npm - @credo-ts/openid4vc - Versions diffs - 0.6.1-pr-2091-20241119140918 → 0.6.2-alpha-20251210145840 - Mend

@credo-ts/openid4vc 0.6.1-pr-2091-20241119140918 → 0.6.2-alpha-20251210145840

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (409) hide show

package/build/openid4vc-verifier/OpenId4VpVerifierService.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OpenId4VpVerifierService.mjs","names":["OpenId4VpVerifierService","logger: Logger","w3cCredentialService: W3cCredentialService","w3cV2CredentialService: W3cV2CredentialService","openId4VcVerifierRepository: OpenId4VcVerifierRepository","config: OpenId4VcVerifierModuleConfig","openId4VcVerificationSessionRepository: OpenId4VcVerificationSessionRepository","clientIdPrefix: ClientIdPrefix","clientId: string | undefined","presentations","parsedAuthorizationResponse: ParsedOpenid4vpAuthorizationResponse | undefined","dcqlResponse: OpenId4VpVerifiedAuthorizationResponseDcql | undefined","pexResponse: OpenId4VpVerifiedAuthorizationResponsePresentationExchange | undefined","transactionData: OpenId4VpVerifiedAuthorizationResponseTransactionData[] | undefined","result","presentationExchange: OpenId4VpVerifiedAuthorizationResponsePresentationExchange | undefined","transactionDataHashesCredentials: TransactionDataHashesCredentials","jarmEncryptionJwk: JarmEncryptionJwk | undefined","jarmClientMetadata:\n | Pick<\n ClientMetadata,\n | 'jwks'\n | 'encrypted_response_enc_values_supported'\n | 'authorization_encrypted_response_alg'\n | 'authorization_encrypted_response_enc'\n >\n | undefined","isValid: boolean","cause: Error | undefined","verifiablePresentation: VerifiablePresentation","trustedCertificates: string[] | undefined","mdocDeviceResponse","sessionTranscriptOptions: MdocSessionTranscriptOptions"],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierService.ts"],"sourcesContent":["import {\n AgentContext,\n ClaimFormat,\n CredoError,\n type DcqlEncodedPresentations,\n type DcqlQuery,\n DcqlService,\n type DifPresentationExchangeDefinition,\n DifPresentationExchangeService,\n type DifPresentationExchangeSubmission,\n EventEmitter,\n extractPresentationsWithDescriptorsFromSubmission,\n extractX509CertificatesFromJwt,\n getDomainFromUrl,\n Hasher,\n type HashName,\n InjectionSymbols,\n inject,\n injectable,\n isMdocSupportedSignatureAlgorithm,\n JsonEncoder,\n JsonTransformer,\n Jwt,\n joinUriParts,\n Kms,\n type Logger,\n MdocDeviceResponse,\n type MdocSessionTranscriptOptions,\n type MdocSupportedSignatureAlgorithm,\n mapNonEmptyArray,\n type NonEmptyArray,\n type Query,\n type QueryOptions,\n SdJwtVcApi,\n SignatureSuiteRegistry,\n TypedArrayEncoder,\n utils,\n type VerifiablePresentation,\n W3cCredentialService,\n W3cJsonLdVerifiablePresentation,\n W3cJwtVerifiablePresentation,\n W3cV2CredentialService,\n W3cV2SdJwtVerifiablePresentation,\n X509Certificate,\n X509ModuleConfig,\n X509Service,\n} from '@credo-ts/core'\nimport { type Jwk, Oauth2ErrorCodes, Oauth2ServerErrorResponseError } from '@openid4vc/oauth2'\nimport {\n type ClientIdPrefix,\n type ClientMetadata,\n calculateX509HashClientIdPrefixValue,\n getOpenid4vpClientId,\n isJarmResponseMode,\n isOpenid4vpAuthorizationRequestDcApi,\n JarmMode,\n Openid4vpVerifier,\n type ParsedOpenid4vpAuthorizationResponse,\n type TransactionDataHashesCredentials,\n zOpenid4vpAuthorizationResponse,\n} from '@openid4vc/openid4vp'\nimport { getOid4vcCallbacks } from '../shared/callbacks'\nimport type { OpenId4VpAuthorizationRequestPayload } from '../shared/index'\nimport { storeActorIdForContextCorrelationId } from '../shared/router'\nimport { getSdJwtVcTransactionDataHashes } from '../shared/transactionData'\nimport {\n credoJwtIssuerToOpenId4VcJwtIssuer,\n dcqlCredentialQueryToPresentationFormat,\n getSupportedJwaSignatureAlgorithms,\n} from '../shared/utils'\nimport { OpenId4VcVerificationSessionState } from './OpenId4VcVerificationSessionState'\nimport { type OpenId4VcVerificationSessionStateChangedEvent, OpenId4VcVerifierEvents } from './OpenId4VcVerifierEvents'\nimport { OpenId4VcVerifierModuleConfig } from './OpenId4VcVerifierModuleConfig'\nimport type {\n OpenId4VpCreateAuthorizationRequestOptions,\n OpenId4VpCreateAuthorizationRequestReturn,\n OpenId4VpCreateVerifierOptions,\n OpenId4VpVerifiedAuthorizationResponse,\n OpenId4VpVerifiedAuthorizationResponseDcql,\n OpenId4VpVerifiedAuthorizationResponsePresentationExchange,\n OpenId4VpVerifiedAuthorizationResponseTransactionData,\n OpenId4VpVerifyAuthorizationResponseOptions,\n OpenId4VpVersion,\n ResponseMode,\n} from './OpenId4VpVerifierServiceOptions'\nimport {\n OpenId4VcVerificationSessionRecord,\n OpenId4VcVerificationSessionRepository,\n OpenId4VcVerifierRecord,\n OpenId4VcVerifierRepository,\n} from './repository'\n\n/**\n * @internal\n */\n@injectable()\nexport class OpenId4VpVerifierService {\n public constructor(\n @inject(InjectionSymbols.Logger) private logger: Logger,\n private w3cCredentialService: W3cCredentialService,\n private w3cV2CredentialService: W3cV2CredentialService,\n private openId4VcVerifierRepository: OpenId4VcVerifierRepository,\n private config: OpenId4VcVerifierModuleConfig,\n private openId4VcVerificationSessionRepository: OpenId4VcVerificationSessionRepository\n ) {}\n\n private getOpenid4vpVerifier(agentContext: AgentContext) {\n const callbacks = getOid4vcCallbacks(agentContext)\n const openid4vpClient = new Openid4vpVerifier({ callbacks })\n\n return openid4vpClient\n }\n\n public async createAuthorizationRequest(\n agentContext: AgentContext,\n options: OpenId4VpCreateAuthorizationRequestOptions & { verifier: OpenId4VcVerifierRecord }\n ): Promise<OpenId4VpCreateAuthorizationRequestReturn> {\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n const nonce = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }))\n const state = TypedArrayEncoder.toBase64URL(kms.randomBytes({ length: 32 }))\n\n const responseMode = options.responseMode ?? 'direct_post.jwt'\n const isDcApiRequest = responseMode === 'dc_api' || responseMode === 'dc_api.jwt'\n\n const version = options.version ?? 'v1'\n if (version === 'v1.draft21' && isDcApiRequest) {\n throw new CredoError(\n `OpenID4VP version '${version}' cannot be used with responseMode '${options.responseMode}'. Use version 'v1' or 'v1.draft24' instead.`\n )\n }\n if (version === 'v1.draft21' && options.transactionData) {\n throw new CredoError(\n `OpenID4VP version '${version}' cannot be used with transactionData. Use version 'v1' or 'v1.draft24' instead.`\n )\n }\n if (version === 'v1.draft21' && options.dcql) {\n throw new CredoError(\n `OpenID4VP version '${version}' cannot be used with dcql. Use version 'v1' or 'v1.draft24' instead.`\n )\n }\n if (version !== 'v1' && options.verifierInfo) {\n throw new CredoError(`OpenID4VP version '${version}' cannot be used with verifierInfo. Use version 'v1' instead.`)\n }\n if (version === 'v1' && options.presentationExchange) {\n throw new CredoError(\n `OpenID4VP version '${version}' cannot be used with presentationExchange. Use dcql instead (recommended), or use older versions 'v1.draft24' and 'v1.draft21'.`\n )\n }\n\n // For now we only support presentations with holder binding.\n if (options.dcql?.query.credentials.some((c) => c.require_cryptographic_holder_binding === false)) {\n throw new CredoError(\n `Setting 'require_cryptographic_holder_binding' to false in DCQL Query is not supported by Credo at the moment. Only presentations with cryptographic holder binding are supported.`\n )\n }\n\n if (isDcApiRequest && options.authorizationResponseRedirectUri) {\n throw new CredoError(\n \"'authorizationResponseRedirectUri' cannot be be used with response mode 'dc_api' and 'dc_api.jwt'.\"\n )\n }\n\n // Check to prevent direct_post from being used with mDOC\n const hasMdocRequest =\n options.presentationExchange?.definition.input_descriptors.some((i) => i.format?.mso_mdoc) ||\n options.dcql?.query.credentials.some((c) => c.format === 'mso_mdoc')\n // Up to draft 24 we use the 18013-7 mdoc session transcript which needs values from APU/APV\n if ((version === 'v1.draft21' || version === 'v1.draft24') && responseMode === 'direct_post' && hasMdocRequest) {\n throw new CredoError(\n \"Unable to create authorization request with response mode 'direct_post' containing mDOC credentials. ISO 18013-7 requires the usage of response mode 'direct_post.jwt', and needs parameters from the encrypted response header to verify the mDOC sigature. Either use version 'v1', or update the response mode to 'direct_post.jwt'\"\n )\n }\n\n if (options.verifierInfo) {\n const queryIds =\n options?.dcql?.query.credentials.map(({ id }) => id) ??\n options?.presentationExchange?.definition.input_descriptors.map(({ id }) => id) ??\n []\n\n const hasValidCredentialIds = options.verifierInfo.every(\n (vi) => !vi.credential_ids || vi.credential_ids.every((credentialId) => queryIds.includes(credentialId))\n )\n\n if (!hasValidCredentialIds) {\n throw new CredoError(\n 'Verifier info (attestations) were provided, but the verifier info used credential ids that are not present in the query'\n )\n }\n }\n\n const authorizationRequestId = utils.uuid()\n // We include the `session=` in the url so we can still easily\n // find the session an encrypted response\n const authorizationResponseUrl = `${joinUriParts(this.config.baseUrl, [options.verifier.verifierId, this.config.authorizationEndpoint])}?session=${authorizationRequestId}`\n\n const jwtIssuer =\n options.requestSigner.method !== 'none'\n ? await credoJwtIssuerToOpenId4VcJwtIssuer(agentContext, options.requestSigner)\n : undefined\n\n let clientIdPrefix: ClientIdPrefix\n let clientId: string | undefined\n\n if (!jwtIssuer) {\n if (isDcApiRequest) {\n clientIdPrefix = version === 'v1' ? 'origin' : 'web-origin'\n clientId = undefined\n } else {\n clientIdPrefix = 'redirect_uri'\n clientId = authorizationResponseUrl\n }\n } else if (jwtIssuer?.method === 'x5c') {\n const leafCertificate = X509Service.getLeafCertificate(agentContext, { certificateChain: jwtIssuer.x5c })\n\n if (\n !authorizationResponseUrl.startsWith('https://') &&\n !(authorizationResponseUrl.startsWith('http://') && agentContext.config.allowInsecureHttpUrls)\n ) {\n throw new CredoError('The X509 certificate issuer must be a HTTPS URI.')