@gramota/oid4vp 0.2.1 → 0.3.0

package/dist/cert.d.ts

@@ -18,7 +18,7 @@
  */
 import "reflect-metadata";
 import type { JsonWebKey } from "@gramota/jose";
-import { type SigningCert } from "./types.js";
+import { type ClientIdScheme, type SigningCert } from "./types.js";
 export interface GenerateSigningCertOptions {
     /** Primary DNS name for the cert's Subject Alternative Name. Must match
      * the verifier's hostname (the part the wallet sees in the OID4VP
@@ -69,4 +69,60 @@ export declare function signingCertToJwks(cert: SigningCert): Promise<{
     publicJwk: JsonWebKey;
     privateJwk: JsonWebKey;
 }>;
+/**
+ * Compute the `x509_hash` digest of a signing cert per OID4VP §5.9.3 +
+ * HAIP Final 1.0 §5: `base64url(SHA-256(DER-encoded leaf certificate))`.
+ *
+ * The leaf cert's DER bytes are taken from the first entry of {@link
+ * SigningCert.x5c}. That entry is already base64-encoded DER (no PEM
+ * armour) — we decode, hash, and base64url-encode the digest.
+ *
+ * The result becomes the value part of the `x509_hash:<digest>` Client
+ * Identifier. Wallets that see this prefix:
+ *   1. Read the JWS `x5c` header.
+ *   2. Compute the same hash over the leaf cert.
+ *   3. Compare against the value portion of `client_id`.
+ *   4. If they match, the cert is the verifier's authentic key.
+ *
+ * Unlike `x509_san_dns`, the cert's SAN is not consulted — the cert
+ * itself, via its hash, IS the identity. This makes the prefix the
+ * spec-preferred form for HAIP Final 1.0: an attacker who steals the
+ * `client_id` cannot substitute a different (same-SAN) cert.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.cert_generation_failed` when the
+ *   cert's `x5c` is missing or the leaf bytes are malformed base64.
+ */
+export declare function computeCertX509Hash(cert: SigningCert): string;
+/** Schemes {@link buildClientIdFromCert} can construct. */
+export type CertBackedClientIdScheme = "x509_san_dns" | "x509_hash";
+export interface BuildClientIdFromCertOptions {
+    /** Signing material the verifier already provisioned. */
+    readonly cert: SigningCert;
+    /** Prefix to emit. Default `"x509_hash"` — HAIP Final 1.0 §5 mandates
+     * this prefix for production HAIP-conformant verifiers. Use
+     * `"x509_san_dns"` only for legacy / emulator interop where the wallet
+     * doesn't yet accept `x509_hash`. */
+    readonly scheme?: CertBackedClientIdScheme;
+}
+/**
+ * Build the OID4VP `client_id` for a cert-backed verifier.
+ *
+ * Returns the prefixed identifier per OID4VP §5.9.3:
+ *
+ *   - `x509_san_dns:<sanDns>` — legacy. Wallet looks up the cert's SAN
+ *     DNS entry; useful when wallets pre-resolve identity by hostname.
+ *   - `x509_hash:<base64url(sha256(DER(leaf)))>` — HAIP Final 1.0 §5
+ *     bullet 3 (MUST for HAIP-conformant verifiers). Wallet hashes the
+ *     leaf cert in the JWS `x5c` header and compares — no DNS coupling.
+ *
+ * Pair the returned `client_id` with the matching {@link ClientIdScheme}
+ * literal when populating an {@link AuthorizationRequest}.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.cert_generation_failed` for an
+ *   unknown scheme, missing SAN-DNS, or malformed `x5c`.
+ */
+export declare function buildClientIdFromCert(options: BuildClientIdFromCertOptions): {
+    clientId: string;
+    scheme: ClientIdScheme;
+};
 //# sourceMappingURL=cert.d.ts.map

package/dist/cert.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cert.d.ts","sourceRoot":"","sources":["../src/cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAMH,OAAO,kBAAkB,CAAC;AAI1B,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAe,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAc3D,MAAM,WAAW,0BAA0B;IACzC;;wDAEoD;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;iDAE6C;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;sBACkB;IAClB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,uEAAuE;IACvE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,CAyFtB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAAC,CAmC5D"}
+{"version":3,"file":"cert.d.ts","sourceRoot":"","sources":["../src/cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAMH,OAAO,kBAAkB,CAAC;AAI1B,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,WAAW,EACjB,MAAM,YAAY,CAAC;AAcpB,MAAM,WAAW,0BAA0B;IACzC;;wDAEoD;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;iDAE6C;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;sBACkB;IAClB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,uEAAuE;IACvE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,CAyFtB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAAC,CAmC5D;AA2CD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAgC7D;AAED,2DAA2D;AAC3D,MAAM,MAAM,wBAAwB,GAAG,cAAc,GAAG,WAAW,CAAC;AAEpE,MAAM,WAAW,4BAA4B;IAC3C,yDAAyD;IACzD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B;;;yCAGqC;IACrC,QAAQ,CAAC,MAAM,CAAC,EAAE,wBAAwB,CAAC;CAC5C;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,4BAA4B,GACpC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,cAAc,CAAA;CAAE,CAyB9C"}

package/dist/cert.js

@@ -22,9 +22,9 @@
 // `dist/cert.js` as a side-effecting module so bundlers don't drop it.
 import "reflect-metadata";
 import * as x509 from "@peculiar/x509";
-import { webcrypto } from "node:crypto";
+import { createHash, webcrypto } from "node:crypto";
 import { exportJWK, importPKCS8, importX509 } from "jose";
-import { Oid4vpError } from "./types.js";
+import { Oid4vpError, } from "./types.js";
 // @peculiar/x509 needs a Web Crypto provider — Node's webcrypto suffices.
 // Safe to call multiple times; no-op after first.
 let cryptoProviderSet = false;
@@ -188,4 +188,86 @@ function derToPem(der, label) {
 function bytesToBase64(bytes) {
     return Buffer.from(bytes).toString("base64");
 }
+// ---------------------------------------------------------------------------
+// Client Identifier Prefixes — OID4VP §5.9.3, HAIP Final 1.0 §5.
+// ---------------------------------------------------------------------------
+/**
+ * Compute the `x509_hash` digest of a signing cert per OID4VP §5.9.3 +
+ * HAIP Final 1.0 §5: `base64url(SHA-256(DER-encoded leaf certificate))`.
+ *
+ * The leaf cert's DER bytes are taken from the first entry of {@link
+ * SigningCert.x5c}. That entry is already base64-encoded DER (no PEM
+ * armour) — we decode, hash, and base64url-encode the digest.
+ *
+ * The result becomes the value part of the `x509_hash:<digest>` Client
+ * Identifier. Wallets that see this prefix:
+ *   1. Read the JWS `x5c` header.
+ *   2. Compute the same hash over the leaf cert.
+ *   3. Compare against the value portion of `client_id`.
+ *   4. If they match, the cert is the verifier's authentic key.
+ *
+ * Unlike `x509_san_dns`, the cert's SAN is not consulted — the cert
+ * itself, via its hash, IS the identity. This makes the prefix the
+ * spec-preferred form for HAIP Final 1.0: an attacker who steals the
+ * `client_id` cannot substitute a different (same-SAN) cert.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.cert_generation_failed` when the
+ *   cert's `x5c` is missing or the leaf bytes are malformed base64.
+ */
+export function computeCertX509Hash(cert) {
+    if (cert === null ||
+        typeof cert !== "object" ||
+        !Array.isArray(cert.x5c) ||
+        cert.x5c.length === 0 ||
+        typeof cert.x5c[0] !== "string" ||
+        cert.x5c[0].length === 0) {
+        throw new Oid4vpError("oid4vp.cert_generation_failed", "computeCertX509Hash: cert.x5c[0] must be a non-empty base64-DER string");
+    }
+    let der;
+    try {
+        der = Buffer.from(cert.x5c[0], "base64");
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.cert_generation_failed", `computeCertX509Hash: failed to decode cert.x5c[0]: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (der.length === 0) {
+        throw new Oid4vpError("oid4vp.cert_generation_failed", "computeCertX509Hash: cert.x5c[0] decoded to zero bytes");
+    }
+    return createHash("sha256").update(der).digest("base64url");
+}
+/**
+ * Build the OID4VP `client_id` for a cert-backed verifier.
+ *
+ * Returns the prefixed identifier per OID4VP §5.9.3:
+ *
+ *   - `x509_san_dns:<sanDns>` — legacy. Wallet looks up the cert's SAN
+ *     DNS entry; useful when wallets pre-resolve identity by hostname.
+ *   - `x509_hash:<base64url(sha256(DER(leaf)))>` — HAIP Final 1.0 §5
+ *     bullet 3 (MUST for HAIP-conformant verifiers). Wallet hashes the
+ *     leaf cert in the JWS `x5c` header and compares — no DNS coupling.
+ *
+ * Pair the returned `client_id` with the matching {@link ClientIdScheme}
+ * literal when populating an {@link AuthorizationRequest}.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.cert_generation_failed` for an
+ *   unknown scheme, missing SAN-DNS, or malformed `x5c`.
+ */
+export function buildClientIdFromCert(options) {
+    const scheme = options.scheme ?? "x509_hash";
+    if (scheme === "x509_san_dns") {
+        if (typeof options.cert?.sanDns !== "string" ||
+            options.cert.sanDns.length === 0) {
+            throw new Oid4vpError("oid4vp.cert_generation_failed", "buildClientIdFromCert(x509_san_dns): cert.sanDns is required");
+        }
+        return {
+            clientId: `x509_san_dns:${options.cert.sanDns}`,
+            scheme: "x509_san_dns",
+        };
+    }
+    if (scheme === "x509_hash") {
+        const digest = computeCertX509Hash(options.cert);
+        return { clientId: `x509_hash:${digest}`, scheme: "x509_hash" };
+    }
+    throw new Oid4vpError("oid4vp.cert_generation_failed", `buildClientIdFromCert: unknown scheme ${JSON.stringify(scheme)}`);
+}
 //# sourceMappingURL=cert.js.map

package/dist/cert.js.map

@@ -1 +1 @@
-{"version":3,"file":"cert.js","sourceRoot":"","sources":["../src/cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,wEAAwE;AACxE,sEAAsE;AACtE,oEAAoE;AACpE,uEAAuE;AACvE,OAAO,kBAAkB,CAAC;AAC1B,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAoB,MAAM,YAAY,CAAC;AAE3D,0EAA0E;AAC1E,kDAAkD;AAClD,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAC9B,SAAS,oBAAoB;IAC3B,IAAI,iBAAiB;QAAE,OAAO;IAC9B,oEAAoE;IACpE,gEAAgE;IAChE,8DAA8D;IAC9D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAgB,CAAC,CAAC;IAC1C,iBAAiB,GAAG,IAAI,CAAC;AAC3B,CAAC;AAoBD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAiC;IAEjC,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IAED,oBAAoB,EAAE,CAAC;IAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAI,IAAI,CACvB,SAAS,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACtD,CAAC;IAEF,oEAAoE;IACpE,qCAAqC;IACrC,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE;QAC/D,MAAM;QACN,QAAQ;KACT,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,cAAc,CAAC;QACjC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM;QAC5C,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,kBAAkB;KAC/D,CAAC,CAAC;IAEH,IAAI,IAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;YAC1D,YAAY,EAAE,YAAY,EAAE;YAC5B,IAAI,EAAE,WAAW;YACjB,SAAS;YACT,QAAQ;YACR,gBAAgB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;YACpD,IAAI;YACJ,UAAU,EAAE;gBACV,+DAA+D;gBAC/D,kEAAkE;gBAClE,iCAAiC;gBACjC,IAAI,IAAI,CAAC,+BAA+B,CAAC;oBACvC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;oBACpC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC3C,IAAI,EAAE,KAAc;wBACpB,KAAK;qBACN,CAAC,CAAC;iBACJ,CAAC;gBACF,0CAA0C;gBAC1C,IAAI,IAAI,CAAC,kBAAkB,CACzB,IAAI,CAAC,aAAa,CAAC,gBAAgB,GAAG,IAAI,CAAC,aAAa,CAAC,eAAe,CACzE;gBACD,IAAI,IAAI,CAAC,yBAAyB,CAAC;oBACjC,gEAAgE;oBAChE,mBAAmB;oBACnB,kEAAkE;oBAClE,mBAAmB;iBACpB,CAAC;gBACF,uBAAuB;gBACvB,IAAI,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;aAC1C;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,iDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,CAAC;IAErE,WAAW;IACX,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE5C,yEAAyE;IACzE,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAErC,OAAO;QACL,aAAa;QACb,cAAc;QACd,GAAG;QACH,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAiB;IAEjB,IACE,IAAI,KAAK,IAAI;QACb,OAAO,IAAI,KAAK,QAAQ;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QACtC,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,EACvC,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC;IACf,IAAI,SAAS,CAAC;IACd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3D,UAAU,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,CAAe,CAAC;QACnD,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,GAAG,CAAC,CAAe,CAAC;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,qDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,mDAAmD;IACnD,UAAU,CAAC,GAAG,GAAG,OAAO,CAAC;IACzB,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC;IAExB,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,cAAc,CAAC,KAGvB;IACC,OAAO,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;AACnF,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,oDAAoD;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,YAAY;IACnB,uEAAuE;IACvE,4BAA4B;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,SAAS,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,6DAA6D;IAC7D,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAe,EAAE,KAAa;IAC9C,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAC/B,6BAA6B;IAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAChD,OAAO,cAAc,KAAK,UAAU,OAAO,cAAc,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC"}
+{"version":3,"file":"cert.js","sourceRoot":"","sources":["../src/cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,wEAAwE;AACxE,sEAAsE;AACtE,oEAAoE;AACpE,uEAAuE;AACvE,OAAO,kBAAkB,CAAC;AAC1B,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAE1D,OAAO,EACL,WAAW,GAGZ,MAAM,YAAY,CAAC;AAEpB,0EAA0E;AAC1E,kDAAkD;AAClD,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAC9B,SAAS,oBAAoB;IAC3B,IAAI,iBAAiB;QAAE,OAAO;IAC9B,oEAAoE;IACpE,gEAAgE;IAChE,8DAA8D;IAC9D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAgB,CAAC,CAAC;IAC1C,iBAAiB,GAAG,IAAI,CAAC;AAC3B,CAAC;AAoBD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAiC;IAEjC,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IAED,oBAAoB,EAAE,CAAC;IAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAI,IAAI,CACvB,SAAS,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACtD,CAAC;IAEF,oEAAoE;IACpE,qCAAqC;IACrC,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAW,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE;QAC/D,MAAM;QACN,QAAQ;KACT,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,cAAc,CAAC;QACjC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM;QAC5C,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,kBAAkB;KAC/D,CAAC,CAAC;IAEH,IAAI,IAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;YAC1D,YAAY,EAAE,YAAY,EAAE;YAC5B,IAAI,EAAE,WAAW;YACjB,SAAS;YACT,QAAQ;YACR,gBAAgB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;YACpD,IAAI;YACJ,UAAU,EAAE;gBACV,+DAA+D;gBAC/D,kEAAkE;gBAClE,iCAAiC;gBACjC,IAAI,IAAI,CAAC,+BAA+B,CAAC;oBACvC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;oBACpC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC3C,IAAI,EAAE,KAAc;wBACpB,KAAK;qBACN,CAAC,CAAC;iBACJ,CAAC;gBACF,0CAA0C;gBAC1C,IAAI,IAAI,CAAC,kBAAkB,CACzB,IAAI,CAAC,aAAa,CAAC,gBAAgB,GAAG,IAAI,CAAC,aAAa,CAAC,eAAe,CACzE;gBACD,IAAI,IAAI,CAAC,yBAAyB,CAAC;oBACjC,gEAAgE;oBAChE,mBAAmB;oBACnB,kEAAkE;oBAClE,mBAAmB;iBACpB,CAAC;gBACF,uBAAuB;gBACvB,IAAI,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;aAC1C;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,iDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC,CAAC;IAErE,WAAW;IACX,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE5C,yEAAyE;IACzE,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAErC,OAAO;QACL,aAAa;QACb,cAAc;QACd,GAAG;QACH,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAiB;IAEjB,IACE,IAAI,KAAK,IAAI;QACb,OAAO,IAAI,KAAK,QAAQ;QACxB,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QACtC,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,EACvC,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC;IACf,IAAI,SAAS,CAAC;IACd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3D,UAAU,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,CAAe,CAAC;QACnD,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,GAAG,CAAC,CAAe,CAAC;IACnD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,qDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,mDAAmD;IACnD,UAAU,CAAC,GAAG,GAAG,OAAO,CAAC;IACzB,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC;IAExB,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,cAAc,CAAC,KAGvB;IACC,OAAO,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;AACnF,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,oDAAoD;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,YAAY;IACnB,uEAAuE;IACvE,4BAA4B;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,SAAS,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,6DAA6D;IAC7D,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAe,EAAE,KAAa;IAC9C,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAC/B,6BAA6B;IAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAChD,OAAO,cAAc,KAAK,UAAU,OAAO,cAAc,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,iEAAiE;AACjE,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAiB;IACnD,IACE,IAAI,KAAK,IAAI;QACb,OAAO,IAAI,KAAK,QAAQ;QACxB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;QACrB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ;QAC/B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EACxB,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,wEAAwE,CACzE,CAAC;IACJ,CAAC;IACD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,sDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,wDAAwD,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC9D,CAAC;AAeD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAqC;IAErC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,WAAW,CAAC;IAC7C,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;QAC9B,IACE,OAAO,OAAO,CAAC,IAAI,EAAE,MAAM,KAAK,QAAQ;YACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAChC,CAAC;YACD,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,gBAAgB,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE;YAC/C,MAAM,EAAE,cAAc;SACvB,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,EAAE,QAAQ,EAAE,aAAa,MAAM,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,yCAAyC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAClE,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -1,6 +1,8 @@
 export { buildAuthorizationRequestUrl, parseAuthorizationRequestUrl, parseAuthorizationRequestSearchParams, } from "./request.js";
 export { buildAuthorizationResponseBody, parseAuthorizationResponseBody, parseAuthorizationResponseFromParams, } from "./response.js";
-export { generateSigningCert, signingCertToJwks, type GenerateSigningCertOptions, } from "./cert.js";
-export { signAuthorizationRequest, type SignAuthorizationRequestOptions, } from "./jar.js";
+export { buildClientIdFromCert, computeCertX509Hash, generateSigningCert, signingCertToJwks, type BuildClientIdFromCertOptions, type CertBackedClientIdScheme, type GenerateSigningCertOptions, } from "./cert.js";
+export { DEFAULT_JAR_AUDIENCE, DEFAULT_JAR_LIFETIME_SECONDS, signAuthorizationRequest, type SignAuthorizationRequestOptions, } from "./jar.js";
+export { generateNonce, generateState, } from "./random.js";
+export { DEFAULT_RESPONSE_JWE_ALG, DEFAULT_RESPONSE_JWE_ENC, decryptAuthorizationResponse, encryptAuthorizationResponse, generateResponseEncryptionKey, type DecryptAuthorizationResponseOptions, type DecryptedAuthorizationResponse, type EncryptAuthorizationResponseOptions, type GenerateResponseEncryptionKeyOptions, } from "./response-jwt.js";
 export { Oid4vpError, type AuthorizationRequest, type AuthorizationResponse, type ClientIdScheme, type Oid4vpErrorCode, type ResponseMode, type SigningCert, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,EAC5B,4BAA4B,EAC5B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,oCAAoC,GACrC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,KAAK,0BAA0B,GAChC,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,wBAAwB,EACxB,KAAK,+BAA+B,GACrC,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,WAAW,EACX,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,EAC5B,4BAA4B,EAC5B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,oCAAoC,GACrC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,EACjB,KAAK,4BAA4B,EACjC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,GAChC,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,+BAA+B,GACrC,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,aAAa,EACb,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,4BAA4B,EAC5B,4BAA4B,EAC5B,6BAA6B,EAC7B,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,GAC1C,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,EACX,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -1,6 +1,8 @@
 export { buildAuthorizationRequestUrl, parseAuthorizationRequestUrl, parseAuthorizationRequestSearchParams, } from "./request.js";
 export { buildAuthorizationResponseBody, parseAuthorizationResponseBody, parseAuthorizationResponseFromParams, } from "./response.js";
-export { generateSigningCert, signingCertToJwks, } from "./cert.js";
-export { signAuthorizationRequest, } from "./jar.js";
+export { buildClientIdFromCert, computeCertX509Hash, generateSigningCert, signingCertToJwks, } from "./cert.js";
+export { DEFAULT_JAR_AUDIENCE, DEFAULT_JAR_LIFETIME_SECONDS, signAuthorizationRequest, } from "./jar.js";
+export { generateNonce, generateState, } from "./random.js";
+export { DEFAULT_RESPONSE_JWE_ALG, DEFAULT_RESPONSE_JWE_ENC, decryptAuthorizationResponse, encryptAuthorizationResponse, generateResponseEncryptionKey, } from "./response-jwt.js";
 export { Oid4vpError, } from "./types.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,EAC5B,4BAA4B,EAC5B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,oCAAoC,GACrC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,mBAAmB,EACnB,iBAAiB,GAElB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,wBAAwB,GAEzB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,WAAW,GAOZ,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,EAC5B,4BAA4B,EAC5B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,EAC9B,oCAAoC,GACrC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,GAIlB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,wBAAwB,GAEzB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,aAAa,EACb,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,4BAA4B,EAC5B,4BAA4B,EAC5B,6BAA6B,GAK9B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,GAOZ,MAAM,YAAY,CAAC"}

package/dist/jar.d.ts

@@ -17,8 +17,27 @@
  * For the EUDIW HAIP profile + the EU reference wallet's demo build,
  * `x509_san_dns` (with this signed JAR shape) is the only `client_id_prefix`
  * the wallet accepts. Production verifiers MUST sign their requests.
+ *
+ * In addition to the OID4VP request claims, the signer always emits the
+ * standard JWT claims `aud`, `iat`, `exp` on the JAR payload (RFC 9101
+ * §4 recommends them; OID4VP §5.8 mandates `aud`; HAIP-strict wallets
+ * reject when any of the three is absent). The audience defaults to the
+ * static pseudo-issuer `https://self-issued.me/v2` and the lifetime
+ * defaults to 5 minutes — both are configurable per call.
  */
 import { type AuthorizationRequest, type SigningCert } from "./types.js";
+/** OID4VP §5.8 — default `aud` for the signed JAR. Wallets check `aud`
+ * against either their own issuer URL (dynamic discovery) or the static
+ * pseudo-issuer `https://self-issued.me/v2`. We don't do dynamic wallet
+ * discovery — so the static value is the right default per the HAIP
+ * convention. Callers can override via `SignAuthorizationRequestOptions.aud`
+ * when targeting wallets that announce themselves via `wallet_metadata`. */
+export declare const DEFAULT_JAR_AUDIENCE = "https://self-issued.me/v2";
+/** Default JAR lifetime — 5 minutes. RFC 9101 §4 doesn't fix a value but
+ * recommends a "short" lifetime; HAIP doesn't pin one either. 5 min
+ * matches OID4VCI's c_nonce window for symmetry across endpoints, and is
+ * the audit-recommended default (EUDI compliance audit, 2026-05). */
+export declare const DEFAULT_JAR_LIFETIME_SECONDS: number;
 export interface SignAuthorizationRequestOptions {
     /** The verifier's Authorization Request to sign. Must already include
      * the verifier-side fields (`client_id`, `nonce`, `response_uri`, etc).
@@ -27,6 +46,20 @@ export interface SignAuthorizationRequestOptions {
     /** The verifier's signing material — produced by `generateSigningCert`
      * or supplied externally. */
     readonly cert: SigningCert;
+    /** Audience for the signed JAR. Defaults to {@link DEFAULT_JAR_AUDIENCE}
+     * (`https://self-issued.me/v2`) per HAIP convention (RFC 9101 §2.1 +
+     * OID4VP §5.8). Pass `undefined` explicitly to fall through to the
+     * default — a JAR is never emitted without an `aud` claim. */
+    readonly aud?: string;
+    /** JAR lifetime in seconds. `iat = now`, `exp = now + lifetime`.
+     * Defaults to {@link DEFAULT_JAR_LIFETIME_SECONDS} (300 = 5 min).
+     * (OID4VP §5.8 + RFC 9101 §4) */
+    readonly jarLifetimeSeconds?: number;
+    /** Override `iat` source — useful for deterministic tests. Defaults
+     * to `() => Math.floor(Date.now() / 1000)`. Returned value is treated
+     * as the unix-seconds timestamp written to `iat`; `exp` is
+     * `now() + jarLifetimeSeconds`. */
+    readonly now?: () => number;
 }
 /**
  * Sign an OID4VP Authorization Request as a compact-serialised JWS,
@@ -40,8 +73,15 @@ export interface SignAuthorizationRequestOptions {
  *     separate key-discovery step
  *
  * The JWS payload IS the request object — claims at the top level, not
- * wrapped in some envelope (RFC 9101 §10.2). Caller serves the result
- * with content type `application/oauth-authz-req+jwt`.
+ * wrapped in some envelope (RFC 9101 §10.2). On top of the request
+ * claims the signer always overlays:
+ *   - `aud` — defaults to `https://self-issued.me/v2`
+ *   - `iat` — set to `now()` (unix seconds)
+ *   - `exp` — set to `iat + jarLifetimeSeconds` (default 300 s)
+ *
+ * If the request payload already carries any of `aud`/`iat`/`exp`, those
+ * payload-level values win — the signer is non-destructive. Caller
+ * serves the result with content type `application/oauth-authz-req+jwt`.
  *
  * @throws {@link Oid4vpError} with `oid4vp.jar_signing_failed` if the
  *   private key is malformed or signing fails.

package/dist/jar.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jar.d.ts","sourceRoot":"","sources":["../src/jar.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,WAAW,EACjB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,+BAA+B;IAC9C;;2EAEuE;IACvE,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC;IACvC;iCAC6B;IAC7B,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,MAAM,CAAC,CAqDjB"}
+{"version":3,"file":"jar.d.ts","sourceRoot":"","sources":["../src/jar.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,WAAW,EACjB,MAAM,YAAY,CAAC;AAEpB;;;;;4EAK4E;AAC5E,eAAO,MAAM,oBAAoB,8BAA8B,CAAC;AAEhE;;;qEAGqE;AACrE,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,MAAM,WAAW,+BAA+B;IAC9C;;2EAEuE;IACvE,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC;IACvC;iCAC6B;IAC7B,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B;;;kEAG8D;IAC9D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;;qCAEiC;IACjC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC;;;uCAGmC;IACnC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,MAAM,CAAC,CAwEjB"}

package/dist/jar.js

@@ -17,9 +17,28 @@
  * For the EUDIW HAIP profile + the EU reference wallet's demo build,
  * `x509_san_dns` (with this signed JAR shape) is the only `client_id_prefix`
  * the wallet accepts. Production verifiers MUST sign their requests.
+ *
+ * In addition to the OID4VP request claims, the signer always emits the
+ * standard JWT claims `aud`, `iat`, `exp` on the JAR payload (RFC 9101
+ * §4 recommends them; OID4VP §5.8 mandates `aud`; HAIP-strict wallets
+ * reject when any of the three is absent). The audience defaults to the
+ * static pseudo-issuer `https://self-issued.me/v2` and the lifetime
+ * defaults to 5 minutes — both are configurable per call.
  */
 import { SignJWT, importPKCS8 } from "jose";
 import { Oid4vpError, } from "./types.js";
+/** OID4VP §5.8 — default `aud` for the signed JAR. Wallets check `aud`
+ * against either their own issuer URL (dynamic discovery) or the static
+ * pseudo-issuer `https://self-issued.me/v2`. We don't do dynamic wallet
+ * discovery — so the static value is the right default per the HAIP
+ * convention. Callers can override via `SignAuthorizationRequestOptions.aud`
+ * when targeting wallets that announce themselves via `wallet_metadata`. */
+export const DEFAULT_JAR_AUDIENCE = "https://self-issued.me/v2";
+/** Default JAR lifetime — 5 minutes. RFC 9101 §4 doesn't fix a value but
+ * recommends a "short" lifetime; HAIP doesn't pin one either. 5 min
+ * matches OID4VCI's c_nonce window for symmetry across endpoints, and is
+ * the audit-recommended default (EUDI compliance audit, 2026-05). */
+export const DEFAULT_JAR_LIFETIME_SECONDS = 5 * 60;
 /**
  * Sign an OID4VP Authorization Request as a compact-serialised JWS,
  * formatted per RFC 9101 + OID4VP §5.10.
@@ -32,8 +51,15 @@ import { Oid4vpError, } from "./types.js";
  *     separate key-discovery step
  *
  * The JWS payload IS the request object — claims at the top level, not
- * wrapped in some envelope (RFC 9101 §10.2). Caller serves the result
- * with content type `application/oauth-authz-req+jwt`.
+ * wrapped in some envelope (RFC 9101 §10.2). On top of the request
+ * claims the signer always overlays:
+ *   - `aud` — defaults to `https://self-issued.me/v2`
+ *   - `iat` — set to `now()` (unix seconds)
+ *   - `exp` — set to `iat + jarLifetimeSeconds` (default 300 s)
+ *
+ * If the request payload already carries any of `aud`/`iat`/`exp`, those
+ * payload-level values win — the signer is non-destructive. Caller
+ * serves the result with content type `application/oauth-authz-req+jwt`.
  *
  * @throws {@link Oid4vpError} with `oid4vp.jar_signing_failed` if the
  *   private key is malformed or signing fails.
@@ -54,13 +80,32 @@ export async function signAuthorizationRequest(options) {
     catch (err) {
         throw new Oid4vpError("oid4vp.jar_signing_failed", `signAuthorizationRequest: failed to import private key: ${err instanceof Error ? err.message : String(err)}`);
     }
+    // Resolve the JWT timing claims. `options.aud === undefined` falls
+    // through to the default (per the option's contract) — callers cannot
+    // suppress the claim, only override its value.
+    const aud = options.aud ?? DEFAULT_JAR_AUDIENCE;
+    const lifetime = options.jarLifetimeSeconds ?? DEFAULT_JAR_LIFETIME_SECONDS;
+    const nowFn = options.now ?? (() => Math.floor(Date.now() / 1000));
+    const iat = nowFn();
+    const exp = iat + lifetime;
     try {
         // Spread into a fresh mutable object — `jose.SignJWT` wants
         // `JWTPayload` (mutable, index-signature) while `AuthorizationRequest`
         // is strict-readonly. The spread copies own enumerable props and
         // produces a value of structurally-compatible type without an
         // `as unknown as` double-cast.
+        //
+        // The OID4VP request fields go in first; if the caller has already
+        // set `aud`/`iat`/`exp` at the request level (unusual but legal),
+        // those payload-level values win. Otherwise we apply the resolved
+        // defaults below. Either way the JAR carries all three claims.
         const payload = { ...options.request };
+        if (payload["aud"] === undefined)
+            payload["aud"] = aud;
+        if (payload["iat"] === undefined)
+            payload["iat"] = iat;
+        if (payload["exp"] === undefined)
+            payload["exp"] = exp;
         const jwt = await new SignJWT(payload)
             .setProtectedHeader({
             alg: "ES256",

package/dist/jar.js.map

@@ -1 +1 @@
-{"version":3,"file":"jar.js","sourceRoot":"","sources":["../src/jar.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EACL,WAAW,GAGZ,MAAM,YAAY,CAAC;AAYpB;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAwC;IAExC,IACE,OAAO,CAAC,IAAI,KAAK,IAAI;QACrB,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ;QAChC,OAAO,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,QAAQ,EAC9C,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC;IACf,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,2DACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,4DAA4D;QAC5D,uEAAuE;QACvE,iEAAiE;QACjE,8DAA8D;QAC9D,+BAA+B;QAC/B,MAAM,OAAO,GAA4B,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAChE,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;aACnC,kBAAkB,CAAC;YAClB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,qBAAqB;YAC1B,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;SAC3B,CAAC;aACD,IAAI,CAAC,UAAU,CAAC,CAAC;QACpB,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,iDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"jar.js","sourceRoot":"","sources":["../src/jar.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EACL,WAAW,GAGZ,MAAM,YAAY,CAAC;AAEpB;;;;;4EAK4E;AAC5E,MAAM,CAAC,MAAM,oBAAoB,GAAG,2BAA2B,CAAC;AAEhE;;;qEAGqE;AACrE,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,CAAC;AA0BnD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAwC;IAExC,IACE,OAAO,CAAC,IAAI,KAAK,IAAI;QACrB,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ;QAChC,OAAO,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,QAAQ,EAC9C,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC;IACf,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,2DACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,+CAA+C;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,oBAAoB,CAAC;IAChD,MAAM,QAAQ,GACZ,OAAO,CAAC,kBAAkB,IAAI,4BAA4B,CAAC;IAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,GAAG,GAAG,GAAG,GAAG,QAAQ,CAAC;IAE3B,IAAI,CAAC;QACH,4DAA4D;QAC5D,uEAAuE;QACvE,iEAAiE;QACjE,8DAA8D;QAC9D,+BAA+B;QAC/B,EAAE;QACF,mEAAmE;QACnE,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,MAAM,OAAO,GAA4B,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAChE,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;QACvD,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;QACvD,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;QAEvD,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;aACnC,kBAAkB,CAAC;YAClB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,qBAAqB;YAC1B,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;SAC3B,CAAC;aACD,IAAI,CAAC,UAAU,CAAC,CAAC;QACpB,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,iDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/random.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Cryptographic randomness helpers for OID4VP authorization requests.
+ *
+ * Per OID4VP Final 1.0 §5.3 + §11.2 — verifier-supplied opaque values
+ * (`state`, `nonce`) MUST carry at least 128 bits of entropy. Even when
+ * holder binding (KB-JWT) is present, these fields are reused for CSRF
+ * stitching, replay protection and small values invite brute force in
+ * edge cases where the value leaks externally (e.g. via referer headers
+ * in poorly-implemented universal-link handling).
+ *
+ * Both helpers draw 16 random bytes (128 bits) from `node:crypto` and
+ * encode them in the form the spec prefers for that field:
+ *
+ *  - `state` → hex (RFC 6648 implementation hint, also what the EU
+ *    reference wallet's emulator build sends back verbatim — using hex
+ *    keeps the value safe across URL-encoded transports).
+ *  - `nonce` → base64url no-pad (matches what the wallet's KB-JWT
+ *    `nonce` claim will echo, per OID4VP §5.5 + SD-JWT VC §4.3).
+ */
+/**
+ * 128-bit random `state` value, hex-encoded.
+ *
+ * `state` is the verifier-controlled correlation token the wallet
+ * echoes back unchanged in the Authorization Response. Verifiers MUST
+ * generate this with enough entropy that a third party cannot guess a
+ * pending session id (OID4VP §5.3 + §11.2).
+ *
+ * 16 bytes → 128 bits → 32 hex chars. Use `generateNonce` for the
+ * cryptographic challenge in the same request — they serve different
+ * purposes and MUST NOT be reused for one another.
+ */
+export declare function generateState(): string;
+/**
+ * 128-bit random `nonce` value, base64url-encoded (no padding).
+ *
+ * `nonce` is the cryptographic challenge the wallet binds into its
+ * KB-JWT to prove possession of the holder key. It MUST be unique per
+ * request and at least 128 bits (OID4VP §5.3 + §11.2). 16 bytes →
+ * 128 bits → 22 base64url chars (no padding).
+ *
+ * Use `generateState` for the verifier's correlation token in the same
+ * request — they serve different purposes and MUST NOT be reused.
+ */
+export declare function generateNonce(): string;
+//# sourceMappingURL=random.d.ts.map

package/dist/random.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"random.d.ts","sourceRoot":"","sources":["../src/random.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC"}

package/dist/random.js

@@ -0,0 +1,50 @@
+/**
+ * Cryptographic randomness helpers for OID4VP authorization requests.
+ *
+ * Per OID4VP Final 1.0 §5.3 + §11.2 — verifier-supplied opaque values
+ * (`state`, `nonce`) MUST carry at least 128 bits of entropy. Even when
+ * holder binding (KB-JWT) is present, these fields are reused for CSRF
+ * stitching, replay protection and small values invite brute force in
+ * edge cases where the value leaks externally (e.g. via referer headers
+ * in poorly-implemented universal-link handling).
+ *
+ * Both helpers draw 16 random bytes (128 bits) from `node:crypto` and
+ * encode them in the form the spec prefers for that field:
+ *
+ *  - `state` → hex (RFC 6648 implementation hint, also what the EU
+ *    reference wallet's emulator build sends back verbatim — using hex
+ *    keeps the value safe across URL-encoded transports).
+ *  - `nonce` → base64url no-pad (matches what the wallet's KB-JWT
+ *    `nonce` claim will echo, per OID4VP §5.5 + SD-JWT VC §4.3).
+ */
+import { randomBytes } from "node:crypto";
+/**
+ * 128-bit random `state` value, hex-encoded.
+ *
+ * `state` is the verifier-controlled correlation token the wallet
+ * echoes back unchanged in the Authorization Response. Verifiers MUST
+ * generate this with enough entropy that a third party cannot guess a
+ * pending session id (OID4VP §5.3 + §11.2).
+ *
+ * 16 bytes → 128 bits → 32 hex chars. Use `generateNonce` for the
+ * cryptographic challenge in the same request — they serve different
+ * purposes and MUST NOT be reused for one another.
+ */
+export function generateState() {
+    return randomBytes(16).toString("hex");
+}
+/**
+ * 128-bit random `nonce` value, base64url-encoded (no padding).
+ *
+ * `nonce` is the cryptographic challenge the wallet binds into its
+ * KB-JWT to prove possession of the holder key. It MUST be unique per
+ * request and at least 128 bits (OID4VP §5.3 + §11.2). 16 bytes →
+ * 128 bits → 22 base64url chars (no padding).
+ *
+ * Use `generateState` for the verifier's correlation token in the same
+ * request — they serve different purposes and MUST NOT be reused.
+ */
+export function generateNonce() {
+    return randomBytes(16).toString("base64url");
+}
+//# sourceMappingURL=random.js.map

package/dist/random.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"random.js","sourceRoot":"","sources":["../src/random.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC"}

package/dist/response-jwt.d.ts

@@ -0,0 +1,145 @@
+/**
+ * `direct_post.jwt` response mode — OID4VP Final 1.0 §8.3.1, HAIP §5.1.
+ *
+ * Where `direct_post` sends the Authorization Response as plaintext
+ * `application/x-www-form-urlencoded`, `direct_post.jwt` wraps the
+ * exact same fields (`vp_token`, optional `presentation_submission`,
+ * `state`, `iss`) into a JSON object, then encrypts that object into
+ * a compact-serialised JWE keyed by the verifier's published
+ * encryption JWK. The JWE rides on a single form field named
+ * `response`.
+ *
+ *   wallet ─ JSON encode vp_token + state + iss ──►
+ *          ─ JWE-wrap with verifier.client_metadata.jwks[*].use="enc" ──►
+ *          ─ form-encode as response=<JWE> ──►
+ *                                                verifier
+ *
+ *   verifier ─ extract `response` form param ──►
+ *            ─ decrypt JWE with private encryption key ──►
+ *            ─ JSON parse the cleartext payload ──►
+ *            ─ feed into parseAuthorizationResponseBody equivalent ──►
+ *
+ * Why HAIP mandates this: with plaintext `direct_post` the PID claims
+ * (disclosed names, birthdates, addresses) travel as form fields the
+ * verifier's TLS terminator, reverse proxy, and downstream log
+ * pipelines can capture. Encrypting end-to-end (wallet → application)
+ * shrinks the trust boundary to the application that holds the
+ * private key.
+ *
+ * The crypto primitives used by default:
+ *   - `alg = ECDH-ES`  — direct ECDH-derived CEK, no extra key wrap.
+ *     P-256 is the curve every HAIP wallet implements.
+ *   - `enc = A256GCM`  — authenticated encryption of the payload.
+ *
+ * Callers can opt into different `alg`/`enc` values via the options.
+ */
+import type { JsonWebKey } from "@gramota/jose";
+import { type AuthorizationResponse } from "./types.js";
+/** Default JWE key-agreement algorithm — ECDH-ES, the option the EU
+ * reference wallet and HAIP §5.1 baseline implement. */
+export declare const DEFAULT_RESPONSE_JWE_ALG = "ECDH-ES";
+/** Default JWE content-encryption algorithm — A256GCM (authenticated). */
+export declare const DEFAULT_RESPONSE_JWE_ENC = "A256GCM";
+/**
+ * Generate a fresh JWE encryption keypair for the verifier.
+ *
+ * The public JWK goes into `client_metadata.jwks.keys[]` on the
+ * Authorization Request; the private JWK stays on the verifier and
+ * decrypts inbound `direct_post.jwt` responses.
+ *
+ * Returns both JWKs annotated with:
+ *   - `use: "enc"` (RFC 7517 §4.2) so wallets can pick the right key
+ *     when both signing and encryption keys are published
+ *   - `alg`: the key-agreement algorithm (default ECDH-ES)
+ *   - `kid` (optional, caller-supplied)
+ *
+ * Production deployments may want HSM-backed keys instead — the
+ * encryption keypair is a long-lived secret per verifier, not a
+ * per-request ephemeral. This generator is the development /
+ * pinned-trust path; the surface contract (JsonWebKey in and out) is
+ * the same regardless of where the bits come from.
+ */
+export interface GenerateResponseEncryptionKeyOptions {
+    /** Key-agreement algorithm. Default `"ECDH-ES"`. */
+    readonly alg?: string;
+    /** Optional key id — written to both JWKs as `kid`. */
+    readonly kid?: string;
+}
+export declare function generateResponseEncryptionKey(options?: GenerateResponseEncryptionKeyOptions): Promise<{
+    publicJwk: JsonWebKey;
+    privateJwk: JsonWebKey;
+}>;
+export interface EncryptAuthorizationResponseOptions {
+    /** The Authorization Response to wrap. The same object you'd hand to
+     * `buildAuthorizationResponseBody` for `direct_post`. */
+    readonly response: AuthorizationResponse;
+    /** Verifier's encryption JWK — picked from `client_metadata.jwks`. */
+    readonly encryptionKey: JsonWebKey;
+    /** Optional override of the JWE `alg` header. Default
+     * {@link DEFAULT_RESPONSE_JWE_ALG} or `encryptionKey.alg` when set. */
+    readonly alg?: string;
+    /** Optional override of the JWE `enc` header. Default
+     * {@link DEFAULT_RESPONSE_JWE_ENC}. */
+    readonly enc?: string;
+    /** Optional override of the JWE `kid` header. Default
+     * `encryptionKey.kid`. */
+    readonly kid?: string;
+}
+/**
+ * Encrypt an Authorization Response per OID4VP §8.3.1.
+ *
+ * The cleartext is the JSON object the spec describes — same shape as
+ * the form-encoded `direct_post` body would carry, but as JSON rather
+ * than URL-encoded form. The output is a compact-serialised JWE
+ * suitable for the `response` form parameter of the wallet's POST to
+ * the verifier's `response_uri`.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.response_encryption_failed`.
+ */
+export declare function encryptAuthorizationResponse(options: EncryptAuthorizationResponseOptions): Promise<string>;
+export interface DecryptAuthorizationResponseOptions {
+    /** The compact-serialised JWE pulled from the `response` form field. */
+    readonly jwe: string;
+    /** The verifier's private encryption JWK — counterpart to the public
+     * key published in `client_metadata.jwks`. */
+    readonly privateKey: JsonWebKey;
+    /** Optional allowlist of acceptable `enc` values. Default
+     * `["A256GCM"]` — narrow / widen for interop. */
+    readonly enc?: readonly string[];
+    /** Optional allowlist of acceptable `alg` values. Default
+     * `["ECDH-ES"]`. */
+    readonly alg?: readonly string[];
+}
+export interface DecryptedAuthorizationResponse {
+    /** The wallet's Authorization Response, ready to feed to the
+     * verifier's existing validation pipeline. */
+    readonly response: AuthorizationResponse;
+    /** The verified JWE protected header — `alg`, `enc`, `kid`. */
+    readonly header: Readonly<Record<string, unknown>>;
+}
+/**
+ * Decrypt a `direct_post.jwt` Authorization Response.
+ *
+ * Reverses {@link encryptAuthorizationResponse}: imports the private
+ * JWK, runs JWE compact-decrypt, JSON-parses the cleartext, validates
+ * shape (vp_token present, PEX path carries presentation_submission),
+ * and returns the {@link AuthorizationResponse}.
+ *
+ * The function enforces:
+ *   - The JWE protected header `alg` is in the caller's allowlist
+ *     (default `["ECDH-ES"]`).
+ *   - The JWE protected header `enc` is in the caller's allowlist
+ *     (default `["A256GCM"]`).
+ *   - The cleartext is a JSON object (not an array, not bare string).
+ *   - `vp_token` is present and is one of: string, string[], DCQL
+ *     credential map.
+ *   - PEX responses (string / string[]) carry `presentation_submission`;
+ *     DCQL responses (object) need not.
+ *
+ * @throws {@link Oid4vpError} with codes
+ *   `oid4vp.response_encryption_failed` (decryption / header rejection),
+ *   `oid4vp.required_field_missing`, `oid4vp.invalid_value_type`,
+ *   `oid4vp.malformed_body`, or `oid4vp.invalid_json`.
+ */
+export declare function decryptAuthorizationResponse(options: DecryptAuthorizationResponseOptions): