiedAuthorizationRequest,
-            // Parameters related to DIF Presentation Exchange
-            presentationExchange: presentationDefinition
-                ? {
-                    definition: presentationDefinition,
-                    credentialsForRequest: await this.presentationExchangeService.getCredentialsForRequest(agentContext, presentationDefinition),
-                }
-                : undefined,
-        };
-    }
-    async acceptAuthorizationRequest(agentContext, options) {
-        var _a;
-        const { authorizationRequest, presentationExchange } = options;
-        let openIdTokenIssuer = options.openIdTokenIssuer;
-        let presentationExchangeOptions = undefined;
-        const wantsIdToken = await authorizationRequest.authorizationRequest.containsResponseType(did_auth_siop_1.ResponseType.ID_TOKEN);
-        const authorizationResponseNonce = await agentContext.wallet.generateNonce();
-        // Handle presentation exchange part
-        if (authorizationRequest.presentationDefinitions && authorizationRequest.presentationDefinitions.length > 0) {
-            if (!presentationExchange) {
-                throw new core_1.CredoError('Authorization request included presentation definition. `presentationExchange` MUST be supplied to accept authorization requests.');
-            }
-            const nonce = await authorizationRequest.authorizationRequest.getMergedProperty('nonce');
-            if (!nonce) {
-                throw new core_1.CredoError("Unable to extract 'nonce' from authorization request");
-            }
-            const clientId = await authorizationRequest.authorizationRequest.getMergedProperty('client_id');
-            if (!clientId) {
-                throw new core_1.CredoError("Unable to extract 'client_id' from authorization request");
-            }
-            const responseUri = (_a = (await authorizationRequest.authorizationRequest.getMergedProperty('response_uri'))) !== null && _a !== void 0 ? _a : (await authorizationRequest.authorizationRequest.getMergedProperty('redirect_uri'));
-            if (!responseUri) {
-                throw new core_1.CredoError("Unable to extract 'response_uri' from authorization request");
-            }
-            const { verifiablePresentations, presentationSubmission } = await this.presentationExchangeService.createPresentation(agentContext, {
-                credentialsForInputDescriptor: presentationExchange.credentials,
-                presentationDefinition: authorizationRequest.presentationDefinitions[0].definition,
-                challenge: nonce,
-                domain: clientId,
-                presentationSubmissionLocation: core_1.DifPresentationExchangeSubmissionLocation.EXTERNAL,
-                openid4vp: {
-                    mdocGeneratedNonce: authorizationResponseNonce,
-                    responseUri,
-                },
-            });
-            presentationExchangeOptions = {
-                verifiablePresentations: verifiablePresentations.map((vp) => (0, transform_1.getSphereonVerifiablePresentation)(vp)),
-                presentationSubmission,
-                vpTokenLocation: did_auth_siop_1.VPTokenLocation.AUTHORIZATION_RESPONSE,
-            };
-            if (wantsIdToken && !openIdTokenIssuer) {
-                openIdTokenIssuer = this.getOpenIdTokenIssuerFromVerifiablePresentation(verifiablePresentations[0]);
-            }
-        }
-        else if (options.presentationExchange) {
-            throw new core_1.CredoError('`presentationExchange` was supplied, but no presentation definition was found in the presentation request.');
-        }
-        if (wantsIdToken) {
-            if (!openIdTokenIssuer) {
-                throw new core_1.CredoError('Unable to create authorization response. openIdTokenIssuer MUST be supplied when no presentation is active and the ResponseType includes id_token.');
-            }