\n }\n\n if (options.requestSigner.method === 'x5c' && options.requestSigner.clientIdPrefix === 'x509_hash') {\n clientIdPrefix = 'x509_hash'\n clientId = await calculateX509HashClientIdPrefixValue({\n x509Certificate: leafCertificate.rawCertificate,\n hash: Hasher.hash,\n })\n } else {\n if (!leafCertificate.sanDnsNames.includes(getDomainFromUrl(authorizationResponseUrl))) {\n const sanDnsMessage =\n leafCertificate.sanDnsNames.length > 0\n ? `SAN-DNS names are ${leafCertificate.sanDnsNames.join(', ')}`\n : 'there are no SAN-DNS names'\n\n throw new CredoError(\n `The domain of the OpenID4VCI issuer does not match a SAN DNS name in the x5c certificate. The OpenID4VCI domain is '${getDomainFromUrl(authorizationResponseUrl)}', $${sanDnsMessage}`\n )\n }\n\n clientIdPrefix = 'x509_san_dns'\n clientId = getDomainFromUrl(authorizationResponseUrl)\n }\n } else if (jwtIssuer?.method === 'did') {\n clientId = jwtIssuer.didUrl.split('#')[0]\n clientIdPrefix = version === 'v1' ? 'decentralized_identifier' : 'did'\n } else {\n throw new CredoError(\n `Unsupported jwt issuer method '${options.requestSigner.method}'. Only 'did' and 'x5c' are supported.`\n )\n }\n\n // We always use shortened URIs currently\n const hostedAuthorizationRequestUri =\n !isDcApiRequest && jwtIssuer\n ? joinUriParts(this.config.baseUrl, [\n options.verifier.verifierId,\n this.config.authorizationRequestEndpoint,\n authorizationRequestId,\n ])\n : // No hosted request needed when using DC API or using unsigned request\n undefined\n\n const client_id =\n // For did/https and draft 21 the client id has no special prefix\n clientIdPrefix === 'did' || (clientIdPrefix as string) === 'https' || version === 'v1.draft21'\n ? clientId\n : `${clientIdPrefix}:${clientId}`\n\n // for did the client_id is same in draft 21 and 24 so we could support both at the same time\n const legacyClientIdScheme =\n version === 'v1.draft21' &&\n clientIdPrefix !== 'web-origin' &&\n clientIdPrefix !== 'origin' &&\n clientIdPrefix !== 'decentralized_identifier'\n ? clientIdPrefix\n : undefined\n\n const client_metadata = await this.getClientMetadata(agentContext, {\n responseMode,\n verifier: options.verifier,\n authorizationResponseUrl,\n version,\n\n // TODO: we don't validate the DCQL query when creating a request i think?\n dcqlQuery: options.dcql?.query,\n })\n\n const requestParamsBase = {\n nonce,\n presentation_definition: options.presentationExchange?.definition,\n dcql_query: options.dcql?.query,\n transaction_data: options.transactionData?.map((entry) => JsonEncoder.toBase64URL(entry)),\n response_mode: responseMode,\n response_type: 'vp_token',\n client_metadata,\n verifier_info: options.verifierInfo,\n } as const\n\n const openid4vpVerifier = this.getOpenid4vpVerifier(agentContext)\n const authorizationRequest = await openid4vpVerifier.createOpenId4vpAuthorizationRequest({\n jar: jwtIssuer\n ? {\n jwtSigner: jwtIssuer,\n requestUri: hostedAuthorizationRequestUri,\n expiresInSeconds: this.config.authorizationRequestExpiresInSeconds,\n }\n : undefined,\n authorizationRequestPayload:\n requestParamsBase.response_mode === 'dc_api.jwt' || requestParamsBase.response_mode === 'dc_api'\n ? {\n ...requestParamsBase,\n // No client_id for unsigned DC API requests\n client_id: jwtIssuer ? client_id : undefined,\n response_mode: requestParamsBase.response_mode,\n expected_origins: options.expectedOrigins,\n }\n : {\n ...requestParamsBase,\n response_mode: requestParamsBase.response_mode,\n client_id: client_id as string,\n state,\n response_uri: authorizationResponseUrl,\n client_id_scheme: legacyClientIdScheme,\n },\n })\n\n const verificationSession = new OpenId4VcVerificationSessionRecord({\n authorizationResponseRedirectUri: options.authorizationResponseRedirectUri,\n\n // Only store payload for unsiged requests\n authorizationRequestPayload: authorizationRequest.jar\n ? undefined\n : authorizationRequest.authorizationRequestPayload,\n authorizationRequestJwt: authorizationRequest.jar?.authorizationRequestJwt,\n authorizationRequestUri: hostedAuthorizationRequestUri,\n authorizationRequestId,\n state: OpenId4VcVerificationSessionState.RequestCreated,\n verifierId: options.verifier.verifierId,\n expiresAt: utils.addSecondsToDate(new Date(), this.config.authorizationRequestExpiresInSeconds),\n openId4VpVersion: version,\n })\n await this.openId4VcVerificationSessionRepository.save(agentContext, verificationSession)\n this.emitStateChangedEvent(agentContext, verificationSession, null)\n\n return {\n authorizationRequest: authorizationRequest.authorizationRequest,\n verificationSession,\n authorizationRequestObject: authorizationRequest.authorizationRequestObject,\n }\n }\n\n private async getDcqlVerifiedResponse(\n agentContext: AgentContext,\n _dcqlQuery: unknown,\n presentations: DcqlEncodedPresentations\n ) {\n const dcqlService = agentContext.dependencyManager.resolve(DcqlService)\n const dcqlQuery = dcqlService.validateDcqlQuery(_dcqlQuery)\n\n const dcqlPresentationEntries = Object.entries(presentations)\n const dcqlPresentation = Object.fromEntries(\n dcqlPresentationEntries.map(([credentialId, presentations]) => {\n const queryCredential = dcqlQuery.credentials.find((c) => c.id === credentialId)\n if (!queryCredential) {\n throw new CredoError(\n `vp_token contains presentation for credential query id '${credentialId}', but this credential is not present in the dcql query.`\n )\n }\n\n return [\n credentialId,\n mapNonEmptyArray(presentations, (presentation) =>\n this.decodePresentation(agentContext, {\n presentation,\n format: dcqlCredentialQueryToPresentationFormat(queryCredential),\n })\n ),\n ]\n })\n )\n\n const dcqlPresentationResult = await dcqlService.assertValidDcqlPresentation(\n agentContext,\n dcqlPresentation,\n dcqlQuery\n )\n\n return {\n query: dcqlQuery,\n presentations: dcqlPresentation,\n presentationResult: dcqlPresentationResult,\n } satisfies OpenId4VpVerifiedAuthorizationResponseDcql\n }\n\n private async parseAuthorizationResponse(\n agentContext: AgentContext,\n options: {\n authorizationResponse: Record<string, unknown>\n origin?: string\n verificationSession: OpenId4VcVerificationSessionRecord\n }\n ): Promise<ParsedOpenid4vpAuthorizationResponse & { verificationSession: OpenId4VcVerificationSessionRecord }> {\n const openid4vpVerifier = this.getOpenid4vpVerifier(agentContext)\n\n const { authorizationResponse, verificationSession, origin } = options\n let parsedAuthorizationResponse: ParsedOpenid4vpAuthorizationResponse | undefined\n\n try {\n parsedAuthorizationResponse = await openid4vpVerifier.parseOpenid4vpAuthorizationResponse({\n authorizationResponse,\n origin,\n authorizationRequestPayload: verificationSession.requestPayload,\n callbacks: getOid4vcCallbacks(agentContext),\n })\n\n if (parsedAuthorizationResponse.jarm && parsedAuthorizationResponse.jarm.type !== JarmMode.Encrypted) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: `Only encrypted JARM responses are supported, received '${parsedAuthorizationResponse.jarm.type}'.`,\n })\n }\n\n return {\n ...parsedAuthorizationResponse,\n verificationSession,\n }\n } catch (error) {\n if (\n verificationSession?.state === OpenId4VcVerificationSessionState.RequestUriRetrieved ||\n verificationSession?.state === OpenId4VcVerificationSessionState.RequestCreated\n ) {\n const parsed = zOpenid4vpAuthorizationResponse.safeParse(\n parsedAuthorizationResponse?.authorizationResponsePayload\n )\n\n verificationSession.authorizationResponsePayload = parsed.success ? parsed.data : undefined\n verificationSession.errorMessage = error.message\n await this.updateState(agentContext, verificationSession, OpenId4VcVerificationSessionState.Error)\n }\n\n throw error\n }\n }\n\n public async verifyAuthorizationResponse(\n agentContext: AgentContext,\n options: OpenId4VpVerifyAuthorizationResponseOptions & {\n /**\n * The verification session associated with the response\n */\n verificationSession: OpenId4VcVerificationSessionRecord\n }\n ): Promise<OpenId4VpVerifiedAuthorizationResponse> {\n const { verificationSession, authorizationResponse, origin } = options\n const authorizationRequest = verificationSession.requestPayload\n const openid4vpVersion =\n verificationSession.openId4VpVersion ??\n (authorizationRequest.client_id_scheme !== undefined ? 'v1.draft21' : 'v1.draft24')\n\n if (\n verificationSession.state !== OpenId4VcVerificationSessionState.RequestUriRetrieved &&\n verificationSession.state !== OpenId4VcVerificationSessionState.RequestCreated\n ) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'Invalid session',\n })\n }\n\n if (verificationSession.expiresAt && Date.now() > verificationSession.expiresAt.getTime()) {\n verificationSession.errorMessage = 'session expired'\n await this.updateState(agentContext, verificationSession, OpenId4VcVerificationSessionState.Error)\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'session expired',\n })\n }\n\n const result = await this.parseAuthorizationResponse(agentContext, {\n verificationSession,\n authorizationResponse,\n origin,\n })\n\n // NOTE: we always currently include only one key, and also use 'use=enc'. If we change\n // that, we should change this. I think we should return the jarm key in the openid4vp lib\n // and match against that (and also ensure then it's present in client_metadata -> should not conflict with federation)\n const encryptionJwk = authorizationRequest.client_metadata?.jwks?.keys.find((key) => key.use === 'enc')\n const encryptionPublicJwk = encryptionJwk ? Kms.PublicJwk.fromUnknown(encryptionJwk) : undefined\n\n let dcqlResponse: OpenId4VpVerifiedAuthorizationResponseDcql | undefined\n let pexResponse: OpenId4VpVerifiedAuthorizationResponsePresentationExchange | undefined\n let transactionData: OpenId4VpVerifiedAuthorizationResponseTransactionData[] | undefined\n\n try {\n const parsedClientId = getOpenid4vpClientId({\n responseMode: authorizationRequest.response_mode,\n clientId: authorizationRequest.client_id,\n legacyClientIdScheme: authorizationRequest.client_id_scheme,\n origin: options.origin,\n version: openid4vpVersion === 'v1' ? 100 : openid4vpVersion === 'v1.draft24' ? 24 : 21,\n })\n\n const clientId = parsedClientId.effectiveClientId\n const isDcApiRequest = isOpenid4vpAuthorizationRequestDcApi(authorizationRequest)\n\n // TODO: we should return the effectiveAudience in the returned value of openid4vp lib\n // Since it differs based on the version of openid4vp used\n // NOTE: in v1 DC API request the audience is always origin: (not the client id)\n const audience = openid4vpVersion === 'v1' && isDcApiRequest ? `origin:${options.origin}` : clientId\n\n const responseUri = isOpenid4vpAuthorizationRequestDcApi(authorizationRequest)\n ? undefined\n : authorizationRequest.response_uri\n\n // NOTE: apu is needed for mDOC over OID4VP without DC API up to draft 24\n const mdocGeneratedNonce = result.jarm?.jarmHeader.apu\n ? TypedArrayEncoder.toUtf8String(TypedArrayEncoder.fromBase64(result.jarm?.jarmHeader.apu))\n : undefined\n\n if (result.type === 'dcql') {\n const dcqlPresentationEntries = Object.entries(result.dcql.presentations)\n if (!authorizationRequest.dcql_query) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'DCQL response provided but no dcql_query found in the authorization request.',\n })\n }\n\n const dcql = agentContext.dependencyManager.resolve(DcqlService)\n const dcqlQuery = dcql.validateDcqlQuery(authorizationRequest.dcql_query)\n\n const presentationVerificationResults = await Promise.all(\n dcqlPresentationEntries.map(async ([credentialId, presentations]) => {\n const queryCredential = dcqlQuery.credentials.find((c) => c.id === credentialId)\n if (!queryCredential) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: `vp_token contains presentation for credential query id '${credentialId}', but this credential is not present in the dcql query.`,\n })\n }\n\n const verifiedPresentations = await Promise.all(\n mapNonEmptyArray(presentations, (presentation) =>\n this.verifyPresentation(agentContext, {\n format: dcqlCredentialQueryToPresentationFormat(queryCredential),\n nonce: authorizationRequest.nonce,\n audience,\n version: openid4vpVersion,\n clientId,\n encryptionJwk: encryptionPublicJwk,\n origin: options.origin,\n responseUri,\n mdocGeneratedNonce,\n verificationSessionId: result.verificationSession.id,\n presentation,\n })\n )\n )\n return [credentialId, verifiedPresentations] as const\n })\n )\n\n const errorMessages = presentationVerificationResults\n .flatMap(([credentialId, presentations], index) =>\n presentations.map((result) =>\n !result.verified ? `\\t- ${credentialId}[${index}]: ${result.reason}` : undefined\n )\n )\n .filter((i) => i !== undefined)\n if (errorMessages.length > 0) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'One or more presentations failed verification.',\n },\n { internalMessage: errorMessages.join('\\n') }\n )\n }\n\n // We can be certain here that all presentations passed verification\n const presentations = Object.fromEntries(\n presentationVerificationResults.map(\n ([credentialId, presentations]) =>\n [\n credentialId,\n presentations\n .map((p) => (p.verified ? p.presentation : undefined))\n // NOTE: we add NonEmpty cast here since it's needed for DCQL, and because we\n // previously ensured all items are valid, we can be sure this arary is non empty\n // even after the filter.\n .filter((p) => p !== undefined) as NonEmptyArray<VerifiablePresentation>,\n ] as const\n )\n )\n\n try {\n const presentationResult = await dcql.assertValidDcqlPresentation(agentContext, presentations, dcqlQuery)\n\n dcqlResponse = {\n presentations,\n presentationResult,\n query: dcqlQuery,\n }\n } catch (error) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'Presentation submission does not satisfy presentation request.',\n },\n { cause: error }\n )\n }\n }\n\n if (result.type === 'pex') {\n const pex = agentContext.dependencyManager.resolve(DifPresentationExchangeService)\n\n const encodedPresentations = result.pex.presentations\n const submission = result.pex.presentationSubmission as DifPresentationExchangeSubmission\n const definition = result.pex.presentationDefinition as unknown as DifPresentationExchangeDefinition\n\n pex.validatePresentationDefinition(definition)\n\n try {\n pex.validatePresentationSubmission(submission)\n } catch (error) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'Invalid presentation submission.',\n },\n { cause: error }\n )\n }\n\n const presentationsArray = Array.isArray(encodedPresentations) ? encodedPresentations : [encodedPresentations]\n const presentationVerificationResults = await Promise.all(\n presentationsArray.map((presentation) => {\n return this.verifyPresentation(agentContext, {\n nonce: authorizationRequest.nonce,\n audience,\n clientId,\n version: openid4vpVersion,\n encryptionJwk: encryptionPublicJwk,\n responseUri,\n mdocGeneratedNonce,\n verificationSessionId: result.verificationSession.id,\n presentation,\n format: this.claimFormatFromEncodedPresentation(presentation),\n origin: options.origin,\n })\n })\n )\n\n const errorMessages = presentationVerificationResults\n .map((result, index) => (!result.verified ? `\\t- [${index}]: ${result.reason}` : undefined))\n .filter((i) => i !== undefined)\n if (errorMessages.length > 0) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'One or more presentations failed verification.',\n },\n { internalMessage: errorMessages.join('\\n') }\n )\n }\n\n const verifiablePresentations = presentationVerificationResults\n .map((p) => (p.verified ? p.presentation : undefined))\n .filter((p) => p !== undefined)\n\n try {\n pex.validatePresentation(\n definition,\n // vp_token MUST not be an array if only one entry\n verifiablePresentations.length === 1 ? verifiablePresentations[0] : verifiablePresentations,\n submission\n )\n } catch (error) {\n throw new Oauth2ServerErrorResponseError(\n {\n error: Oauth2ErrorCodes.InvalidRequest,\n error_description: 'Presentation submission does not satisfy presentation request.',\n },\n { cause: error }\n )\n }\n\n const descriptors = extractPresentationsWithDescriptorsFromSubmission(\n // vp_token MUST not be an array if only one entry\n verifiablePresentations.length === 1 ? verifiablePresentations[0] : verifiablePresentations,\n submission,\n definition\n )\n\n pexResponse = {\n definition,\n descriptors,\n presentations: verifiablePresentations,\n submission,\n }\n }\n\n transactionData = await this.getVerifiedTransactionData(agentContext, {\n authorizationRequest,\n dcql: dcqlResponse,\n presentationExchange: pexResponse,\n })\n } catch (error) {\n result.verificationSession.errorMessage = error.message\n await this.updateState(agentContext, result.verificationSession, OpenId4VcVerificationSessionState.Error)\n throw error\n }\n\n result.verificationSession.authorizationResponsePayload = result.authorizationResponsePayload\n await this.updateState(agentContext, result.verificationSession, OpenId4VcVerificationSessionState.ResponseVerified)\n\n return {\n presentationExchange: pexResponse,\n dcql: dcqlResponse,\n transactionData,\n verificationSession: result.verificationSession,\n }\n }\n\n /**\n * Get the format based on an encoded presentation. This is mostly leveraged for\n * PEX where it's not known based on the request which format to expect\n */\n private claimFormatFromEncodedPresentation(\n presentation: string | Record<string, unknown>\n ): ClaimFormat.JwtVp | ClaimFormat.LdpVp | ClaimFormat.SdJwtDc | ClaimFormat.MsoMdoc {\n if (typeof presentation === 'object') return ClaimFormat.LdpVp\n if (presentation.includes('~')) return ClaimFormat.SdJwtDc\n if (Jwt.format.test(presentation)) return ClaimFormat.JwtVp\n\n // Fallback, we tried all other formats\n return ClaimFormat.MsoMdoc\n }\n\n public async getVerifiedAuthorizationResponse(\n agentContext: AgentContext,\n verificationSession: OpenId4VcVerificationSessionRecord\n ): Promise<OpenId4VpVerifiedAuthorizationResponse> {\n verificationSession.assertState(OpenId4VcVerificationSessionState.ResponseVerified)\n\n if (!verificationSession.authorizationResponsePayload) {\n throw new CredoError('No authorization response payload found in the verification session.')\n }\n\n const authorizationRequestPayload = verificationSession.requestPayload\n const openid4vpAuthorizationResponsePayload = verificationSession.authorizationResponsePayload\n const openid4vpVerifier = this.getOpenid4vpVerifier(agentContext)\n\n const result = openid4vpVerifier.validateOpenid4vpAuthorizationResponsePayload({\n authorizationRequestPayload: verificationSession.requestPayload,\n authorizationResponsePayload: openid4vpAuthorizationResponsePayload,\n })\n\n let presentationExchange: OpenId4VpVerifiedAuthorizationResponsePresentationExchange | undefined\n const dcql =\n result.type === 'dcql'\n ? await this.getDcqlVerifiedResponse(\n agentContext,\n authorizationRequestPayload.dcql_query,\n result.dcql.presentations\n )\n : undefined\n\n if (result.type === 'pex') {\n const presentationDefinition =\n authorizationRequestPayload.presentation_definition as unknown as DifPresentationExchangeDefinition\n const submission = openid4vpAuthorizationResponsePayload.presentation_submission as\n | DifPresentationExchangeSubmission\n | undefined\n\n if (!submission) {\n throw new CredoError('Unable to extract submission from the response.')\n }\n\n const verifiablePresentations = result.pex.presentations.map((presentation) =>\n this.decodePresentation(agentContext, {\n presentation,\n format: this.claimFormatFromEncodedPresentation(presentation),\n })\n )\n\n presentationExchange = {\n definition: presentationDefinition,\n submission,\n presentations: verifiablePresentations,\n descriptors: extractPresentationsWithDescriptorsFromSubmission(\n // vp_token MUST not be an array if only one entry\n verifiablePresentations.length === 1 ? verifiablePresentations[0] : verifiablePresentations,\n submission,\n presentationDefinition\n ),\n }\n }\n\n if (!presentationExchange && !dcql) {\n throw new CredoError('No presentationExchange or dcql found in the response.')\n }\n\n const transactionData = await this.getVerifiedTransactionData(agentContext, {\n authorizationRequest: authorizationRequestPayload,\n dcql,\n presentationExchange,\n })\n\n return {\n presentationExchange,\n dcql,\n transactionData,\n verificationSession,\n }\n }\n\n private async getVerifiedTransactionData(\n agentContext: AgentContext,\n {\n authorizationRequest,\n presentationExchange,\n dcql,\n }: {\n dcql?: OpenId4VpVerifiedAuthorizationResponseDcql\n presentationExchange?: OpenId4VpVerifiedAuthorizationResponsePresentationExchange\n authorizationRequest: OpenId4VpAuthorizationRequestPayload\n }\n ): Promise<OpenId4VpVerifiedAuthorizationResponseTransactionData[] | undefined> {\n if (!authorizationRequest.transaction_data) return undefined\n\n const openid4vpVerifier = this.getOpenid4vpVerifier(agentContext)\n const transactionDataHashesCredentials: TransactionDataHashesCredentials = {}\n\n // Extract presentations with credentialId\n const idToCredential = dcql\n ? Object.entries(dcql.presentations)\n : (presentationExchange?.descriptors.map(\n (descriptor) => [descriptor.descriptor.id, [descriptor.presentation]] as const\n ) ?? [])\n\n for (const [credentialId, presentations] of idToCredential) {\n // Only SD-JWT VC supported for now\n const transactionDataHashes = presentations.map((presentation) =>\n presentation.claimFormat === ClaimFormat.SdJwtDc ? getSdJwtVcTransactionDataHashes(presentation) : undefined\n )\n\n const firstHasHash = transactionDataHashes[0] !== undefined\n if (!transactionDataHashes.every((hash) => (firstHasHash ? hash !== undefined : hash === undefined))) {\n throw new Oauth2ServerErrorResponseError({\n error: Oauth2ErrorCodes.InvalidTransactionData,\n error_description: `Multipe presentations were submitted for credential query ${credentialId} but not all presentations includes a transaction data hash. Either all or none of the presentations for a credential query id should include a transaction data hash.`,\n })\n }\n\n if (!firstHasHash) continue\n\n transactionDataHashesCredentials[credentialId] = transactionDataHashes as [\n Exclude<(typeof transactionDataHashes)[number], undefined>,\n ]\n }\n\n // Verify the transaction data\n const transactionData = await openid4vpVerifier.verifyTransactionData({\n credentials: transactionDataHashesCredentials,\n transactionData: authorizationRequest.transaction_data,\n })\n\n return transactionData.map(({ credentialId, transactionDataEntry, presentations }) => ({\n credentialId,\n encoded: transactionDataEntry.encoded,\n decoded: transactionDataEntry.transactionData,\n transactionDataIndex: transactionDataEntry.transactionDataIndex,\n presentations: presentations.map((presentation) => ({\n presentationHashIndex: presentation.credentialHashIndex,\n hash: presentation.hash,\n // We only support the values supported by Credo hasher, so it can't be any other value than those.\n hashAlg: presentation.hashAlg as HashName,\n })) as OpenId4VpVerifiedAuthorizationResponseTransactionData['presentations'],\n }))\n }\n\n public async getAllVerifiers(agentContext: AgentContext) {\n return this.openId4VcVerifierRepository.getAll(agentContext)\n }\n\n public async getVerifierByVerifierId(agentContext: AgentContext, verifierId: string) {\n return this.openId4VcVerifierRepository.getByVerifierId(agentContext, verifierId)\n }\n\n public async updateVerifier(agentContext: AgentContext, verifier: OpenId4VcVerifierRecord) {\n return this.openId4VcVerifierRepository.update(agentContext, verifier)\n }\n\n public async createVerifier(agentContext: AgentContext, options?: OpenId4VpCreateVerifierOptions) {\n const openId4VcVerifier = new OpenId4VcVerifierRecord({\n verifierId: options?.verifierId ?? utils.uuid(),\n clientMetadata: options?.clientMetadata,\n })\n\n await this.openId4VcVerifierRepository.save(agentContext, openId4VcVerifier)\n await storeActorIdForContextCorrelationId(agentContext, openId4VcVerifier.verifierId)\n return openId4VcVerifier\n }\n\n public async findVerificationSessionsByQuery(\n agentContext: AgentContext,\n query: Query<OpenId4VcVerificationSessionRecord>,\n queryOptions?: QueryOptions\n ) {\n return this.openId4VcVerificationSessionRepository.findByQuery(agentContext, query, queryOptions)\n }\n\n public async getVerificationSessionById(agentContext: AgentContext, verificationSessionId: string) {\n return this.openId4VcVerificationSessionRepository.getById(agentContext, verificationSessionId)\n }\n\n private async getClientMetadata(\n agentContext: AgentContext,\n options: {\n responseMode: ResponseMode\n verifier: OpenId4VcVerifierRecord\n authorizationResponseUrl: string\n dcqlQuery?: DcqlQuery\n version: NonNullable<OpenId4VpCreateAuthorizationRequestOptions['version']>\n }\n ): Promise<ClientMetadata> {\n const { responseMode, verifier } = options\n\n const signatureSuiteRegistry = agentContext.resolve(SignatureSuiteRegistry)\n const kms = agentContext.resolve(Kms.KeyManagementApi)\n const supportedAlgs = getSupportedJwaSignatureAlgorithms(agentContext) as [\n Kms.KnownJwaSignatureAlgorithm,\n ...Kms.KnownJwaSignatureAlgorithm[],\n ]\n const supportedMdocAlgs = supportedAlgs.filter(isMdocSupportedSignatureAlgorithm) as [\n MdocSupportedSignatureAlgorithm,\n ...MdocSupportedSignatureAlgorithm[],\n ]\n const supportedProofTypes = signatureSuiteRegistry.supportedProofTypes\n\n type JarmEncryptionJwk = Kms.Jwk & { kid: string; use: 'enc' }\n let jarmEncryptionJwk: JarmEncryptionJwk | undefined\n\n if (isJarmResponseMode(responseMode)) {\n const key = await kms.createKey({ type: { crv: 'P-256', kty: 'EC' } })\n jarmEncryptionJwk = { ...key.publicJwk, use: 'enc' }\n }\n\n const jarmClientMetadata:\n | Pick<\n ClientMetadata,\n | 'jwks'\n | 'encrypted_response_enc_values_supported'\n | 'authorization_encrypted_response_alg'\n | 'authorization_encrypted_response_enc'\n >\n | undefined = jarmEncryptionJwk\n ? {\n jwks: { keys: [jarmEncryptionJwk as Jwk] },\n\n ...(options.version === 'v1'\n ? {\n encrypted_response_enc_values_supported: ['A128GCM', 'A256GCM', 'A128CBC-HS256'],\n }\n : {\n authorization_encrypted_response_alg: 'ECDH-ES',\n\n // NOTE: pre draft 24 we could only include one version. To maximize compatiblity we use\n // - A128GCM for draft 24 (HAIP)\n // - A256GCM for draft 21 (18013-7)\n authorization_encrypted_response_enc: options.version === 'v1.draft24' ? 'A128GCM' : 'A256GCM',\n }),\n }\n : undefined\n\n const dclqQueryFormats = new Set(options.dcqlQuery?.credentials.map((c) => c.format))\n\n return {\n ...jarmClientMetadata,\n ...verifier.clientMetadata,\n response_types_supported: ['vp_token'],\n\n // for v1 version we only include the vp_formats_supported for formats we're\n // requesting.\n ...(options.version === 'v1'\n ? {\n vp_formats_supported: {\n ...(dclqQueryFormats.has('dc+sd-jwt')\n ? {\n 'dc+sd-jwt': {\n 'kb-jwt_alg_values': supportedAlgs,\n 'sd-jwt_alg_values': supportedAlgs,\n },\n }\n : {}),\n\n ...(dclqQueryFormats.has('mso_mdoc')\n ? {\n mso_mdoc: {\n // TODO: we need to add some generic utils for fully specified COSE algorithms\n deviceauth_alg_values: [/* P-256 */ -9, /* P-384 */ -51, /* Ed25519 */ -19],\n issuerauth_alg_values: [/* P-256 */ -9, /* P-384 */ -51, /* Ed25519 */ -19],\n },\n }\n : {}),\n\n ...(dclqQueryFormats.has('jwt_vc_json')\n ? {\n jwt_vc_json: {\n alg_values: supportedAlgs,\n },\n }\n : {}),\n\n ...(dclqQueryFormats.has('ldp_vc')\n ? {\n ldp_vc: {\n proof_type_values: supportedProofTypes as [string, ...string[]],\n },\n }\n : {}),\n },\n }\n : {\n vp_formats: {\n mso_mdoc: {\n alg: supportedMdocAlgs,\n },\n jwt_vc: {\n alg: supportedAlgs,\n },\n jwt_vc_json: {\n alg: supportedAlgs,\n },\n jwt_vp_json: {\n alg: supportedAlgs,\n },\n jwt_vp: {\n alg: supportedAlgs,\n },\n ldp_vc: {\n proof_type: supportedProofTypes,\n },\n ldp_vp: {\n proof_type: supportedProofTypes,\n },\n 'vc+sd-jwt': {\n 'kb-jwt_alg_values': supportedAlgs,\n 'sd-jwt_alg_values': supportedAlgs,\n },\n 'dc+sd-jwt': {\n 'kb-jwt_alg_values': supportedAlgs,\n 'sd-jwt_alg_values': supportedAlgs,\n },\n },\n }),\n }\n }\n\n private decodePresentation(\n agentContext: AgentContext,\n options: {\n presentation: string | Record<string, unknown>\n format: ClaimFormat.JwtVp | ClaimFormat.LdpVp | ClaimFormat.SdJwtDc | ClaimFormat.MsoMdoc | ClaimFormat.SdJwtW3cVp\n }\n ): VerifiablePresentation {\n const { presentation, format } = options\n\n if (format === ClaimFormat.SdJwtDc) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n const sdJwtVcApi = agentContext.dependencyManager.resolve(SdJwtVcApi)\n\n const sdJwtVc = sdJwtVcApi.fromCompact(presentation)\n return sdJwtVc\n }\n if (format === ClaimFormat.MsoMdoc) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n const mdocDeviceResponse = MdocDeviceResponse.fromBase64Url(presentation)\n return mdocDeviceResponse\n }\n if (format === ClaimFormat.JwtVp) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n return W3cJwtVerifiablePresentation.fromSerializedJwt(presentation)\n }\n if (format === ClaimFormat.SdJwtW3cVp) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n return W3cV2SdJwtVerifiablePresentation.fromCompact(presentation)\n }\n\n return JsonTransformer.fromJSON(presentation, W3cJsonLdVerifiablePresentation)\n }\n\n private async verifyPresentation(\n agentContext: AgentContext,\n options: {\n nonce: string\n audience: string\n clientId: string\n responseUri?: string\n mdocGeneratedNonce?: string\n origin?: string\n verificationSessionId: string\n presentation: string | Record<string, unknown>\n format: ClaimFormat.LdpVp | ClaimFormat.JwtVp | ClaimFormat.SdJwtW3cVp | ClaimFormat.SdJwtDc | ClaimFormat.MsoMdoc\n version: OpenId4VpVersion\n encryptionJwk?: Kms.PublicJwk\n }\n ): Promise<\n | {\n verified: true\n presentation: VerifiablePresentation\n transactionData?: TransactionDataHashesCredentials[string]\n }\n | { verified: false; reason: string }\n > {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const sdJwtVcApi = agentContext.dependencyManager.resolve(SdJwtVcApi)\n\n const { presentation, format } = options\n\n try {\n this.logger.trace('Presentation response', JsonTransformer.toJSON(presentation))\n\n let isValid: boolean\n let cause: Error | undefined\n let verifiablePresentation: VerifiablePresentation\n\n if (format === ClaimFormat.SdJwtDc) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n\n const sdJwtVc = sdJwtVcApi.fromCompact(presentation)\n const jwt = Jwt.fromSerializedJwt(presentation.split('~')[0])\n const certificateChain = extractX509CertificatesFromJwt(jwt)\n\n let trustedCertificates: string[] | undefined\n if (certificateChain && x509Config.getTrustedCertificatesForVerification) {\n trustedCertificates = await x509Config.getTrustedCertificatesForVerification(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: sdJwtVc,\n openId4VcVerificationSessionId: options.verificationSessionId,\n },\n })\n }\n\n if (!trustedCertificates) {\n // We also take from the config here to avoid the callback being called again\n trustedCertificates = x509Config.trustedCertificates ?? []\n }\n\n const verificationResult = await sdJwtVcApi.verify({\n compactSdJwtVc: presentation,\n keyBinding: {\n audience: options.audience,\n nonce: options.nonce,\n },\n trustedCertificates,\n })\n\n isValid = verificationResult.isValid\n cause = verificationResult.isValid ? undefined : verificationResult.error\n verifiablePresentation = sdJwtVc\n } else if (format === ClaimFormat.MsoMdoc) {\n if (typeof presentation !== 'string') {\n throw new CredoError('Expected vp_token entry for format mso_mdoc to be of type string')\n }\n const mdocDeviceResponse = MdocDeviceResponse.fromBase64Url(presentation)\n if (mdocDeviceResponse.documents.length === 0) {\n throw new CredoError('mdoc device response does not contain any mdocs')\n }\n\n const deviceResponses = mdocDeviceResponse.splitIntoSingleDocumentResponses()\n\n for (const deviceResponseIndex of deviceResponses.keys()) {\n const mdocDeviceResponse = deviceResponses[deviceResponseIndex]\n\n const document = mdocDeviceResponse.documents[0]\n const certificateChain = document.issuerSignedCertificateChain.map((cert) =>\n X509Certificate.fromRawCertificate(cert)\n )\n\n const trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: document,\n openId4VcVerificationSessionId: options.verificationSessionId,\n },\n })\n\n let sessionTranscriptOptions: MdocSessionTranscriptOptions\n if (options.origin && options.version === 'v1') {\n sessionTranscriptOptions = {\n type: 'openId4VpDcApi',\n verifierGeneratedNonce: options.nonce,\n origin: options.origin,\n encryptionJwk: options.encryptionJwk,\n }\n } else if (options.origin) {\n sessionTranscriptOptions = {\n type: 'openId4VpDcApiDraft24',\n clientId: options.clientId,\n verifierGeneratedNonce: options.nonce,\n origin: options.origin,\n }\n } else if (options.version === 'v1') {\n if (!options.responseUri) {\n throw new CredoError('responseUri is required for mdoc openid4vp session transcript calculation')\n }\n\n sessionTranscriptOptions = {\n type: 'openId4Vp',\n clientId: options.clientId,\n responseUri: options.responseUri,\n verifierGeneratedNonce: options.nonce,\n encryptionJwk: options.encryptionJwk,\n }\n } else {\n if (!options.mdocGeneratedNonce || !options.responseUri) {\n throw new CredoError(\n 'mdocGeneratedNonce and responseUri are required for mdoc openid4vp session transcript calculation'\n )\n }\n\n sessionTranscriptOptions = {\n type: 'openId4VpDraft18',\n clientId: options.clientId,\n mdocGeneratedNonce: options.mdocGeneratedNonce,\n responseUri: options.responseUri,\n verifierGeneratedNonce: options.nonce,\n }\n }\n\n await mdocDeviceResponse.verify(agentContext, {\n sessionTranscriptOptions,\n trustedCertificates,\n })\n }\n // TODO: extract transaction data hashes once https://github.com/openid/OpenID4VP/pull/330 is resolved\n\n isValid = true\n verifiablePresentation = mdocDeviceResponse\n } else if (format === ClaimFormat.JwtVp) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n\n verifiablePresentation = W3cJwtVerifiablePresentation.fromSerializedJwt(presentation)\n const verificationResult = await this.w3cCredentialService.verifyPresentation(agentContext, {\n presentation,\n challenge: options.nonce,\n domain: options.audience,\n })\n\n isValid = verificationResult.isValid\n cause = verificationResult.error\n } else if (format === ClaimFormat.SdJwtW3cVp) {\n if (typeof presentation !== 'string') {\n throw new CredoError(`Expected vp_token entry for format ${format} to be of type string`)\n }\n\n verifiablePresentation = W3cV2SdJwtVerifiablePresentation.fromCompact(presentation)\n const verificationResult = await this.w3cV2CredentialService.verifyPresentation(agentContext, {\n presentation: verifiablePresentation,\n challenge: options.nonce,\n domain: options.audience,\n })\n\n isValid = verificationResult.isValid\n cause = verificationResult.error\n } else {\n verifiablePresentation = JsonTransformer.fromJSON(presentation, W3cJsonLdVerifiablePresentation)\n const verificationResult = await this.w3cCredentialService.verifyPresentation(agentContext, {\n presentation: verifiablePresentation,\n challenge: options.nonce,\n domain: options.audience,\n })\n\n isValid = verificationResult.isValid\n cause = verificationResult.error\n }\n\n if (!isValid) {\n throw new CredoError(`Error occured during verification of presentation.${cause ? ` ${cause.message}` : ''}`, {\n cause,\n })\n }\n\n return {\n verified: true,\n presentation: verifiablePresentation,\n }\n } catch (error) {\n agentContext.config.logger.warn('Error occurred during verification of presentation', {\n error,\n })\n return {\n verified: false,\n reason: error.message,\n }\n }\n }\n\n /**\n * Update the record to a new state and emit an state changed event. Also updates the record\n * in storage.\n */\n public async updateState(\n agentContext: AgentContext,\n verificationSession: OpenId4VcVerificationSessionRecord,\n newState: OpenId4VcVerificationSessionState\n ) {\n agentContext.config.logger.debug(\n `Updating openid4vc verification session record ${verificationSession.id} to state ${newState} (previous=${verificationSession.state})`\n )\n\n const previousState = verificationSession.state\n verificationSession.state = newState\n await this.openId4VcVerificationSessionRepository.update(agentContext, verificationSession)\n\n this.emitStateChangedEvent(agentContext, verificationSession, previousState)\n }\n\n protected emitStateChangedEvent(\n agentContext: AgentContext,\n verificationSession: OpenId4VcVerificationSessionRecord,\n previousState: OpenId4VcVerificationSessionState | null\n ) {\n const eventEmitter = agentContext.dependencyManager.resolve(EventEmitter)\n\n eventEmitter.emit<OpenId4VcVerificationSessionStateChangedEvent>(agentContext, {\n type: OpenId4VcVerifierEvents.VerificationSessionStateChanged,\n payload: {\n verificationSession: verificationSession.clone(),\n previousState,\n },\n })\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAgGO,qCAAMA,2BAAyB;CACpC,AAAO,YACL,AAAyCC,QACzC,AAAQC,sBACR,AAAQC,wBACR,AAAQC,6BACR,AAAQC,QACR,AAAQC,wCACR;EANyC;EACjC;EACA;EACA;EACA;EACA;;CAGV,AAAQ,qBAAqB,cAA4B;AAIvD,SAFwB,IAAI,kBAAkB,EAAE,WAD9B,mBAAmB,aAAa,EACS,CAAC;;CAK9D,MAAa,2BACX,cACA,SACoD;EACpD,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;EACtD,MAAM,QAAQ,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC;EAC5E,MAAM,QAAQ,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC;EAE5E,MAAM,eAAe,QAAQ,gBAAgB;EAC7C,MAAM,iBAAiB,iBAAiB,YAAY,iBAAiB;EAErE,MAAM,UAAU,QAAQ,WAAW;AACnC,MAAI,YAAY,gBAAgB,eAC9B,OAAM,IAAI,WACR,sBAAsB,QAAQ,sCAAsC,QAAQ,aAAa,8CAC1F;AAEH,MAAI,YAAY,gBAAgB,QAAQ,gBACtC,OAAM,IAAI,WACR,sBAAsB,QAAQ,kFAC/B;AAEH,MAAI,YAAY,gBAAgB,QAAQ,KACtC,OAAM,IAAI,WACR,sBAAsB,QAAQ,uEAC/B;AAEH,MAAI,YAAY,QAAQ,QAAQ,aAC9B,OAAM,IAAI,WAAW,sBAAsB,QAAQ,+DAA+D;AAEpH,MAAI,YAAY,QAAQ,QAAQ,qBAC9B,OAAM,IAAI,WACR,sBAAsB,QAAQ,kIAC/B;AAIH,MAAI,QAAQ,MAAM,MAAM,YAAY,MAAM,MAAM,EAAE,yCAAyC,MAAM,CAC/F,OAAM,IAAI,WACR,qLACD;AAGH,MAAI,kBAAkB,QAAQ,iCAC5B,OAAM,IAAI,WACR,qGACD;EAIH,MAAM,iBACJ,QAAQ,sBAAsB,WAAW,kBAAkB,MAAM,MAAM,EAAE,QAAQ,SAAS,IAC1F,QAAQ,MAAM,MAAM,YAAY,MAAM,MAAM,EAAE,WAAW,WAAW;AAEtE,OAAK,YAAY,gBAAgB,YAAY,iBAAiB,iBAAiB,iBAAiB,eAC9F,OAAM,IAAI,WACR,yUACD;AAGH,MAAI,QAAQ,cAAc;GACxB,MAAM,WACJ,SAAS,MAAM,MAAM,YAAY,KAAK,EAAE,SAAS,GAAG,IACpD,SAAS,sBAAsB,WAAW,kBAAkB,KAAK,EAAE,SAAS,GAAG,IAC/E,EAAE;AAMJ,OAAI,CAJ0B,QAAQ,aAAa,OAChD,OAAO,CAAC,GAAG,kBAAkB,GAAG,eAAe,OAAO,iBAAiB,SAAS,SAAS,aAAa,CAAC,CACzG,CAGC,OAAM,IAAI,WACR,0HACD;;EAIL,MAAM,yBAAyB,MAAM,MAAM;EAG3C,MAAM,2BAA2B,GAAG,aAAa,KAAK,OAAO,SAAS,CAAC,QAAQ,SAAS,YAAY,KAAK,OAAO,sBAAsB,CAAC,CAAC,WAAW;EAEnJ,MAAM,YACJ,QAAQ,cAAc,WAAW,SAC7B,MAAM,mCAAmC,cAAc,QAAQ,cAAc,GAC7E;EAEN,IAAIC;EACJ,IAAIC;AAEJ,MAAI,CAAC,UACH,KAAI,gBAAgB;AAClB,oBAAiB,YAAY,OAAO,WAAW;AAC/C,cAAW;SACN;AACL,oBAAiB;AACjB,cAAW;;WAEJ,WAAW,WAAW,OAAO;GACtC,MAAM,kBAAkB,YAAY,mBAAmB,cAAc,EAAE,kBAAkB,UAAU,KAAK,CAAC;AAEzG,OACE,CAAC,yBAAyB,WAAW,WAAW,IAChD,EAAE,yBAAyB,WAAW,UAAU,IAAI,aAAa,OAAO,uBAExE,OAAM,IAAI,WAAW,mDAAmD;AAG1E,OAAI,QAAQ,cAAc,WAAW,SAAS,QAAQ,cAAc,mBAAmB,aAAa;AAClG,qBAAiB;AACjB,eAAW,MAAM,qCAAqC;KACpD,iBAAiB,gBAAgB;KACjC,MAAM,OAAO;KACd,CAAC;UACG;AACL,QAAI,CAAC,gBAAgB,YAAY,SAAS,iBAAiB,yBAAyB,CAAC,EAAE;KACrF,MAAM,gBACJ,gBAAgB,YAAY,SAAS,IACjC,qBAAqB,gBAAgB,YAAY,KAAK,KAAK,KAC3D;AAEN,WAAM,IAAI,WACR,uHAAuH,iBAAiB,yBAAyB,CAAC,MAAM,gBACzK;;AAGH,qBAAiB;AACjB,eAAW,iBAAiB,yBAAyB;;aAE9C,WAAW,WAAW,OAAO;AACtC,cAAW,UAAU,OAAO,MAAM,IAAI,CAAC;AACvC,oBAAiB,YAAY,OAAO,6BAA6B;QAEjE,OAAM,IAAI,WACR,kCAAkC,QAAQ,cAAc,OAAO,wCAChE;EAIH,MAAM,gCACJ,CAAC,kBAAkB,YACf,aAAa,KAAK,OAAO,SAAS;GAChC,QAAQ,SAAS;GACjB,KAAK,OAAO;GACZ;GACD,CAAC,GAEF;EAEN,MAAM,YAEJ,mBAAmB,SAAU,mBAA8B,WAAW,YAAY,eAC9E,WACA,GAAG,eAAe,GAAG;EAG3B,MAAM,uBACJ,YAAY,gBACZ,mBAAmB,gBACnB,mBAAmB,YACnB,mBAAmB,6BACf,iBACA;EAEN,MAAM,kBAAkB,MAAM,KAAK,kBAAkB,cAAc;GACjE;GACA,UAAU,QAAQ;GAClB;GACA;GAGA,WAAW,QAAQ,MAAM;GAC1B,CAAC;EAEF,MAAM,oBAAoB;GACxB;GACA,yBAAyB,QAAQ,sBAAsB;GACvD,YAAY,QAAQ,MAAM;GAC1B,kBAAkB,QAAQ,iBAAiB,KAAK,UAAU,YAAY,YAAY,MAAM,CAAC;GACzF,eAAe;GACf,eAAe;GACf;GACA,eAAe,QAAQ;GACxB;EAGD,MAAM,uBAAuB,MADH,KAAK,qBAAqB,aAAa,CACZ,oCAAoC;GACvF,KAAK,YACD;IACE,WAAW;IACX,YAAY;IACZ,kBAAkB,KAAK,OAAO;IAC/B,GACD;GACJ,6BACE,kBAAkB,kBAAkB,gBAAgB,kBAAkB,kBAAkB,WACpF;IACE,GAAG;IAEH,WAAW,YAAY,YAAY;IACnC,eAAe,kBAAkB;IACjC,kBAAkB,QAAQ;IAC3B,GACD;IACE,GAAG;IACH,eAAe,kBAAkB;IACtB;IACX;IACA,cAAc;IACd,kBAAkB;IACnB;GACR,CAAC;EAEF,MAAM,sBAAsB,IAAI,mCAAmC;GACjE,kCAAkC,QAAQ;GAG1C,6BAA6B,qBAAqB,MAC9C,SACA,qBAAqB;GACzB,yBAAyB,qBAAqB,KAAK;GACnD,yBAAyB;GACzB;GACA,OAAO,kCAAkC;GACzC,YAAY,QAAQ,SAAS;GAC7B,WAAW,MAAM,iCAAiB,IAAI,MAAM,EAAE,KAAK,OAAO,qCAAqC;GAC/F,kBAAkB;GACnB,CAAC;AACF,QAAM,KAAK,uCAAuC,KAAK,cAAc,oBAAoB;AACzF,OAAK,sBAAsB,cAAc,qBAAqB,KAAK;AAEnE,SAAO;GACL,sBAAsB,qBAAqB;GAC3C;GACA,4BAA4B,qBAAqB;GAClD;;CAGH,MAAc,wBACZ,cACA,YACA,eACA;EACA,MAAM,cAAc,aAAa,kBAAkB,QAAQ,YAAY;EACvE,MAAM,YAAY,YAAY,kBAAkB,WAAW;EAE3D,MAAM,0BAA0B,OAAO,QAAQ,cAAc;EAC7D,MAAM,mBAAmB,OAAO,YAC9B,wBAAwB,KAAK,CAAC,cAAcC,qBAAmB;GAC7D,MAAM,kBAAkB,UAAU,YAAY,MAAM,MAAM,EAAE,OAAO,aAAa;AAChF,OAAI,CAAC,gBACH,OAAM,IAAI,WACR,2DAA2D,aAAa,0DACzE;AAGH,UAAO,CACL,cACA,iBAAiBA,kBAAgB,iBAC/B,KAAK,mBAAmB,cAAc;IACpC;IACA,QAAQ,wCAAwC,gBAAgB;IACjE,CAAC,CACH,CACF;IACD,CACH;AAQD,SAAO;GACL,OAAO;GACP,eAAe;GACf,oBAT6B,MAAM,YAAY,4BAC/C,cACA,kBACA,UACD;GAMA;;CAGH,MAAc,2BACZ,cACA,SAK6G;EAC7G,MAAM,oBAAoB,KAAK,qBAAqB,aAAa;EAEjE,MAAM,EAAE,uBAAuB,qBAAqB,WAAW;EAC/D,IAAIC;AAEJ,MAAI;AACF,iCAA8B,MAAM,kBAAkB,oCAAoC;IACxF;IACA;IACA,6BAA6B,oBAAoB;IACjD,WAAW,mBAAmB,aAAa;IAC5C,CAAC;AAEF,OAAI,4BAA4B,QAAQ,4BAA4B,KAAK,SAAS,SAAS,UACzF,OAAM,IAAI,+BAA+B;IACvC,OAAO,iBAAiB;IACxB,mBAAmB,0DAA0D,4BAA4B,KAAK,KAAK;IACpH,CAAC;AAGJ,UAAO;IACL,GAAG;IACH;IACD;WACM,OAAO;AACd,OACE,qBAAqB,UAAU,kCAAkC,uBACjE,qBAAqB,UAAU,kCAAkC,gBACjE;IACA,MAAM,SAAS,gCAAgC,UAC7C,6BAA6B,6BAC9B;AAED,wBAAoB,+BAA+B,OAAO,UAAU,OAAO,OAAO;AAClF,wBAAoB,eAAe,MAAM;AACzC,UAAM,KAAK,YAAY,cAAc,qBAAqB,kCAAkC,MAAM;;AAGpG,SAAM;;;CAIV,MAAa,4BACX,cACA,SAMiD;EACjD,MAAM,EAAE,qBAAqB,uBAAuB,WAAW;EAC/D,MAAM,uBAAuB,oBAAoB;EACjD,MAAM,mBACJ,oBAAoB,qBACnB,qBAAqB,qBAAqB,SAAY,eAAe;AAExE,MACE,oBAAoB,UAAU,kCAAkC,uBAChE,oBAAoB,UAAU,kCAAkC,eAEhE,OAAM,IAAI,+BAA+B;GACvC,OAAO,iBAAiB;GACxB,mBAAmB;GACpB,CAAC;AAGJ,MAAI,oBAAoB,aAAa,KAAK,KAAK,GAAG,oBAAoB,UAAU,SAAS,EAAE;AACzF,uBAAoB,eAAe;AACnC,SAAM,KAAK,YAAY,cAAc,qBAAqB,kCAAkC,MAAM;AAClG,SAAM,IAAI,+BAA+B;IACvC,OAAO,iBAAiB;IACxB,mBAAmB;IACpB,CAAC;;EAGJ,MAAM,SAAS,MAAM,KAAK,2BAA2B,cAAc;GACjE;GACA;GACA;GACD,CAAC;EAKF,MAAM,gBAAgB,qBAAqB,iBAAiB,MAAM,KAAK,MAAM,QAAQ,IAAI,QAAQ,MAAM;EACvG,MAAM,sBAAsB,gBAAgB,IAAI,UAAU,YAAY,cAAc,GAAG;EAEvF,IAAIC;EACJ,IAAIC;EACJ,IAAIC;AAEJ,MAAI;GASF,MAAM,WARiB,qBAAqB;IAC1C,cAAc,qBAAqB;IACnC,UAAU,qBAAqB;IAC/B,sBAAsB,qBAAqB;IAC3C,QAAQ,QAAQ;IAChB,SAAS,qBAAqB,OAAO,MAAM,qBAAqB,eAAe,KAAK;IACrF,CAAC,CAE8B;GAChC,MAAM,iBAAiB,qCAAqC,qBAAqB;GAKjF,MAAM,WAAW,qBAAqB,QAAQ,iBAAiB,UAAU,QAAQ,WAAW;GAE5F,MAAM,cAAc,qCAAqC,qBAAqB,GAC1E,SACA,qBAAqB;GAGzB,MAAM,qBAAqB,OAAO,MAAM,WAAW,MAC/C,kBAAkB,aAAa,kBAAkB,WAAW,OAAO,MAAM,WAAW,IAAI,CAAC,GACzF;AAEJ,OAAI,OAAO,SAAS,QAAQ;IAC1B,MAAM,0BAA0B,OAAO,QAAQ,OAAO,KAAK,cAAc;AACzE,QAAI,CAAC,qBAAqB,WACxB,OAAM,IAAI,+BAA+B;KACvC,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,CAAC;IAGJ,MAAM,OAAO,aAAa,kBAAkB,QAAQ,YAAY;IAChE,MAAM,YAAY,KAAK,kBAAkB,qBAAqB,WAAW;IAEzE,MAAM,kCAAkC,MAAM,QAAQ,IACpD,wBAAwB,IAAI,OAAO,CAAC,cAAcJ,qBAAmB;KACnE,MAAM,kBAAkB,UAAU,YAAY,MAAM,MAAM,EAAE,OAAO,aAAa;AAChF,SAAI,CAAC,gBACH,OAAM,IAAI,+BAA+B;MACvC,OAAO,iBAAiB;MACxB,mBAAmB,2DAA2D,aAAa;MAC5F,CAAC;AAoBJ,YAAO,CAAC,cAjBsB,MAAM,QAAQ,IAC1C,iBAAiBA,kBAAgB,iBAC/B,KAAK,mBAAmB,cAAc;MACpC,QAAQ,wCAAwC,gBAAgB;MAChE,OAAO,qBAAqB;MAC5B;MACA,SAAS;MACT;MACA,eAAe;MACf,QAAQ,QAAQ;MAChB;MACA;MACA,uBAAuB,OAAO,oBAAoB;MAClD;MACD,CAAC,CACH,CACF,CAC2C;MAC5C,CACH;IAED,MAAM,gBAAgB,gCACnB,SAAS,CAAC,cAAcA,kBAAgB,UACvCA,gBAAc,KAAK,aACjB,CAACK,SAAO,WAAW,OAAO,aAAa,GAAG,MAAM,KAAKA,SAAO,WAAW,OACxE,CACF,CACA,QAAQ,MAAM,MAAM,OAAU;AACjC,QAAI,cAAc,SAAS,EACzB,OAAM,IAAI,+BACR;KACE,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,EACD,EAAE,iBAAiB,cAAc,KAAK,KAAK,EAAE,CAC9C;IAIH,MAAM,gBAAgB,OAAO,YAC3B,gCAAgC,KAC7B,CAAC,cAAcL,qBACd,CACE,cACAA,gBACG,KAAK,MAAO,EAAE,WAAW,EAAE,eAAe,OAAW,CAIrD,QAAQ,MAAM,MAAM,OAAU,CAClC,CACJ,CACF;AAED,QAAI;AAGF,oBAAe;MACb;MACA,oBAJyB,MAAM,KAAK,4BAA4B,cAAc,eAAe,UAAU;MAKvG,OAAO;MACR;aACM,OAAO;AACd,WAAM,IAAI,+BACR;MACE,OAAO,iBAAiB;MACxB,mBAAmB;MACpB,EACD,EAAE,OAAO,OAAO,CACjB;;;AAIL,OAAI,OAAO,SAAS,OAAO;IACzB,MAAM,MAAM,aAAa,kBAAkB,QAAQ,+BAA+B;IAElF,MAAM,uBAAuB,OAAO,IAAI;IACxC,MAAM,aAAa,OAAO,IAAI;IAC9B,MAAM,aAAa,OAAO,IAAI;AAE9B,QAAI,+BAA+B,WAAW;AAE9C,QAAI;AACF,SAAI,+BAA+B,WAAW;aACvC,OAAO;AACd,WAAM,IAAI,+BACR;MACE,OAAO,iBAAiB;MACxB,mBAAmB;MACpB,EACD,EAAE,OAAO,OAAO,CACjB;;IAGH,MAAM,qBAAqB,MAAM,QAAQ,qBAAqB,GAAG,uBAAuB,CAAC,qBAAqB;IAC9G,MAAM,kCAAkC,MAAM,QAAQ,IACpD,mBAAmB,KAAK,iBAAiB;AACvC,YAAO,KAAK,mBAAmB,cAAc;MAC3C,OAAO,qBAAqB;MAC5B;MACA;MACA,SAAS;MACT,eAAe;MACf;MACA;MACA,uBAAuB,OAAO,oBAAoB;MAClD;MACA,QAAQ,KAAK,mCAAmC,aAAa;MAC7D,QAAQ,QAAQ;MACjB,CAAC;MACF,CACH;IAED,MAAM,gBAAgB,gCACnB,KAAK,UAAQ,UAAW,CAACK,SAAO,WAAW,QAAQ,MAAM,KAAKA,SAAO,WAAW,OAAW,CAC3F,QAAQ,MAAM,MAAM,OAAU;AACjC,QAAI,cAAc,SAAS,EACzB,OAAM,IAAI,+BACR;KACE,OAAO,iBAAiB;KACxB,mBAAmB;KACpB,EACD,EAAE,iBAAiB,cAAc,KAAK,KAAK,EAAE,CAC9C;IAGH,MAAM,0BAA0B,gCAC7B,KAAK,MAAO,EAAE,WAAW,EAAE,eAAe,OAAW,CACrD,QAAQ,MAAM,MAAM,OAAU;AAEjC,QAAI;AACF,SAAI,qBACF,YAEA,wBAAwB,WAAW,IAAI,wBAAwB,KAAK,yBACpE,WACD;aACM,OAAO;AACd,WAAM,IAAI,+BACR;MACE,OAAO,iBAAiB;MACxB,mBAAmB;MACpB,EACD,EAAE,OAAO,OAAO,CACjB;;AAUH,kBAAc;KACZ;KACA,aATkB,kDAElB,wBAAwB,WAAW,IAAI,wBAAwB,KAAK,yBACpE,YACA,WACD;KAKC,eAAe;KACf;KACD;;AAGH,qBAAkB,MAAM,KAAK,2BAA2B,cAAc;IACpE;IACA,MAAM;IACN,sBAAsB;IACvB,CAAC;WACK,OAAO;AACd,UAAO,oBAAoB,eAAe,MAAM;AAChD,SAAM,KAAK,YAAY,cAAc,OAAO,qBAAqB,kCAAkC,MAAM;AACzG,SAAM;;AAGR,SAAO,oBAAoB,+BAA+B,OAAO;AACjE,QAAM,KAAK,YAAY,cAAc,OAAO,qBAAqB,kCAAkC,iBAAiB;AAEpH,SAAO;GACL,sBAAsB;GACtB,MAAM;GACN;GACA,qBAAqB,OAAO;GAC7B;;;;;;CAOH,AAAQ,mCACN,cACmF;AACnF,MAAI,OAAO,iBAAiB,SAAU,QAAO,YAAY;AACzD,MAAI,aAAa,SAAS,IAAI,CAAE,QAAO,YAAY;AACnD,MAAI,IAAI,OAAO,KAAK,aAAa,CAAE,QAAO,YAAY;AAGtD,SAAO,YAAY;;CAGrB,MAAa,iCACX,cACA,qBACiD;AACjD,sBAAoB,YAAY,kCAAkC,iBAAiB;AAEnF,MAAI,CAAC,oBAAoB,6BACvB,OAAM,IAAI,WAAW,uEAAuE;EAG9F,MAAM,8BAA8B,oBAAoB;EACxD,MAAM,wCAAwC,oBAAoB;EAGlE,MAAM,SAFoB,KAAK,qBAAqB,aAAa,CAEhC,8CAA8C;GAC7E,6BAA6B,oBAAoB;GACjD,8BAA8B;GAC/B,CAAC;EAEF,IAAIC;EACJ,MAAM,OACJ,OAAO,SAAS,SACZ,MAAM,KAAK,wBACT,cACA,4BAA4B,YAC5B,OAAO,KAAK,cACb,GACD;AAEN,MAAI,OAAO,SAAS,OAAO;GACzB,MAAM,yBACJ,4BAA4B;GAC9B,MAAM,aAAa,sCAAsC;AAIzD,OAAI,CAAC,WACH,OAAM,IAAI,WAAW,kDAAkD;GAGzE,MAAM,0BAA0B,OAAO,IAAI,cAAc,KAAK,iBAC5D,KAAK,mBAAmB,cAAc;IACpC;IACA,QAAQ,KAAK,mCAAmC,aAAa;IAC9D,CAAC,CACH;AAED,0BAAuB;IACrB,YAAY;IACZ;IACA,eAAe;IACf,aAAa,kDAEX,wBAAwB,WAAW,IAAI,wBAAwB,KAAK,yBACpE,YACA,uBACD;IACF;;AAGH,MAAI,CAAC,wBAAwB,CAAC,KAC5B,OAAM,IAAI,WAAW,yDAAyD;EAGhF,MAAM,kBAAkB,MAAM,KAAK,2BAA2B,cAAc;GAC1E,sBAAsB;GACtB;GACA;GACD,CAAC;AAEF,SAAO;GACL;GACA;GACA;GACA;GACD;;CAGH,MAAc,2BACZ,cACA,EACE,sBACA,sBACA,QAM4E;AAC9E,MAAI,CAAC,qBAAqB,iBAAkB,QAAO;EAEnD,MAAM,oBAAoB,KAAK,qBAAqB,aAAa;EACjE,MAAMC,mCAAqE,EAAE;EAG7E,MAAM,iBAAiB,OACnB,OAAO,QAAQ,KAAK,cAAc,GACjC,sBAAsB,YAAY,KAChC,eAAe,CAAC,WAAW,WAAW,IAAI,CAAC,WAAW,aAAa,CAAC,CACtE,IAAI,EAAE;AAEX,OAAK,MAAM,CAAC,cAAc,kBAAkB,gBAAgB;GAE1D,MAAM,wBAAwB,cAAc,KAAK,iBAC/C,aAAa,gBAAgB,YAAY,UAAU,gCAAgC,aAAa,GAAG,OACpG;GAED,MAAM,eAAe,sBAAsB,OAAO;AAClD,OAAI,CAAC,sBAAsB,OAAO,SAAU,eAAe,SAAS,SAAY,SAAS,OAAW,CAClG,OAAM,IAAI,+BAA+B;IACvC,OAAO,iBAAiB;IACxB,mBAAmB,6DAA6D,aAAa;IAC9F,CAAC;AAGJ,OAAI,CAAC,aAAc;AAEnB,oCAAiC,gBAAgB;;AAWnD,UALwB,MAAM,kBAAkB,sBAAsB;GACpE,aAAa;GACb,iBAAiB,qBAAqB;GACvC,CAAC,EAEqB,KAAK,EAAE,cAAc,sBAAsB,qBAAqB;GACrF;GACA,SAAS,qBAAqB;GAC9B,SAAS,qBAAqB;GAC9B,sBAAsB,qBAAqB;GAC3C,eAAe,cAAc,KAAK,kBAAkB;IAClD,uBAAuB,aAAa;IACpC,MAAM,aAAa;IAEnB,SAAS,aAAa;IACvB,EAAE;GACJ,EAAE;;CAGL,MAAa,gBAAgB,cAA4B;AACvD,SAAO,KAAK,4BAA4B,OAAO,aAAa;;CAG9D,MAAa,wBAAwB,cAA4B,YAAoB;AACnF,SAAO,KAAK,4BAA4B,gBAAgB,cAAc,WAAW;;CAGnF,MAAa,eAAe,cAA4B,UAAmC;AACzF,SAAO,KAAK,4BAA4B,OAAO,cAAc,SAAS;;CAGxE,MAAa,eAAe,cAA4B,SAA0C;EAChG,MAAM,oBAAoB,IAAI,wBAAwB;GACpD,YAAY,SAAS,cAAc,MAAM,MAAM;GAC/C,gBAAgB,SAAS;GAC1B,CAAC;AAEF,QAAM,KAAK,4BAA4B,KAAK,cAAc,kBAAkB;AAC5E,QAAM,oCAAoC,cAAc,kBAAkB,WAAW;AACrF,SAAO;;CAGT,MAAa,gCACX,cACA,OACA,cACA;AACA,SAAO,KAAK,uCAAuC,YAAY,cAAc,OAAO,aAAa;;CAGnG,MAAa,2BAA2B,cAA4B,uBAA+B;AACjG,SAAO,KAAK,uCAAuC,QAAQ,cAAc,sBAAsB;;CAGjG,MAAc,kBACZ,cACA,SAOyB;EACzB,MAAM,EAAE,cAAc,aAAa;EAEnC,MAAM,yBAAyB,aAAa,QAAQ,uBAAuB;EAC3E,MAAM,MAAM,aAAa,QAAQ,IAAI,iBAAiB;EACtD,MAAM,gBAAgB,mCAAmC,aAAa;EAItE,MAAM,oBAAoB,cAAc,OAAO,kCAAkC;EAIjF,MAAM,sBAAsB,uBAAuB;EAGnD,IAAIC;AAEJ,MAAI,mBAAmB,aAAa,CAElC,qBAAoB;GAAE,IADV,MAAM,IAAI,UAAU,EAAE,MAAM;IAAE,KAAK;IAAS,KAAK;IAAM,EAAE,CAAC,EACzC;GAAW,KAAK;GAAO;EAGtD,MAAMC,qBAQU,oBACZ;GACE,MAAM,EAAE,MAAM,CAAC,kBAAyB,EAAE;GAE1C,GAAI,QAAQ,YAAY,OACpB,EACE,yCAAyC;IAAC;IAAW;IAAW;IAAgB,EACjF,GACD;IACE,sCAAsC;IAKtC,sCAAsC,QAAQ,YAAY,eAAe,YAAY;IACtF;GACN,GACD;EAEJ,MAAM,mBAAmB,IAAI,IAAI,QAAQ,WAAW,YAAY,KAAK,MAAM,EAAE,OAAO,CAAC;AAErF,SAAO;GACL,GAAG;GACH,GAAG,SAAS;GACZ,0BAA0B,CAAC,WAAW;GAItC,GAAI,QAAQ,YAAY,OACpB,EACE,sBAAsB;IACpB,GAAI,iBAAiB,IAAI,YAAY,GACjC,EACE,aAAa;KACX,qBAAqB;KACrB,qBAAqB;KACtB,EACF,GACD,EAAE;IAEN,GAAI,iBAAiB,IAAI,WAAW,GAChC,EACE,UAAU;KAER,uBAAuB;MAAa;MAAgB;MAAmB;MAAI;KAC3E,uBAAuB;MAAa;MAAgB;MAAmB;MAAI;KAC5E,EACF,GACD,EAAE;IAEN,GAAI,iBAAiB,IAAI,cAAc,GACnC,EACE,aAAa,EACX,YAAY,eACb,EACF,GACD,EAAE;IAEN,GAAI,iBAAiB,IAAI,SAAS,GAC9B,EACE,QAAQ,EACN,mBAAmB,qBACpB,EACF,GACD,EAAE;IACP,EACF,GACD,EACE,YAAY;IACV,UAAU,EACR,KAAK,mBACN;IACD,QAAQ,EACN,KAAK,eACN;IACD,aAAa,EACX,KAAK,eACN;IACD,aAAa,EACX,KAAK,eACN;IACD,QAAQ,EACN,KAAK,eACN;IACD,QAAQ,EACN,YAAY,qBACb;IACD,QAAQ,EACN,YAAY,qBACb;IACD,aAAa;KACX,qBAAqB;KACrB,qBAAqB;KACtB;IACD,aAAa;KACX,qBAAqB;KACrB,qBAAqB;KACtB;IACF,EACF;GACN;;CAGH,AAAQ,mBACN,cACA,SAIwB;EACxB,MAAM,EAAE,cAAc,WAAW;AAEjC,MAAI,WAAW,YAAY,SAAS;AAClC,OAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAK3F,UAHmB,aAAa,kBAAkB,QAAQ,WAAW,CAE1C,YAAY,aAAa;;AAGtD,MAAI,WAAW,YAAY,SAAS;AAClC,OAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAG3F,UAD2B,mBAAmB,cAAc,aAAa;;AAG3E,MAAI,WAAW,YAAY,OAAO;AAChC,OAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAE3F,UAAO,6BAA6B,kBAAkB,aAAa;;AAErE,MAAI,WAAW,YAAY,YAAY;AACrC,OAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAE3F,UAAO,iCAAiC,YAAY,aAAa;;AAGnE,SAAO,gBAAgB,SAAS,cAAc,gCAAgC;;CAGhF,MAAc,mBACZ,cACA,SAoBA;EACA,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;EAC3E,MAAM,aAAa,aAAa,kBAAkB,QAAQ,WAAW;EAErE,MAAM,EAAE,cAAc,WAAW;AAEjC,MAAI;AACF,QAAK,OAAO,MAAM,yBAAyB,gBAAgB,OAAO,aAAa,CAAC;GAEhF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;AAEJ,OAAI,WAAW,YAAY,SAAS;AAClC,QAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;IAG3F,MAAM,UAAU,WAAW,YAAY,aAAa;IAEpD,MAAM,mBAAmB,+BADb,IAAI,kBAAkB,aAAa,MAAM,IAAI,CAAC,GAAG,CACD;IAE5D,IAAIC;AACJ,QAAI,oBAAoB,WAAW,sCACjC,uBAAsB,MAAM,WAAW,sCAAsC,cAAc;KACzF;KACA,cAAc;MACZ,MAAM;MACN,YAAY;MACZ,gCAAgC,QAAQ;MACzC;KACF,CAAC;AAGJ,QAAI,CAAC,oBAEH,uBAAsB,WAAW,uBAAuB,EAAE;IAG5D,MAAM,qBAAqB,MAAM,WAAW,OAAO;KACjD,gBAAgB;KAChB,YAAY;MACV,UAAU,QAAQ;MAClB,OAAO,QAAQ;MAChB;KACD;KACD,CAAC;AAEF,cAAU,mBAAmB;AAC7B,YAAQ,mBAAmB,UAAU,SAAY,mBAAmB;AACpE,6BAAyB;cAChB,WAAW,YAAY,SAAS;AACzC,QAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,mEAAmE;IAE1F,MAAM,qBAAqB,mBAAmB,cAAc,aAAa;AACzE,QAAI,mBAAmB,UAAU,WAAW,EAC1C,OAAM,IAAI,WAAW,kDAAkD;IAGzE,MAAM,kBAAkB,mBAAmB,kCAAkC;AAE7E,SAAK,MAAM,uBAAuB,gBAAgB,MAAM,EAAE;KACxD,MAAMC,uBAAqB,gBAAgB;KAE3C,MAAM,WAAWA,qBAAmB,UAAU;KAC9C,MAAM,mBAAmB,SAAS,6BAA6B,KAAK,SAClE,gBAAgB,mBAAmB,KAAK,CACzC;KAED,MAAM,sBAAsB,MAAM,WAAW,wCAAwC,cAAc;MACjG;MACA,cAAc;OACZ,MAAM;OACN,YAAY;OACZ,gCAAgC,QAAQ;OACzC;MACF,CAAC;KAEF,IAAIC;AACJ,SAAI,QAAQ,UAAU,QAAQ,YAAY,KACxC,4BAA2B;MACzB,MAAM;MACN,wBAAwB,QAAQ;MAChC,QAAQ,QAAQ;MAChB,eAAe,QAAQ;MACxB;cACQ,QAAQ,OACjB,4BAA2B;MACzB,MAAM;MACN,UAAU,QAAQ;MAClB,wBAAwB,QAAQ;MAChC,QAAQ,QAAQ;MACjB;cACQ,QAAQ,YAAY,MAAM;AACnC,UAAI,CAAC,QAAQ,YACX,OAAM,IAAI,WAAW,4EAA4E;AAGnG,iCAA2B;OACzB,MAAM;OACN,UAAU,QAAQ;OAClB,aAAa,QAAQ;OACrB,wBAAwB,QAAQ;OAChC,eAAe,QAAQ;OACxB;YACI;AACL,UAAI,CAAC,QAAQ,sBAAsB,CAAC,QAAQ,YAC1C,OAAM,IAAI,WACR,oGACD;AAGH,iCAA2B;OACzB,MAAM;OACN,UAAU,QAAQ;OAClB,oBAAoB,QAAQ;OAC5B,aAAa,QAAQ;OACrB,wBAAwB,QAAQ;OACjC;;AAGH,WAAMD,qBAAmB,OAAO,cAAc;MAC5C;MACA;MACD,CAAC;;AAIJ,cAAU;AACV,6BAAyB;cAChB,WAAW,YAAY,OAAO;AACvC,QAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAG3F,6BAAyB,6BAA6B,kBAAkB,aAAa;IACrF,MAAM,qBAAqB,MAAM,KAAK,qBAAqB,mBAAmB,cAAc;KAC1F;KACA,WAAW,QAAQ;KACnB,QAAQ,QAAQ;KACjB,CAAC;AAEF,cAAU,mBAAmB;AAC7B,YAAQ,mBAAmB;cAClB,WAAW,YAAY,YAAY;AAC5C,QAAI,OAAO,iBAAiB,SAC1B,OAAM,IAAI,WAAW,sCAAsC,OAAO,uBAAuB;AAG3F,6BAAyB,iCAAiC,YAAY,aAAa;IACnF,MAAM,qBAAqB,MAAM,KAAK,uBAAuB,mBAAmB,cAAc;KAC5F,cAAc;KACd,WAAW,QAAQ;KACnB,QAAQ,QAAQ;KACjB,CAAC;AAEF,cAAU,mBAAmB;AAC7B,YAAQ,mBAAmB;UACtB;AACL,6BAAyB,gBAAgB,SAAS,cAAc,gCAAgC;IAChG,MAAM,qBAAqB,MAAM,KAAK,qBAAqB,mBAAmB,cAAc;KAC1F,cAAc;KACd,WAAW,QAAQ;KACnB,QAAQ,QAAQ;KACjB,CAAC;AAEF,cAAU,mBAAmB;AAC7B,YAAQ,mBAAmB;;AAG7B,OAAI,CAAC,QACH,OAAM,IAAI,WAAW,qDAAqD,QAAQ,IAAI,MAAM,YAAY,MAAM,EAC5G,OACD,CAAC;AAGJ,UAAO;IACL,UAAU;IACV,cAAc;IACf;WACM,OAAO;AACd,gBAAa,OAAO,OAAO,KAAK,sDAAsD,EACpF,OACD,CAAC;AACF,UAAO;IACL,UAAU;IACV,QAAQ,MAAM;IACf;;;;;;;CAQL,MAAa,YACX,cACA,qBACA,UACA;AACA,eAAa,OAAO,OAAO,MACzB,kDAAkD,oBAAoB,GAAG,YAAY,SAAS,aAAa,oBAAoB,MAAM,GACtI;EAED,MAAM,gBAAgB,oBAAoB;AAC1C,sBAAoB,QAAQ;AAC5B,QAAM,KAAK,uCAAuC,OAAO,cAAc,oBAAoB;AAE3F,OAAK,sBAAsB,cAAc,qBAAqB,cAAc;;CAG9E,AAAU,sBACR,cACA,qBACA,eACA;AAGA,EAFqB,aAAa,kBAAkB,QAAQ,aAAa,CAE5D,KAAoD,cAAc;GAC7E,MAAM,wBAAwB;GAC9B,SAAS;IACP,qBAAqB,oBAAoB,OAAO;IAChD;IACD;GACF,CAAC;;;;CAvuCL,YAAY;oBAGR,OAAO,iBAAiB,OAAO"}

package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.mts ADDED Viewed

@@ -0,0 +1,194 @@
+import { OpenId4VcJwtIssuerDid, OpenId4VcJwtIssuerX5c } from "../shared/models/OpenId4VcJwtIssuer.mjs";
+import "../shared/index.mjs";
+import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
+import { OpenId4VcVerifierRecordProps } from "./repository/OpenId4VcVerifierRecord.mjs";
+import "./repository/index.mjs";
+import { DcqlPresentation, DcqlPresentationResult, DcqlQuery, DifPexPresentationWithDescriptor, DifPresentationExchangeDefinition, DifPresentationExchangeDefinitionV2, DifPresentationExchangeSubmission, HashName, VerifiablePresentation } from "@credo-ts/core";
+import { TransactionDataEntry, VerifierAttestations, createOpenid4vpAuthorizationRequest } from "@openid4vc/openid4vp";
+import { NonEmptyArray } from "@openid4vc/utils";
+//#region src/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.ts
+type ResponseMode = 'direct_post' | 'direct_post.jwt' | 'dc_api' | 'dc_api.jwt';
+interface OpenId4VpCreateAuthorizationRequestOptions {
+  /**
+   * Signing information for the request JWT. This will be used to sign the request JWT
+   * and to set the client_id for registration of client_metadata.
+   */
+  requestSigner: OpenId4VcJwtIssuerDid | (OpenId4VcJwtIssuerX5c & {
+    /**
+     * @default 'x509_san_dns' - default will change in the future to align with HAIP
+     */
+    clientIdPrefix?: 'x509_hash' | 'x509_san_dns';
+  }) | {
+    /**
+     * Do not sign the request, will use `redirect_uri` client id prefix
+     */
+    method: 'none';
+  };
+  /**
+   * Transaction data entries that need to be hashes and signed over by a specific credential
+   */
+  transactionData?: TransactionDataEntry[];
+  /**
+   *
+   * Verifier Attestations allow the Verifier to provide additional context or metadata as part of the
+   * Authorization Request attested by a trusted third party. These inputs can support a variety of use cases,
+   * such as helping the Wallet apply policy decisions, validating eligibility, or presenting more meaningful
+   * information to the End-User during consent.
+   */
+  verifierInfo?: VerifierAttestations;
+  /**
+   * A DIF Presentation Definition (v2) can be provided to request a Verifiable Presentation using OpenID4VP.
+   *
+   * NOTE: when using version `v1` it is not allowed to use presentation exchange.
+   */
+  presentationExchange?: {
+    definition: DifPresentationExchangeDefinitionV2;
+  };
+  /**
+   * A Digital Credentials Query Language (DCQL) can be provided to request the presentation of a Verifiable Credentials.
+   */
+  dcql?: {
+    query: DcqlQuery;
+  };
+  /**
+   * The response mode to use for the authorization request.
+   * @default to `direct_post.jwt`.
+   *
+   * With response_mode `direct_post` the response will be posted directly to the `response_uri` provided in the request.
+   * With response_mode `direct_post.jwt` the response will be encrypted and then posted to the `response_uri` provided in the request.
+   * The response mode `dc_api` and `dc_api.jwt` should only be used if the request will be passed over the W3C Digital Credentials API. In this case
+   *    the response must be manually submitted when a response is received using `verifyAuthorizationResponse`.
+   *
+   */
+  responseMode?: ResponseMode;
+  /**
+   * Redirect uri that should be used in the authorization response. This will be included in both error and success
+   * responses. It can prevent session fixation, and allows to continue the flow in the browser after redirect.
+   *
+   * For same-device flows it allows continuing the flow. Based on the redirect uri, you can retrieve the session
+   * and display error or success screens.
+   *
+   * NOTE: the Uri MUST include randomness so the URL cannot be guessed, recommended is to have at least 128 bits of
+   * randomness, which is unique for each request.
+   */
+  authorizationResponseRedirectUri?: string;
+  /**
+   * The expected origins of the authorization response.
+   * REQUIRED when signed requests defined in Appendix A.3.2 are used with the Digital Credentials API (DC API). An array of strings, each string representing an Origin of the Verifier that is making the request.
+   */
+  expectedOrigins?: string[];
+  /**
+   * The draft version of OpenID4VP to use for the authorization request.
+   *
+   * It is recommended to use `v1`, as previous drafts will be deprecated and
+   * removed in future versions.
+   *
+   * - For alignment with ISO 18013-7 (remote mDOC) `v1.draft21` should be used.
+   * - When responseMode is `dc_api` or `dc_api.jwt` version `v1.draft21` is not supported.
+   * - When `verifierInfo` is provided, version `v1.draft21` and 'v1.draft24' are not supported.
+   *
+   * @default `v1`
+   */
+  version?: OpenId4VpVersion;
+}
+type OpenId4VpVersion = 'v1' | 'v1.draft21' | 'v1.draft24';
+interface OpenId4VpVerifyAuthorizationResponseOptions {
+  /**
+   * The authorization response received from the OpenID Provider (OP).
+   */
+  authorizationResponse: Record<string, unknown>;
+  /**
+   * The origin of the verification session, if Digital Credentials API was used.
+   */
+  origin?: string;
+}
+interface OpenId4VpCreateAuthorizationRequestReturn {
+  authorizationRequest: string;
+  verificationSession: OpenId4VcVerificationSessionRecord;
+  authorizationRequestObject: Awaited<ReturnType<typeof createOpenid4vpAuthorizationRequest>>['authorizationRequestObject'];
+}
+interface OpenId4VpVerifiedAuthorizationResponsePresentationExchange {
+  submission: DifPresentationExchangeSubmission;
+  definition: DifPresentationExchangeDefinition;
+  presentations: Array<VerifiablePresentation>;
+  descriptors: DifPexPresentationWithDescriptor[];
+}
+interface OpenId4VpVerifiedAuthorizationResponseTransactionData {
+  /**
+   * The index of the transaction data entry in the openid4vp authorization request
+   */
+  transactionDataIndex: number;
+  /**
+   * The base64url encoded transaction data
+   */
+  encoded: string;
+  /**
+   * The decoded transaction data entry
+   */
+  decoded: TransactionDataEntry;
+  /**
+   * The credential id to which the hash applies.
+   * - Matches with an input descriptor id for PEX
+   * - Matches with a credential query id for DCQL
+   */
+  credentialId: string;
+  /**
+   * The transaction data results for the presentations that were submitted in the authorization response.
+   * The order matches the order of the submitted presentations. If one of the presentations for a query id
+   * included a transaction data hash, all presentations must include the transaction data hash (in case 'multiple'
+   * feture of DCQL is used).
+   */
+  presentations: NonEmptyArray<{
+    /**
+     * The hash of the transaction data
+     */
+    hash: string;
+    /**
+     * The hash algorithm that was used to hash the transaction data
+     */
+    hashAlg: HashName;
+    /**
+     * The index of the hash within the presentation.
+     */
+    presentationHashIndex: number;
+  }>;
+}
+interface OpenId4VpVerifiedAuthorizationResponseDcql {
+  query: DcqlQuery;
+  presentations: DcqlPresentation;
+  presentationResult: DcqlPresentationResult;
+}
+interface OpenId4VpVerifiedAuthorizationResponse {
+  presentationExchange?: OpenId4VpVerifiedAuthorizationResponsePresentationExchange;
+  dcql?: OpenId4VpVerifiedAuthorizationResponseDcql;
+  /**
+   * The verified transaction data entries from the request
+   */
+  transactionData?: OpenId4VpVerifiedAuthorizationResponseTransactionData[];
+  /**
+   * The verification session associated with the response
+   */
+  verificationSession: OpenId4VcVerificationSessionRecord;
+}
+/**
+ * Verifier metadata that will be send when creating a request
+ */
+interface OpenId4VpVerifierClientMetadata {
+  client_name?: string;
+  logo_uri?: string;
+}
+interface OpenId4VpCreateVerifierOptions {
+  /**
+   * Id of the verifier, not the id of the verifier record. Will be exposed publicly
+   */
+  verifierId?: string;
+  /**
+   * Optional client metadata that will be included in requests
+   */
+  clientMetadata?: OpenId4VpVerifierClientMetadata;
+}
+type OpenId4VcUpdateVerifierRecordOptions = Pick<OpenId4VcVerifierRecordProps, 'verifierId' | 'clientMetadata'>;
+//#endregion
+export { OpenId4VcUpdateVerifierRecordOptions, OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifiedAuthorizationResponseDcql, OpenId4VpVerifiedAuthorizationResponsePresentationExchange, OpenId4VpVerifiedAuthorizationResponseTransactionData, OpenId4VpVerifierClientMetadata, OpenId4VpVerifyAuthorizationResponseOptions, OpenId4VpVersion, ResponseMode };
+//# sourceMappingURL=OpenId4VpVerifierServiceOptions.d.mts.map

package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OpenId4VpVerifierServiceOptions.d.mts","names":[],"sources":["../../src/openid4vc-verifier/OpenId4VpVerifierServiceOptions.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;KAoBY,YAAA;UAEK,0CAAA;;;;AAFjB;EAEiB,aAAA,EAMX,qBANW,GAAA,CAOV,qBAPoD,GAAA;IAMrD;;;IA0BW,cAAA,CAAA,EAAA,WAAA,GAAA,cAAA;EAQD,CAAA,CAAA,GAAA;IAOL;;;IA6CiB,MAAA,EAAA,MAAA;EAGhB,CAAA;EAEK;AAYjB;;EAMsB,eAAA,CAAA,EA5FF,oBA4FE,EAAA;EAAlB;;;AAIJ;;;;EAMiB,YAAA,CAAA,EA7FA,oBA6FA;EACF;;AAGf;;;EA6BiB,oBAAA,CAAA,EAAA;IAAa,UAAA,EAtHd,mCAsHc;EAkBb,CAAA;EACR;;;EAEmC,IAAA,CAAA,EAAA;IAG3B,KAAA,EAvIN,SAuIM;EACQ,CAAA;EAChB;;;;AAgBT;AAKA;AAYA;;;;iBA7JiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAgCL;;KAGA,gBAAA;UAEK,2CAAA;;;;yBAIQ;;;;;;UAQR,yCAAA;;uBAEM;8BAGO,QAC1B,kBAAkB;;UAIL,0DAAA;cACH;cACA;iBAIG,MAAM;eACR;;UAGE,qDAAA;;;;;;;;;;;;WAcN;;;;;;;;;;;;;iBAeM;;;;;;;;aASJ;;;;;;;UASI,0CAAA;SACR;iBACQ;sBACK;;UAGL,sCAAA;yBACQ;SAChB;;;;oBAKW;;;;uBAKG;;;;;UAMN,+BAAA;;;;UAKA,8BAAA;;;;;;;;mBASE;;KAGP,oCAAA,GAAuC,KAAK"}

package/build/openid4vc-verifier/index.d.mts ADDED Viewed

@@ -0,0 +1,12 @@
+import { OpenId4VcVerificationSessionState } from "./OpenId4VcVerificationSessionState.mjs";
+import { OpenId4VcUpdateVerifierRecordOptions, OpenId4VpCreateAuthorizationRequestOptions, OpenId4VpCreateAuthorizationRequestReturn, OpenId4VpCreateVerifierOptions, OpenId4VpVerifiedAuthorizationResponse, OpenId4VpVerifiedAuthorizationResponseDcql, OpenId4VpVerifiedAuthorizationResponsePresentationExchange, OpenId4VpVerifiedAuthorizationResponseTransactionData, OpenId4VpVerifierClientMetadata, OpenId4VpVerifyAuthorizationResponseOptions, OpenId4VpVersion, ResponseMode } from "./OpenId4VpVerifierServiceOptions.mjs";
+import { DefaultOpenId4VcVerificationSessionRecordTags, OpenId4VcVerificationSessionRecord, OpenId4VcVerificationSessionRecordProps, OpenId4VcVerificationSessionRecordTags } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
+import { OpenId4VcVerificationSessionRepository } from "./repository/OpenId4VcVerificationSessionRepository.mjs";
+import { DefaultOpenId4VcVerifierRecordTags, OpenId4VcVerifierRecord, OpenId4VcVerifierRecordProps, OpenId4VcVerifierRecordTags } from "./repository/OpenId4VcVerifierRecord.mjs";
+import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.mjs";
+import "./repository/index.mjs";
+import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
+import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
+import { OpenId4VcVerifierApi } from "./OpenId4VcVerifierApi.mjs";
+import { OpenId4VcVerificationSessionStateChangedEvent, OpenId4VcVerifierEvents } from "./OpenId4VcVerifierEvents.mjs";
+import { OpenId4VcVerifierModule } from "./OpenId4VcVerifierModule.mjs";

package/build/openid4vc-verifier/index.mjs ADDED Viewed

@@ -0,0 +1,11 @@
+import { OpenId4VcVerifierModuleConfig } from "./OpenId4VcVerifierModuleConfig.mjs";
+import { OpenId4VcVerificationSessionState } from "./OpenId4VcVerificationSessionState.mjs";
+import { OpenId4VcVerifierEvents } from "./OpenId4VcVerifierEvents.mjs";
+import { OpenId4VcVerificationSessionRecord } from "./repository/OpenId4VcVerificationSessionRecord.mjs";
+import { OpenId4VcVerificationSessionRepository } from "./repository/OpenId4VcVerificationSessionRepository.mjs";
+import { OpenId4VcVerifierRecord } from "./repository/OpenId4VcVerifierRecord.mjs";
+import { OpenId4VcVerifierRepository } from "./repository/OpenId4VcVerifierRepository.mjs";
+import "./repository/index.mjs";
+import { OpenId4VpVerifierService } from "./OpenId4VpVerifierService.mjs";
+import { OpenId4VcVerifierApi } from "./OpenId4VcVerifierApi.mjs";
+import { OpenId4VcVerifierModule } from "./OpenId4VcVerifierModule.mjs";

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts ADDED Viewed

@@ -0,0 +1,129 @@
+import { OpenId4VcVerificationSessionState } from "../OpenId4VcVerificationSessionState.mjs";
+import { OpenId4VpAuthorizationRequestPayload, OpenId4VpAuthorizationResponsePayload } from "../../shared/models/index.mjs";
+import { OpenId4VpVersion } from "../OpenId4VpVerifierServiceOptions.mjs";
+import { BaseRecord, RecordTags, TagsBase } from "@credo-ts/core";
+//#region src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts
+type OpenId4VcVerificationSessionRecordTags = RecordTags<OpenId4VcVerificationSessionRecord>;
+type DefaultOpenId4VcVerificationSessionRecordTags = {
+  verifierId: string;
+  state: OpenId4VcVerificationSessionState;
+  nonce: string;
+  payloadState?: string;
+  authorizationRequestUri?: string;
+  authorizationRequestId?: string;
+  openId4VpVersion?: OpenId4VpVersion;
+};
+interface OpenId4VcVerificationSessionRecordProps {
+  id?: string;
+  createdAt?: Date;
+  tags?: TagsBase;
+  verifierId: string;
+  state: OpenId4VcVerificationSessionState;
+  errorMessage?: string;
+  authorizationRequestJwt?: string;
+  authorizationRequestUri?: string;
+  authorizationRequestId: string;
+  authorizationRequestPayload?: OpenId4VpAuthorizationRequestPayload;
+  authorizationResponseRedirectUri?: string;
+  expiresAt: Date;
+  authorizationResponsePayload?: OpenId4VpAuthorizationResponsePayload;
+  /**
+   * Presentation during issuance session. This is used when issuance of a credential requires a presentation, and helps
+   * prevent session fixation attacks
+   */
+  presentationDuringIssuanceSession?: string;
+  /**
+   * The version of openid4vp used for the request
+   */
+  openId4VpVersion: OpenId4VpVersion;
+}
+declare class OpenId4VcVerificationSessionRecord extends BaseRecord<DefaultOpenId4VcVerificationSessionRecordTags> {
+  static readonly type = "OpenId4VcVerificationSessionRecord";
+  readonly type = "OpenId4VcVerificationSessionRecord";
+  /**
+   * The id of the verifier that this session is for.
+   */
+  verifierId: string;
+  /**
+   * The state of the verification session.
+   */
+  state: OpenId4VcVerificationSessionState;
+  /**
+   * Optional error message of the error that occurred during the verification session. Will be set when state is {@link OpenId4VcVerificationSessionState.Error}
+   */
+  errorMessage?: string;
+  /**
+   * The signed JWT containing the authorization request
+   */
+  authorizationRequestJwt?: string;
+  /**
+   * Authorization request payload. This should be used only for unsigned requests
+   */
+  authorizationRequestPayload?: OpenId4VpAuthorizationRequestPayload;
+  /**
+   * URI of the authorization request. This is the url that can be used to
+   * retrieve the authorization request.
+   *
+   * Not used for requests with response_mode of dc_api or dc_api.jwt
+   */
+  authorizationRequestUri?: string;
+  /**
+   * The public id for the authorization request. This is used in the authorization
+   * request uri.
+   *
+   * @since 0.6
+   */
+  authorizationRequestId?: string;
+  /**
+   * The version of OpenID4VP used.
+   *
+   * If `v1` is used this is always defined. Otherwise it could be both
+   * `v1.draft21` or `v1.draft24`.
+   *
+   * You can detect this based on:
+   * - if `client_id_scheme` is defined -> `v1.draft21`
+   * - otherwise `v1.draft24`
+   *
+   * @since 0.6
+   */
+  openId4VpVersion?: OpenId4VpVersion;
+  /**
+   * The time at which the authorization request expires.
+   *
+   * @since 0.6
+   */
+  expiresAt?: Date;
+  /**
+   * The payload of the received authorization response
+   */
+  authorizationResponsePayload?: OpenId4VpAuthorizationResponsePayload;
+  /**
+   * Presentation during issuance session. This is used when issuance of a credential requires a presentation, and helps
+   * prevent session fixation attacks
+   */
+  presentationDuringIssuanceSession?: string;
+  /**
+   * Redirect uri that should be used in the authorization response. This will be included in both error and success
+   * responses.
+   *
+   * @since 0.6
+   */
+  authorizationResponseRedirectUri?: string;
+  constructor(props: OpenId4VcVerificationSessionRecordProps);
+  get request(): string | OpenId4VpAuthorizationRequestPayload;
+  get requestPayload(): OpenId4VpAuthorizationRequestPayload;
+  assertState(expectedStates: OpenId4VcVerificationSessionState | OpenId4VcVerificationSessionState[]): void;
+  getTags(): {
+    verifierId: string;
+    state: OpenId4VcVerificationSessionState;
+    nonce: string;
+    payloadState: string | undefined;
+    authorizationRequestUri: string | undefined;
+    authorizationRequestId: string | undefined;
+    openId4VpVersion: OpenId4VpVersion | undefined;
+  };
+}
+//#endregion
+export { DefaultOpenId4VcVerificationSessionRecordTags, OpenId4VcVerificationSessionRecord, OpenId4VcVerificationSessionRecordProps, OpenId4VcVerificationSessionRecordTags };
+//# sourceMappingURL=OpenId4VcVerificationSessionRecord.d.mts.map

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OpenId4VcVerificationSessionRecord.d.mts","names":[],"sources":["../../../src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.ts"],"sourcesContent":[],"mappings":";;;;;;KAKY,sCAAA,GAAyC,WAAW;KAEpD,6CAAA;EAFA,UAAA,EAAA,MAAA;EAEA,KAAA,EAEH,iCAFG;EAUK,KAAA,EAAA,MAAA;EAEH,YAAA,CAAA,EAAA,MAAA;EACL,uBAAA,CAAA,EAAA,MAAA;EAGA,sBAAA,CAAA,EAAA,MAAA;EAMuB,gBAAA,CAAA,EAfX,gBAeW;CAInB;AAEoB,UAlBhB,uCAAA,CAkBgB;EAWb,EAAA,CAAA,EAAA,MAAA;EAAgB,SAAA,CAAA,EA3BtB,IA2BsB;EAGvB,IAAA,CAAA,EA7BJ,QA6BI;EAAsD,UAAA,EAAA,MAAA;EAYlD,KAAA,EAtCR,iCAsCQ;EAesB,YAAA,CAAA,EAAA,MAAA;EA8BX,uBAAA,CAAA,EAAA,MAAA;EAQP,uBAAA,CAAA,EAAA,MAAA;EAKmB,sBAAA,EAAA,MAAA;EAgBZ,2BAAA,CAAA,EA1GI,oCA0GJ;EAwBK,gCAAA,CAAA,EAAA,MAAA;EAOF,SAAA,EArIlB,IAqIkB;EAUM,4BAAA,CAAA,EA7IJ,qCA6II;EAAoC;;;;EA/HP,iCAAA,CAAA,EAAA,MAAA;;;;oBAH9C;;cAGP,kCAAA,SAA2C,WAAW;;;;;;;;;;SAYlD;;;;;;;;;;;;gCAesB;;;;;;;;;;;;;;;;;;;;;;;;;;;qBA8BX;;;;;;cAQP;;;;iCAKmB;;;;;;;;;;;;;qBAgBZ;0BAwBK;wBAOF;8BAUM,oCAAoC"}

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.mjs ADDED Viewed

@@ -0,0 +1,64 @@
+import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
+import { BaseRecord, CredoError, DateTransformer, Jwt, utils } from "@credo-ts/core";
+//#region src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.ts
+var _ref;
+var OpenId4VcVerificationSessionRecord = class OpenId4VcVerificationSessionRecord extends BaseRecord {
+	constructor(props) {
+		super();
+		this.type = OpenId4VcVerificationSessionRecord.type;
+		if (props) {
+			this.id = props.id ?? utils.uuid();
+			this.createdAt = props.createdAt ?? /* @__PURE__ */ new Date();
+			this._tags = props.tags ?? {};
+			this.verifierId = props.verifierId;
+			this.state = props.state;
+			this.errorMessage = props.errorMessage;
+			this.authorizationRequestPayload = props.authorizationRequestPayload;
+			this.authorizationRequestJwt = props.authorizationRequestJwt;
+			this.authorizationRequestUri = props.authorizationRequestUri;
+			this.authorizationRequestId = props.authorizationRequestId;
+			this.authorizationResponseRedirectUri = props.authorizationResponseRedirectUri;
+			this.authorizationResponsePayload = props.authorizationResponsePayload;
+			this.expiresAt = props.expiresAt;
+			this.openId4VpVersion = props.openId4VpVersion;
+			this.presentationDuringIssuanceSession = props.presentationDuringIssuanceSession;
+		}
+	}
+	get request() {
+		if (this.authorizationRequestJwt) return this.authorizationRequestJwt;
+		if (this.authorizationRequestPayload) return this.authorizationRequestPayload;
+		throw new CredoError("Unable to extract authorization payload from openid4vc session record");
+	}
+	get requestPayload() {
+		if (this.authorizationRequestJwt) return Jwt.fromSerializedJwt(this.authorizationRequestJwt).payload.toJson();
+		if (this.authorizationRequestPayload) return this.authorizationRequestPayload;
+		throw new CredoError("Unable to extract authorization payload from openid4vc session record");
+	}
+	assertState(expectedStates) {
+		if (!Array.isArray(expectedStates)) expectedStates = [expectedStates];
+		if (!expectedStates.includes(this.state)) throw new CredoError(`OpenId4VcVerificationSessionRecord is in invalid state ${this.state}. Valid states are: ${expectedStates.join(", ")}.`);
+	}
+	getTags() {
+		const request = this.requestPayload;
+		const nonce = request.nonce;
+		const payloadState = "state" in request ? request.state : void 0;
+		return {
+			...this._tags,
+			verifierId: this.verifierId,
+			state: this.state,
+			nonce,
+			payloadState,
+			authorizationRequestUri: this.authorizationRequestUri,
+			authorizationRequestId: this.authorizationRequestId,
+			openId4VpVersion: this.openId4VpVersion
+		};
+	}
+};
+OpenId4VcVerificationSessionRecord.type = "OpenId4VcVerificationSessionRecord";
+__decorate([DateTransformer(), __decorateMetadata("design:type", typeof (_ref = typeof Date !== "undefined" && Date) === "function" ? _ref : Object)], OpenId4VcVerificationSessionRecord.prototype, "expiresAt", void 0);
+//#endregion
+export { OpenId4VcVerificationSessionRecord };
+//# sourceMappingURL=OpenId4VcVerificationSessionRecord.mjs.map

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OpenId4VcVerificationSessionRecord.mjs","names":[],"sources":["../../../src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.ts"],"sourcesContent":["import { BaseRecord, CredoError, DateTransformer, Jwt, type RecordTags, type TagsBase, utils } from '@credo-ts/core'\nimport type { OpenId4VpAuthorizationRequestPayload, OpenId4VpAuthorizationResponsePayload } from '../../shared/models'\nimport type { OpenId4VcVerificationSessionState } from '../OpenId4VcVerificationSessionState'\nimport type { OpenId4VpVersion } from '../OpenId4VpVerifierServiceOptions'\n\nexport type OpenId4VcVerificationSessionRecordTags = RecordTags<OpenId4VcVerificationSessionRecord>\n\nexport type DefaultOpenId4VcVerificationSessionRecordTags = {\n verifierId: string\n state: OpenId4VcVerificationSessionState\n nonce: string\n payloadState?: string\n authorizationRequestUri?: string\n authorizationRequestId?: string\n openId4VpVersion?: OpenId4VpVersion\n}\n\nexport interface OpenId4VcVerificationSessionRecordProps {\n id?: string\n createdAt?: Date\n tags?: TagsBase\n\n verifierId: string\n state: OpenId4VcVerificationSessionState\n errorMessage?: string\n\n authorizationRequestJwt?: string\n authorizationRequestUri?: string\n authorizationRequestId: string\n authorizationRequestPayload?: OpenId4VpAuthorizationRequestPayload\n\n authorizationResponseRedirectUri?: string\n\n expiresAt: Date\n\n authorizationResponsePayload?: OpenId4VpAuthorizationResponsePayload\n\n /**\n * Presentation during issuance session. This is used when issuance of a credential requires a presentation, and helps\n * prevent session fixation attacks\n */\n presentationDuringIssuanceSession?: string\n\n /**\n * The version of openid4vp used for the request\n */\n openId4VpVersion: OpenId4VpVersion\n}\n\nexport class OpenId4VcVerificationSessionRecord extends BaseRecord<DefaultOpenId4VcVerificationSessionRecordTags> {\n public static readonly type = 'OpenId4VcVerificationSessionRecord'\n public readonly type = OpenId4VcVerificationSessionRecord.type\n\n /**\n * The id of the verifier that this session is for.\n */\n public verifierId!: string\n\n /**\n * The state of the verification session.\n */\n public state!: OpenId4VcVerificationSessionState\n\n /**\n * Optional error message of the error that occurred during the verification session. Will be set when state is {@link OpenId4VcVerificationSessionState.Error}\n */\n public errorMessage?: string\n\n /**\n * The signed JWT containing the authorization request\n */\n public authorizationRequestJwt?: string\n\n /**\n * Authorization request payload. This should be used only for unsigned requests\n */\n public authorizationRequestPayload?: OpenId4VpAuthorizationRequestPayload\n\n /**\n * URI of the authorization request. This is the url that can be used to\n * retrieve the authorization request.\n *\n * Not used for requests with response_mode of dc_api or dc_api.jwt\n */\n public authorizationRequestUri?: string\n\n /**\n * The public id for the authorization request. This is used in the authorization\n * request uri.\n *\n * @since 0.6\n */\n public authorizationRequestId?: string\n\n /**\n * The version of OpenID4VP used.\n *\n * If `v1` is used this is always defined. Otherwise it could be both\n * `v1.draft21` or `v1.draft24`.\n *\n * You can detect this based on:\n * - if `client_id_scheme` is defined -> `v1.draft21`\n * - otherwise `v1.draft24`\n *\n * @since 0.6\n */\n public openId4VpVersion?: OpenId4VpVersion\n\n /**\n * The time at which the authorization request expires.\n *\n * @since 0.6\n */\n @DateTransformer()\n public expiresAt?: Date\n\n /**\n * The payload of the received authorization response\n */\n public authorizationResponsePayload?: OpenId4VpAuthorizationResponsePayload\n\n /**\n * Presentation during issuance session. This is used when issuance of a credential requires a presentation, and helps\n * prevent session fixation attacks\n */\n public presentationDuringIssuanceSession?: string\n\n /**\n * Redirect uri that should be used in the authorization response. This will be included in both error and success\n * responses.\n *\n * @since 0.6\n */\n public authorizationResponseRedirectUri?: string\n\n public constructor(props: OpenId4VcVerificationSessionRecordProps) {\n super()\n\n if (props) {\n this.id = props.id ?? utils.uuid()\n this.createdAt = props.createdAt ?? new Date()\n this._tags = props.tags ?? {}\n\n this.verifierId = props.verifierId\n this.state = props.state\n this.errorMessage = props.errorMessage\n this.authorizationRequestPayload = props.authorizationRequestPayload\n this.authorizationRequestJwt = props.authorizationRequestJwt\n this.authorizationRequestUri = props.authorizationRequestUri\n this.authorizationRequestId = props.authorizationRequestId\n this.authorizationResponseRedirectUri = props.authorizationResponseRedirectUri\n this.authorizationResponsePayload = props.authorizationResponsePayload\n this.expiresAt = props.expiresAt\n this.openId4VpVersion = props.openId4VpVersion\n\n this.presentationDuringIssuanceSession = props.presentationDuringIssuanceSession\n }\n }\n\n public get request(): string | OpenId4VpAuthorizationRequestPayload {\n if (this.authorizationRequestJwt) return this.authorizationRequestJwt\n if (this.authorizationRequestPayload) return this.authorizationRequestPayload\n\n throw new CredoError('Unable to extract authorization payload from openid4vc session record')\n }\n\n public get requestPayload(): OpenId4VpAuthorizationRequestPayload {\n if (this.authorizationRequestJwt)\n return Jwt.fromSerializedJwt(\n this.authorizationRequestJwt\n ).payload.toJson() as OpenId4VpAuthorizationRequestPayload\n if (this.authorizationRequestPayload) return this.authorizationRequestPayload\n\n throw new CredoError('Unable to extract authorization payload from openid4vc session record')\n }\n\n public assertState(expectedStates: OpenId4VcVerificationSessionState | OpenId4VcVerificationSessionState[]) {\n if (!Array.isArray(expectedStates)) {\n expectedStates = [expectedStates]\n }\n\n if (!expectedStates.includes(this.state)) {\n throw new CredoError(\n `OpenId4VcVerificationSessionRecord is in invalid state ${this.state}. Valid states are: ${expectedStates.join(\n ', '\n )}.`\n )\n }\n }\n\n public getTags() {\n const request = this.requestPayload\n\n const nonce = request.nonce\n const payloadState = 'state' in request ? (request.state as string) : undefined\n\n return {\n ...this._tags,\n verifierId: this.verifierId,\n state: this.state,\n nonce,\n payloadState,\n authorizationRequestUri: this.authorizationRequestUri,\n authorizationRequestId: this.authorizationRequestId,\n openId4VpVersion: this.openId4VpVersion,\n }\n }\n}\n"],"mappings":";;;;;;AAiDA,IAAa,qCAAb,MAAa,2CAA2C,WAA0D;CAsFhH,AAAO,YAAY,OAAgD;AACjE,SAAO;OArFO,OAAO,mCAAmC;AAuFxD,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM,MAAM;AAClC,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,QAAQ,MAAM,QAAQ,EAAE;AAE7B,QAAK,aAAa,MAAM;AACxB,QAAK,QAAQ,MAAM;AACnB,QAAK,eAAe,MAAM;AAC1B,QAAK,8BAA8B,MAAM;AACzC,QAAK,0BAA0B,MAAM;AACrC,QAAK,0BAA0B,MAAM;AACrC,QAAK,yBAAyB,MAAM;AACpC,QAAK,mCAAmC,MAAM;AAC9C,QAAK,+BAA+B,MAAM;AAC1C,QAAK,YAAY,MAAM;AACvB,QAAK,mBAAmB,MAAM;AAE9B,QAAK,oCAAoC,MAAM;;;CAInD,IAAW,UAAyD;AAClE,MAAI,KAAK,wBAAyB,QAAO,KAAK;AAC9C,MAAI,KAAK,4BAA6B,QAAO,KAAK;AAElD,QAAM,IAAI,WAAW,wEAAwE;;CAG/F,IAAW,iBAAuD;AAChE,MAAI,KAAK,wBACP,QAAO,IAAI,kBACT,KAAK,wBACN,CAAC,QAAQ,QAAQ;AACpB,MAAI,KAAK,4BAA6B,QAAO,KAAK;AAElD,QAAM,IAAI,WAAW,wEAAwE;;CAG/F,AAAO,YAAY,gBAAyF;AAC1G,MAAI,CAAC,MAAM,QAAQ,eAAe,CAChC,kBAAiB,CAAC,eAAe;AAGnC,MAAI,CAAC,eAAe,SAAS,KAAK,MAAM,CACtC,OAAM,IAAI,WACR,0DAA0D,KAAK,MAAM,sBAAsB,eAAe,KACxG,KACD,CAAC,GACH;;CAIL,AAAO,UAAU;EACf,MAAM,UAAU,KAAK;EAErB,MAAM,QAAQ,QAAQ;EACtB,MAAM,eAAe,WAAW,UAAW,QAAQ,QAAmB;AAEtE,SAAO;GACL,GAAG,KAAK;GACR,YAAY,KAAK;GACjB,OAAO,KAAK;GACZ;GACA;GACA,yBAAyB,KAAK;GAC9B,wBAAwB,KAAK;GAC7B,kBAAkB,KAAK;GACxB;;;mCA3JoB,OAAO;YA+D7B,iBAAiB"}

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.mts ADDED Viewed

@@ -0,0 +1,10 @@
+import { OpenId4VcVerificationSessionRecord } from "./OpenId4VcVerificationSessionRecord.mjs";
+import { EventEmitter, Repository, StorageService } from "@credo-ts/core";
+//#region src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.ts
+declare class OpenId4VcVerificationSessionRepository extends Repository<OpenId4VcVerificationSessionRecord> {
+  constructor(storageService: StorageService<OpenId4VcVerificationSessionRecord>, eventEmitter: EventEmitter);
+}
+//#endregion
+export { OpenId4VcVerificationSessionRepository };
+//# sourceMappingURL=OpenId4VcVerificationSessionRepository.d.mts.map

package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"OpenId4VcVerificationSessionRepository.d.mts","names":[],"sources":["../../../src/openid4vc-verifier/repository/OpenId4VcVerificationSessionRepository.ts"],"sourcesContent":[],"mappings":";;;;cAKa,sCAAA,SAA+C,WAAW;8BAEV,eAAe,mDAC1D;AAJlB"}