@eudiplo/sdk-core 1.14.0-main.07a91c4 → 1.14.0-main.0934ac3

package/README.md

@@ -82,6 +82,158 @@ await waitForCompletion();
 | `verifyAndWait(options)` | One-liner: create request + wait for result                                               |
 | `issueAndWait(options)`  | One-liner: create offer + wait for result                                                 |
 
+### Digital Credentials API (Browser Native)
+
+The SDK includes utilities for the [Digital Credentials API](https://wicg.github.io/digital-credentials/), enabling browser-native credential presentation without QR codes.
+
+```typescript
+import { isDcApiAvailable, verifyWithDcApi } from '@eudiplo/sdk-core';
+
+// Check if browser supports DC API
+if (isDcApiAvailable()) {
+  const result = await verifyWithDcApi({
+    baseUrl: 'https://eudiplo.example.com',
+    clientId: 'my-demo',
+    clientSecret: 'secret',
+    configId: 'age-over-18',
+  });
+
+  console.log('Verified!', result.session.credentials);
+} else {
+  // Fall back to QR code flow
+  const session = await verifyAndWait({...});
+}
+```
+
+#### DC API Functions
+
+| Function               | Description                                         |
+| ---------------------- | --------------------------------------------------- |
+| `isDcApiAvailable()`   | Check if browser supports Digital Credentials API   |
+| `verifyWithDcApi()`    | Complete verification flow using browser-native API |
+| `createDcApiRequest()` | Create a `DigitalCredentialRequestOptions` object   |
+
+#### Lower-level DC API Usage
+
+```typescript
+import { createDcApiRequest, EudiploClient } from '@eudiplo/sdk-core';
+
+const client = new EudiploClient({...});
+
+// Create presentation request
+const { uri, sessionId } = await client.createPresentationRequest({
+  configId: 'age-over-18',
+  responseType: 'dc-api',
+});
+
+// Create the browser request object
+const request = createDcApiRequest(uri);
+
+// Call the browser API directly
+const credential = await navigator.credentials.get(request);
+
+// Submit the response and get verified session
+const session = await client.submitDcApiResponse(sessionId, credential);
+```
+
+#### Secure Server/Client Deployment (Recommended for Production)
+
+When deploying to production, you should **never expose your client credentials to the browser**. The SDK provides helper functions to split the DC API flow between your server (where credentials are safe) and the browser (where the DC API runs).
+
+**Server-side Functions:**
+
+| Function                         | Description                                            |
+| -------------------------------- | ------------------------------------------------------ |
+| `createDcApiRequestForBrowser()` | Create request on server, return safe data for browser |
+| `submitDcApiWalletResponse()`    | Submit wallet response to EUDIPLO from server          |
+
+**Browser-side Functions:**
+
+| Function      | Description                                            |
+| ------------- | ------------------------------------------------------ |
+| `callDcApi()` | Call the native DC API with a request from your server |
+
+##### Example: Express.js Backend + Browser Frontend
+
+**Server (Express.js / Next.js API route):**
+
+```typescript
+import {
+  createDcApiRequestForBrowser,
+  submitDcApiWalletResponse,
+} from '@eudiplo/sdk-core';
+
+// POST /api/start-verification
+app.post('/api/start-verification', async (req, res) => {
+  const requestData = await createDcApiRequestForBrowser({
+    baseUrl: process.env.EUDIPLO_URL,
+    clientId: process.env.EUDIPLO_CLIENT_ID, // ✅ Safe on server
+    clientSecret: process.env.EUDIPLO_SECRET, // ✅ Safe on server
+    configId: 'age-over-18',
+  });
+
+  // Only safe data is sent to browser (no secrets)
+  res.json(requestData);
+});
+
+// POST /api/complete-verification
+app.post('/api/complete-verification', async (req, res) => {
+  const { responseUri, walletResponse } = req.body;
+
+  const result = await submitDcApiWalletResponse({
+    responseUri,
+    walletResponse,
+    sendResponse: true, // Get verified claims back
+  });
+
+  // result.credentials contains the verified data
+  res.json(result);
+});
+```
+
+**Browser (React / vanilla JS):**
+
+```typescript
+import { callDcApi, isDcApiAvailable } from '@eudiplo/sdk-core';
+
+async function verifyAge() {
+  // 1. Get the request from your server (credentials stay on server)
+  const requestData = await fetch('/api/start-verification', {
+    method: 'POST',
+  }).then((r) => r.json());
+
+  // 2. Check DC API support and call it locally
+  if (!isDcApiAvailable()) {
+    throw new Error('Digital Credentials API not supported');
+  }
+
+  const walletResponse = await callDcApi(requestData.requestObject);
+
+  // 3. Send the wallet response back to your server for verification
+  const result = await fetch('/api/complete-verification', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      responseUri: requestData.responseUri,
+      walletResponse,
+    }),
+  }).then((r) => r.json());
+
+  console.log('Verified!', result.credentials);
+  return result;
+}
+```
+
+**What stays where:**
+
+| Data                           | Location         | Safe to expose?     |
+| ------------------------------ | ---------------- | ------------------- |
+| `clientId` / `clientSecret`    | Server only      | ❌ Never expose     |
+| `requestObject` (signed JWT)   | Server → Browser | ✅ Yes              |
+| `responseUri`                  | Server → Browser | ✅ Yes              |
+| Wallet response (encrypted VP) | Browser → Server | ✅ Yes              |
+| Verified credentials           | Server only      | Depends on use case |
+
 ### Class-based API (More Control)
 
 ```typescript
@@ -175,6 +327,43 @@ const session = await client.waitForSession(sessionId, {
 });
 ```
 