-            this.assertValidTokenIssuer(authorizationRequest, openIdTokenIssuer);
-        }
-        const jwtIssuer = wantsIdToken && openIdTokenIssuer
-            ? await (0, utils_1.openIdTokenIssuerToJwtIssuer)(agentContext, openIdTokenIssuer)
-            : undefined;
-        const openidProvider = await this.getOpenIdProvider(agentContext);
-        const authorizationResponseWithCorrelationId = await openidProvider.createAuthorizationResponse(authorizationRequest, {
-            jwtIssuer,
-            presentationExchange: presentationExchangeOptions,
-            // https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-aud-of-a-request-object
-            audience: authorizationRequest.authorizationRequestPayload.client_id,
-        });
-        const getCreateJarmResponseCallback = (authorizationResponseNonce) => {
-            return async (opts) => {
-                var _a;
-                const { authorizationResponsePayload, requestObjectPayload } = opts;
-                const jwk = await did_auth_siop_1.OP.extractEncJwksFromClientMetadata(requestObjectPayload.client_metadata);
-                if (!jwk.kty) {
-                    throw new core_1.CredoError('Missing kty in jwk.');
-                }
-                const validatedMetadata = did_auth_siop_1.OP.validateJarmMetadata({
-                    client_metadata: requestObjectPayload.client_metadata,
-                    server_metadata: {
-                        authorization_encryption_alg_values_supported: ['ECDH-ES'],
-                        authorization_encryption_enc_values_supported: ['A256GCM'],
-                    },
-                });
-                if (validatedMetadata.type !== 'encrypted') {
-                    throw new core_1.CredoError('Only encrypted JARM responses are supported.');
-                }
-                // Extract nonce from the request, we use this as the `apv`
-                const nonce = (_a = authorizationRequest.payload) === null || _a === void 0 ? void 0 : _a.nonce;
-                if (!nonce || typeof nonce !== 'string') {
-                    throw new core_1.CredoError('Missing nonce in authorization request payload');
-                }
-                const jwe = await this.encryptJarmResponse(agentContext, {
-                    jwkJson: jwk,
-                    payload: authorizationResponsePayload,
-                    authorizationRequestNonce: nonce,
-                    alg: validatedMetadata.client_metadata.authorization_encrypted_response_alg,
-                    enc: validatedMetadata.client_metadata.authorization_encrypted_response_enc,
-                    authorizationResponseNonce,
-                });
-                return { response: jwe };
-            };
-        };
-        const response = await openidProvider.submitAuthorizationResponse(authorizationResponseWithCorrelationId, getCreateJarmResponseCallback(authorizationResponseNonce));
-        const responseText = await response
-            .clone()
-            .text()
-            .catch(() => null);
-        const responseJson = (await response
-            .clone()
-            .json()
-            .catch(() => null));
-        if (!response.ok) {
-            return {
-                ok: false,
-                serverResponse: {
-                    status: response.status,
-                    body: responseJson !== null && responseJson !== void 0 ? responseJson : responseText,
-                },
-                submittedResponse: authorizationResponseWithCorrelationId.response.payload,
-            };
-        }
-        return {
-            ok: true,
-            serverResponse: {
-                status: response.status,
-                body: responseJson !== null && responseJson !== void 0 ? responseJson : {},
-            },
-            submittedResponse: authorizationResponseWithCorrelationId.response.payload,
-            redirectUri: responseJson === null || responseJson === void 0 ? void 0 : responseJson.redirect_uri,
-            presentationDuringIssuanceSession: responseJson === null || responseJson === void 0 ? void 0 : responseJson.presentation_during_issuance_session,
-        };
-    }
-    async getOpenIdProvider(agentContext) {
-        const builder = did_auth_siop_1.OP.builder()
-            .withExpiresIn(6000)
-            .withIssuer(did_auth_siop_1.ResponseIss.SELF_ISSUED_V2)
-            .withResponseMode(did_auth_siop_1.ResponseMode.POST)
-            .withSupportedVersions([
-            did_auth_siop_1.SupportedVersion.SIOPv2_D11,
-            did_auth_siop_1.SupportedVersion.SIOPv2_D12_OID4VP_D18,
-            did_auth_siop_1.SupportedVersion.SIOPv2_D12_OID4VP_D20,
-        ])
-            .withCreateJwtCallback((0, utils_1.getCreateJwtCallback)(agentContext))
-            .withVerifyJwtCallback((0, utils_1.getVerifyJwtCallback)(agentContext))
-            .withHasher(core_1.Hasher.hash);
-        const openidProvider = builder.build();
-        return openidProvider;
-    }
-    getOpenIdTokenIssuerFromVerifiablePresentation(verifiablePresentation) {
-        let openIdTokenIssuer;
-        if (verifiablePresentation instanceof core_1.W3cJsonLdVerifiablePresentation) {
-            const [firstProof] = (0, core_1.asArray)(verifiablePresentation.proof);
-            if (!firstProof)
-                throw new core_1.CredoError('Verifiable presentation does not contain a proof');
-            if (!firstProof.verificationMethod.startsWith('did:')) {
-                throw new core_1.CredoError('Verifiable presentation proof verificationMethod is not a did. Unable to extract openIdTokenIssuer from verifiable presentation');
-            }
-            openIdTokenIssuer = {
-                method: 'did',
-                didUrl: firstProof.verificationMethod,
-            };
-        }
-        else if (verifiablePresentation instanceof core_1.W3cJwtVerifiablePresentation) {
-            const kid = verifiablePresentation.jwt.header.kid;
-            if (!kid)
-                throw new core_1.CredoError('Verifiable Presentation does not contain a kid in the jwt header');
-            if (kid.startsWith('#') && verifiablePresentation.presentation.holderId) {
-                openIdTokenIssuer = {
-                    didUrl: `${verifiablePresentation.presentation.holderId}${kid}`,
-                    method: 'did',
-                };
-            }
-            else if (kid.startsWith('did:')) {
-                openIdTokenIssuer = {
-                    didUrl: kid,
-                    method: 'did',
-                };
-            }
-            else {
-                throw new core_1.CredoError("JWT W3C Verifiable presentation does not include did in JWT header 'kid'. Unable to extract openIdTokenIssuer from verifiable presentation");
-            }
-        }
-        else if (verifiablePresentation instanceof core_1.MdocDeviceResponse) {
-            throw new core_1.CredoError('Mdoc Verifiable Presentations are not yet supported');
-        }
-        else {
-            const cnf = verifiablePresentation.payload.cnf;
-            // FIXME: SD-JWT VC should have better payload typing, so this doesn't become so ugly
-            if (!cnf ||
-                typeof cnf !== 'object' ||
-                !('kid' in cnf) ||
-                typeof cnf.kid !== 'string' ||
-                !cnf.kid.startsWith('did:') ||
-                !cnf.kid.includes('#')) {
-                throw new core_1.CredoError("SD-JWT Verifiable presentation has no 'cnf' claim or does not include 'cnf' claim where 'kid' is a didUrl pointing to a key. Unable to extract openIdTokenIssuer from verifiable presentation");
-            }
-            openIdTokenIssuer = {
-                didUrl: cnf.kid,
-                method: 'did',
-            };
-        }
-        return openIdTokenIssuer;
-    }
-    assertValidTokenIssuer(authorizationRequest, openIdTokenIssuer) {
-        const subjectSyntaxTypesSupported = authorizationRequest.registrationMetadataPayload.subject_syntax_types_supported;
-        if (!subjectSyntaxTypesSupported) {
-            throw new core_1.CredoError('subject_syntax_types_supported is not supplied in the registration metadata. subject_syntax_types is REQUIRED.');
-        }
-        let allowedSubjectSyntaxTypes = [];
-        if (openIdTokenIssuer.method === 'did') {
-            const parsedDid = (0, core_1.parseDid)(openIdTokenIssuer.didUrl);
-            // Either did:<method> or did (for all did methods) is allowed
-            allowedSubjectSyntaxTypes = [`did:${parsedDid.method}`, 'did'];
-        }
-        else if (openIdTokenIssuer.method === 'jwk') {
-            allowedSubjectSyntaxTypes = ['urn:ietf:params:oauth:jwk-thumbprint'];
-        }
-        else {
-            throw new core_1.CredoError("Only 'did' and 'jwk' are supported as openIdTokenIssuer at the moment");
-        }
-        // At least one of the allowed subject syntax types must be supported by the RP
-        if (!allowedSubjectSyntaxTypes.some((allowed) => subjectSyntaxTypesSupported.includes(allowed))) {
-            throw new core_1.CredoError([
-                'The provided openIdTokenIssuer is not supported by the relying party.',
-                `Supported subject syntax types: '${subjectSyntaxTypesSupported.join(', ')}'`,
-            ].join('\n'));
-        }
-    }
-    async encryptJarmResponse(agentContext, options) {
-        const { payload, jwkJson } = options;
-        const jwk = (0, core_1.getJwkFromJson)(jwkJson);
-        const key = jwk.key;
-        if (!agentContext.wallet.directEncryptCompactJweEcdhEs) {
-            throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directEncryptCompactJweEcdhEs. You need to upgrade your wallet implementation.');
-        }
-        if (options.alg !== 'ECDH-ES') {
-            throw new core_1.CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption");
-        }
-        if (options.enc !== 'A256GCM') {
-            throw new core_1.CredoError("Only 'A256GCM' is supported as 'enc' value for JARM response encryption");
-        }
-        if (key.keyType !== core_1.KeyType.P256) {
-            throw new core_1.CredoError(`Only '${core_1.KeyType.P256}' key type is supported for JARM response encryption`);
-        }
-        const data = core_1.Buffer.from(JSON.stringify(payload));
-        const jwe = await agentContext.wallet.directEncryptCompactJweEcdhEs({
-            data,
-            recipientKey: key,
-            header: {
-                kid: jwkJson.kid,
-            },
-            encryptionAlgorithm: options.enc,
-            apu: core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(options.authorizationResponseNonce)),
-            apv: core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(options.authorizationRequestNonce)),
-        });
-        return jwe;
-    }
-};
-exports.OpenId4VcSiopHolderService = OpenId4VcSiopHolderService;
-exports.OpenId4VcSiopHolderService = OpenId4VcSiopHolderService = __decorate([
-    (0, core_1.injectable)(),
-    __metadata("design:paramtypes", [core_1.DifPresentationExchangeService])
-], OpenId4VcSiopHolderService);
-//# sourceMappingURL=OpenId4vcSiopHolderService.js.map

package/build/openid4vc-holder/OpenId4vcSiopHolderService.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"OpenId4vcSiopHolderService.js","sourceRoot":"","sources":["../../src/openid4vc-holder/OpenId4vcSiopHolderService.ts"],"names":[],"mappings":";;;;;;;;;;;;AAaA,yCAeuB;AACvB,2DAAwH;AAExH,mDAAuE;AACvE,2CAA0G;AAGnG,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;IACrC,YAA2B,2BAA2D;QAA3D,gCAA2B,GAA3B,2BAA2B,CAAgC;IAAG,CAAC;IAEnF,KAAK,CAAC,2BAA2B,CACtC,YAA0B,EAC1B,eAAuB;;QAEvB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAA;QAEjE,8DAA8D;QAC9D,MAAM,4BAA4B,GAAG,MAAM,cAAc,CAAC,0BAA0B,CAAC,eAAe,CAAC,CAAA;QAErG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,mDAAmD,4BAA4B,CAAC,MAAM,GAAG,CAC1F,CAAA;QACD,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,GAAG,CAAC,CAAA;QAExE,IACE,4BAA4B,CAAC,uBAAuB;YACpD,4BAA4B,CAAC,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAC/D,CAAC;YACD,MAAM,IAAI,iBAAU,CAAC,qDAAqD,CAAC,CAAA;QAC7E,CAAC;QAED,MAAM,sBAAsB,GAAG,MAAA,MAAA,4BAA4B,CAAC,uBAAuB,0CAAG,CAAC,CAAC,0CAAE,UAAU,CAAA;QAEpG,OAAO;YACL,oBAAoB,EAAE,4BAA4B;YAElD,kDAAkD;YAClD,oBAAoB,EAAE,sBAAsB;gBAC1C,CAAC,CAAC;oBACE,UAAU,EAAE,sBAAsB;oBAClC,qBAAqB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,wBAAwB,CACpF,YAAY,EACZ,sBAAsB,CACvB;iBACF;gBACH,CAAC,CAAC,SAAS;SACd,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,0BAA0B,CACrC,YAA0B,EAC1B,OAAuD;;QAEvD,MAAM,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAA;QAC9D,IAAI,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;QACjD,IAAI,2BAA2B,GAAiD,SAAS,CAAA;QAEzF,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,4BAAY,CAAC,QAAQ,CAAC,CAAA;QAChH,MAAM,0BAA0B,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,CAAA;QAE5E,oCAAoC;QACpC,IAAI,oBAAoB,CAAC,uBAAuB,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5G,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,MAAM,IAAI,iBAAU,CAClB,mIAAmI,CACpI,CAAA;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,iBAAiB,CAAS,OAAO,CAAC,CAAA;YAChG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,iBAAU,CAAC,sDAAsD,CAAC,CAAA;YAC9E,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,iBAAiB,CAAS,WAAW,CAAC,CAAA;YACvG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,iBAAU,CAAC,0DAA0D,CAAC,CAAA;YAClF,CAAC;YAED,MAAM,WAAW,GACf,MAAA,CAAC,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,iBAAiB,CAAS,cAAc,CAAC,CAAC,mCAC3F,CAAC,MAAM,oBAAoB,CAAC,oBAAoB,CAAC,iBAAiB,CAAS,cAAc,CAAC,CAAC,CAAA;YAC7F,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,iBAAU,CAAC,6DAA6D,CAAC,CAAA;YACrF,CAAC;YAED,MAAM,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,GACvD,MAAM,IAAI,CAAC,2BAA2B,CAAC,kBAAkB,CAAC,YAAY,EAAE;gBACtE,6BAA6B,EAAE,oBAAoB,CAAC,WAAW;gBAC/D,sBAAsB,EAAE,oBAAoB,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,UAAU;gBAClF,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,QAAQ;gBAChB,8BAA8B,EAAE,gDAAyC,CAAC,QAAQ;gBAClF,SAAS,EAAE;oBACT,kBAAkB,EAAE,0BAA0B;oBAC9C,WAAW;iBACZ;aACF,CAAC,CAAA;YAEJ,2BAA2B,GAAG;gBAC5B,uBAAuB,EAAE,uBAAuB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAA,6CAAiC,EAAC,EAAE,CAAC,CAAC;gBACnG,sBAAsB;gBACtB,eAAe,EAAE,+BAAe,CAAC,sBAAsB;aACxD,CAAA;YAED,IAAI,YAAY,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvC,iBAAiB,GAAG,IAAI,CAAC,8CAA8C,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAA;YACrG,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACxC,MAAM,IAAI,iBAAU,CAClB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,MAAM,IAAI,iBAAU,CAClB,oJAAoJ,CACrJ,CAAA;YACH,CAAC;YAED,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,iBAAiB,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,SAAS,GACb,YAAY,IAAI,iBAAiB;YAC/B,CAAC,CAAC,MAAM,IAAA,oCAA4B,EAAC,YAAY,EAAE,iBAAiB,CAAC;YACrE,CAAC,CAAC,SAAS,CAAA;QAEf,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAA;QACjE,MAAM,sCAAsC,GAAG,MAAM,cAAc,CAAC,2BAA2B,CAC7F,oBAAoB,EACpB;YACE,SAAS;YACT,oBAAoB,EAAE,2BAA2B;YACjD,+FAA+F;YAC/F,QAAQ,EAAE,oBAAoB,CAAC,2BAA2B,CAAC,SAAS;SACrE,CACF,CAAA;QAED,MAAM,6BAA6B,GAAG,CAAC,0BAAkC,EAAE,EAAE;YAC3E,OAAO,KAAK,EAAE,IAGb,EAAE,EAAE;;gBACH,MAAM,EAAE,4BAA4B,EAAE,oBAAoB,EAAE,GAAG,IAAI,CAAA;gBAEnE,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,gCAAgC,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAA;gBAC3F,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;oBACb,MAAM,IAAI,iBAAU,CAAC,qBAAqB,CAAC,CAAA;gBAC7C,CAAC;gBAED,MAAM,iBAAiB,GAAG,kBAAE,CAAC,oBAAoB,CAAC;oBAChD,eAAe,EAAE,oBAAoB,CAAC,eAAe;oBACrD,eAAe,EAAE;wBACf,6CAA6C,EAAE,CAAC,SAAS,CAAC;wBAC1D,6CAA6C,EAAE,CAAC,SAAS,CAAC;qBAC3D;iBACF,CAAC,CAAA;gBAEF,IAAI,iBAAiB,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAC3C,MAAM,IAAI,iBAAU,CAAC,8CAA8C,CAAC,CAAA;gBACtE,CAAC;gBAED,2DAA2D;gBAC3D,MAAM,KAAK,GAAG,MAAA,oBAAoB,CAAC,OAAO,0CAAE,KAAK,CAAA;gBACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,MAAM,IAAI,iBAAU,CAAC,gDAAgD,CAAC,CAAA;gBACxE,CAAC;gBAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE;oBACvD,OAAO,EAAE,GAAc;oBACvB,OAAO,EAAE,4BAA4B;oBACrC,yBAAyB,EAAE,KAAK;oBAChC,GAAG,EAAE,iBAAiB,CAAC,eAAe,CAAC,oCAAoC;oBAC3E,GAAG,EAAE,iBAAiB,CAAC,eAAe,CAAC,oCAAoC;oBAC3E,0BAA0B;iBAC3B,CAAC,CAAA;gBAEF,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAA;YAC1B,CAAC,CAAA;QACH,CAAC,CAAA;QACD,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,2BAA2B,CAC/D,sCAAsC,EACtC,6BAA6B,CAAC,0BAA0B,CAAC,CAC1D,CAAA;QACD,MAAM,YAAY,GAAG,MAAM,QAAQ;aAChC,KAAK,EAAE;aACP,IAAI,EAAE;aACN,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QACpB,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ;aACjC,KAAK,EAAE;aACP,IAAI,EAAE;aACN,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAA;QAEvD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,cAAc,EAAE;oBACd,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,IAAI,EAAE,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,YAAY;iBACnC;gBACD,iBAAiB,EAAE,sCAAsC,CAAC,QAAQ,CAAC,OAAO;aAClE,CAAA;QACZ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,cAAc,EAAE;gBACd,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,IAAI,EAAE,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,EAAE;aACzB;YACD,iBAAiB,EAAE,sCAAsC,CAAC,QAAQ,CAAC,OAAO;YAE1E,WAAW,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,YAAkC;YAC7D,iCAAiC,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,oCAA0D;SACnG,CAAA;IACZ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,YAA0B;QACxD,MAAM,OAAO,GAAG,kBAAE,CAAC,OAAO,EAAE;aACzB,aAAa,CAAC,IAAI,CAAC;aACnB,UAAU,CAAC,2BAAW,CAAC,cAAc,CAAC;aACtC,gBAAgB,CAAC,4BAAY,CAAC,IAAI,CAAC;aACnC,qBAAqB,CAAC;YACrB,gCAAgB,CAAC,UAAU;YAC3B,gCAAgB,CAAC,qBAAqB;YACtC,gCAAgB,CAAC,qBAAqB;SACvC,CAAC;aACD,qBAAqB,CAAC,IAAA,4BAAoB,EAAC,YAAY,CAAC,CAAC;aACzD,qBAAqB,CAAC,IAAA,4BAAoB,EAAC,YAAY,CAAC,CAAC;aACzD,UAAU,CAAC,aAAM,CAAC,IAAI,CAAC,CAAA;QAE1B,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,EAAE,CAAA;QAEtC,OAAO,cAAc,CAAA;IACvB,CAAC;IAEO,8CAA8C,CACpD,sBAA8C;QAE9C,IAAI,iBAAqC,CAAA;QAEzC,IAAI,sBAAsB,YAAY,sCAA+B,EAAE,CAAC;YACtE,MAAM,CAAC,UAAU,CAAC,GAAG,IAAA,cAAO,EAAC,sBAAsB,CAAC,KAAK,CAAC,CAAA;YAC1D,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,iBAAU,CAAC,kDAAkD,CAAC,CAAA;YAEzF,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,iBAAU,CAClB,iIAAiI,CAClI,CAAA;YACH,CAAC;YAED,iBAAiB,GAAG;gBAClB,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,UAAU,CAAC,kBAAkB;aACtC,CAAA;QACH,CAAC;aAAM,IAAI,sBAAsB,YAAY,mCAA4B,EAAE,CAAC;YAC1E,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAA;YAEjD,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,iBAAU,CAAC,kEAAkE,CAAC,CAAA;YAClG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,sBAAsB,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACxE,iBAAiB,GAAG;oBAClB,MAAM,EAAE,GAAG,sBAAsB,CAAC,YAAY,CAAC,QAAQ,GAAG,GAAG,EAAE;oBAC/D,MAAM,EAAE,KAAK;iBACd,CAAA;YACH,CAAC;iBAAM,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,iBAAiB,GAAG;oBAClB,MAAM,EAAE,GAAG;oBACX,MAAM,EAAE,KAAK;iBACd,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,iBAAU,CAClB,4IAA4I,CAC7I,CAAA;YACH,CAAC;QACH,CAAC;aAAM,IAAI,sBAAsB,YAAY,yBAAkB,EAAE,CAAC;YAChE,MAAM,IAAI,iBAAU,CAAC,qDAAqD,CAAC,CAAA;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,CAAC,GAAG,CAAA;YAC9C,qFAAqF;YACrF,IACE,CAAC,GAAG;gBACJ,OAAO,GAAG,KAAK,QAAQ;gBACvB,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC;gBACf,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;gBAC3B,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAC3B,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EACtB,CAAC;gBACD,MAAM,IAAI,iBAAU,CAClB,+LAA+L,CAChM,CAAA;YACH,CAAC;YAED,iBAAiB,GAAG;gBAClB,MAAM,EAAE,GAAG,CAAC,GAAG;gBACf,MAAM,EAAE,KAAK;aACd,CAAA;QACH,CAAC;QAED,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAEO,sBAAsB,CAC5B,oBAAkD,EAClD,iBAAqC;QAErC,MAAM,2BAA2B,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,8BAA8B,CAAA;QACnH,IAAI,CAAC,2BAA2B,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAU,CAClB,gHAAgH,CACjH,CAAA;QACH,CAAC;QAED,IAAI,yBAAyB,GAAa,EAAE,CAAA;QAC5C,IAAI,iBAAiB,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACvC,MAAM,SAAS,GAAG,IAAA,eAAQ,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAA;YAEpD,8DAA8D;YAC9D,yBAAyB,GAAG,CAAC,OAAO,SAAS,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,iBAAiB,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC9C,yBAAyB,GAAG,CAAC,sCAAsC,CAAC,CAAA;QACtE,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,iBAAU,CAAC,uEAAuE,CAAC,CAAA;QAC/F,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAChG,MAAM,IAAI,iBAAU,CAClB;gBACE,uEAAuE;gBACvE,oCAAoC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;aAC9E,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAA;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,YAA0B,EAC1B,OAOC;QAED,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;QACpC,MAAM,GAAG,GAAG,IAAA,qBAAc,EAAC,OAAO,CAAC,CAAA;QACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAA;QAEnB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAClB,sIAAsI,CACvI,CAAA;QACH,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,KAAK,cAAO,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAU,CAAC,SAAS,cAAO,CAAC,IAAI,sDAAsD,CAAC,CAAA;QACnG,CAAC;QAED,MAAM,IAAI,GAAG,aAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;QACjD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC;YAClE,IAAI;YACJ,YAAY,EAAE,GAAG;YACjB,MAAM,EAAE;gBACN,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB;YACD,mBAAmB,EAAE,OAAO,CAAC,GAAG;YAChC,GAAG,EAAE,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;YACpG,GAAG,EAAE,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;SACpG,CAAC,CAAA;QAEF,OAAO,GAAG,CAAA;IACZ,CAAC;CACF,CAAA;AAxXY,gEAA0B;qCAA1B,0BAA0B;IADtC,IAAA,iBAAU,GAAE;qCAE6C,qCAA8B;GAD3E,0BAA0B,CAwXtC"}

package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.d.ts

@@ -1,38 +0,0 @@
-import type { OpenId4VcJwtIssuer, OpenId4VcSiopVerifiedAuthorizationRequest } from '../shared';
-import type { DifPexCredentialsForRequest, DifPexInputDescriptorToCredentials, DifPresentationExchangeDefinition } from '@credo-ts/core';
-export interface OpenId4VcSiopResolvedAuthorizationRequest {
-    /**
-     * Parameters related to DIF Presentation Exchange. Only defined when
-     * the request included
-     */
-    presentationExchange?: {
-        definition: DifPresentationExchangeDefinition;
-        credentialsForRequest: DifPexCredentialsForRequest;
-    };
-    /**
-     * The verified authorization request.
-     */
-    authorizationRequest: OpenId4VcSiopVerifiedAuthorizationRequest;
-}
-export interface OpenId4VcSiopAcceptAuthorizationRequestOptions {
-    /**
-     * Parameters related to DIF Presentation Exchange. MUST be present when the resolved
-     * authorization request included a `presentationExchange` parameter.
-     */
-    presentationExchange?: {
-        credentials: DifPexInputDescriptorToCredentials;
-    };
-    /**
-     * The issuer of the ID Token.
-     *
-     * REQUIRED when presentation exchange is not used.
-     *
-     * In case presentation exchange is used, and `openIdTokenIssuer` is not provided, the issuer of the ID Token
-     * will be extracted from the signer of the first verifiable presentation.
-     */
-    openIdTokenIssuer?: OpenId4VcJwtIssuer;
-    /**
-     * The verified authorization request.
-     */
-    authorizationRequest: OpenId4VcSiopVerifiedAuthorizationRequest;
-}

package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=OpenId4vcSiopHolderServiceOptions.js.map

package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"OpenId4vcSiopHolderServiceOptions.js","sourceRoot":"","sources":["../../src/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.ts"],"names":[],"mappings":""}