+### `subscribeToSession(sessionId, options)`
+
+Subscribe to real-time session status updates via Server-Sent Events (SSE).
+This is more efficient than polling and provides instant updates.
+
+```typescript
+const subscription = await client.subscribeToSession(sessionId, {
+  onStatusChange: (event) => {
+    console.log(`Status: ${event.status}`);
+    if (['completed', 'expired', 'failed'].includes(event.status)) {
+      subscription.close();
+    }
+  },
+  onError: (error) => console.error('SSE error:', error),
+  onOpen: () => console.log('Connected'),
+});
+
+// Later, to close the connection:
+subscription.close();
+```
+
+### `waitForSessionWithSse(sessionId, options)`
+
+Wait for session completion using SSE instead of polling. Returns a Promise
+that resolves when the session completes.
+
+```typescript
+try {
+  const finalStatus = await client.waitForSessionWithSse(sessionId, {
+    onStatusChange: (event) => console.log('Status:', event.status),
+  });
+  console.log('Session completed:', finalStatus);
+} catch (error) {
+  console.error('Session failed:', error);
+}
+```
+
 ## Examples
 
 ### Age Verification in a Web Shop

package/dist/api/client/client.gen.d.mts

@@ -1,4 +1,4 @@
-import { C as Config, a as Client } from '../../types.gen-CIiveH8G.mjs';
+import { b as Config, C as Client } from '../../types.gen-D8LjzWc0.mjs';
 
 declare const createClient: (config?: Config) => Client;
 

package/dist/api/client/client.gen.d.ts

@@ -1,4 +1,4 @@
-import { C as Config, a as Client } from '../../types.gen-CIiveH8G.js';
+import { b as Config, C as Client } from '../../types.gen-D8LjzWc0.js';
 
 declare const createClient: (config?: Config) => Client;
 

package/dist/api/client/client.gen.js

@@ -719,10 +719,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,

package/dist/api/client/client.gen.mjs

@@ -717,10 +717,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,

package/dist/api/client/index.d.mts

@@ -1,4 +1,4 @@
-export { A as Auth, a as Client, b as ClientOptions, C as Config, c as CreateClientConfig, O as Options, Q as QuerySerializerOptions, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape, g as createConfig, h as formDataBodySerializer, j as jsonBodySerializer, m as mergeHeaders, u as urlSearchParamsBodySerializer } from '../../types.gen-CIiveH8G.mjs';
+export { A as Auth, C as Client, a as ClientOptions, b as Config, c as CreateClientConfig, O as Options, Q as QuerySerializerOptions, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape, g as createConfig, h as formDataBodySerializer, j as jsonBodySerializer, m as mergeHeaders, u as urlSearchParamsBodySerializer } from '../../types.gen-D8LjzWc0.mjs';
 export { createClient } from './client.gen.mjs';
 
 type Slot = "body" | "headers" | "path" | "query";

package/dist/api/client/index.d.ts

@@ -1,4 +1,4 @@
-export { A as Auth, a as Client, b as ClientOptions, C as Config, c as CreateClientConfig, O as Options, Q as QuerySerializerOptions, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape, g as createConfig, h as formDataBodySerializer, j as jsonBodySerializer, m as mergeHeaders, u as urlSearchParamsBodySerializer } from '../../types.gen-CIiveH8G.js';
+export { A as Auth, C as Client, a as ClientOptions, b as Config, c as CreateClientConfig, O as Options, Q as QuerySerializerOptions, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape, g as createConfig, h as formDataBodySerializer, j as jsonBodySerializer, m as mergeHeaders, u as urlSearchParamsBodySerializer } from '../../types.gen-D8LjzWc0.js';
 export { createClient } from './client.gen.js';
 
 type Slot = "body" | "headers" | "path" | "query";

package/dist/api/client/index.js

@@ -88,7 +88,7 @@ var buildKeyMap = (fields, map) => {
 };
 var stripEmptySlots = (params) => {
   for (const [slot, value] of Object.entries(params)) {
-    if (value && typeof value === "object" && !Object.keys(value).length) {
+    if (value && typeof value === "object" && !Array.isArray(value) && !Object.keys(value).length) {
       delete params[slot];
     }
   }
@@ -941,10 +941,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,

package/dist/api/client/index.mjs

@@ -86,7 +86,7 @@ var buildKeyMap = (fields, map) => {
 };
 var stripEmptySlots = (params) => {
   for (const [slot, value] of Object.entries(params)) {
-    if (value && typeof value === "object" && !Object.keys(value).length) {
+    if (value && typeof value === "object" && !Array.isArray(value) && !Object.keys(value).length) {
       delete params[slot];
     }
   }
@@ -939,10 +939,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,

package/dist/api/client/types.gen.d.mts

@@ -1 +1 @@
-export { a as Client, b as ClientOptions, C as Config, c as CreateClientConfig, O as Options, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape } from '../../types.gen-CIiveH8G.mjs';
+export { C as Client, a as ClientOptions, b as Config, c as CreateClientConfig, O as Options, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape } from '../../types.gen-D8LjzWc0.mjs';

package/dist/api/client/types.gen.d.ts

@@ -1 +1 @@
-export { a as Client, b as ClientOptions, C as Config, c as CreateClientConfig, O as Options, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape } from '../../types.gen-CIiveH8G.js';
+export { C as Client, a as ClientOptions, b as Config, c as CreateClientConfig, O as Options, R as RequestOptions, d as RequestResult, e as ResolvedRequestOptions, f as ResponseStyle, T as TDataShape } from '../../types.gen-D8LjzWc0.js';

package/dist/api/client.gen.d.mts

@@ -1,2 +1,15 @@
-import '../types.gen-CIiveH8G.mjs';
-export { ed as CreateClientConfig, ec as client } from '../client.gen-CU56lLgT.mjs';
+import { C as Client, a as ClientOptions, b as Config } from '../types.gen-D8LjzWc0.mjs';
+import { ae as ClientOptions$1 } from '../types.gen-sNmRQvUI.mjs';
+
+/**
+ * The `createClientConfig()` function will be called on client initialization
+ * and the returned object will become the client's initial configuration.
+ *
+ * You may want to initialize your client this way instead of calling
+ * `setConfig()`. This is useful for example if you're using Next.js
+ * to ensure your client always has the correct values.
+ */
+type CreateClientConfig<T extends ClientOptions = ClientOptions$1> = (override?: Config<ClientOptions & T>) => Config<Required<ClientOptions> & T> | Promise<Config<Required<ClientOptions> & T>>;
+declare const client: Client;
+
+export { type CreateClientConfig, client };

package/dist/api/client.gen.d.ts

@@ -1,2 +1,15 @@
-import '../types.gen-CIiveH8G.js';
-export { ed as CreateClientConfig, ec as client } from '../client.gen-CsfHl8pY.js';
+import { C as Client, a as ClientOptions, b as Config } from '../types.gen-D8LjzWc0.js';
+import { ae as ClientOptions$1 } from '../types.gen-sNmRQvUI.js';
+
+/**
+ * The `createClientConfig()` function will be called on client initialization
+ * and the returned object will become the client's initial configuration.
+ *
+ * You may want to initialize your client this way instead of calling
+ * `setConfig()`. This is useful for example if you're using Next.js
+ * to ensure your client always has the correct values.
+ */
+type CreateClientConfig<T extends ClientOptions = ClientOptions$1> = (override?: Config<ClientOptions & T>) => Config<Required<ClientOptions> & T> | Promise<Config<Required<ClientOptions> & T>>;
+declare const client: Client;
+
+export { type CreateClientConfig, client };

package/dist/api/client.gen.js

@@ -719,10 +719,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,

package/dist/api/client.gen.mjs

@@ -717,10 +717,14 @@ var createClient = (config = {}) => {
         case "arrayBuffer":
         case "blob":
         case "formData":
-        case "json":
         case "text":
           data = await response[parseAs]();
           break;
+        case "json": {
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
         case "stream":
           return opts.responseStyle === "data" ? response.body : {
             data: response.body,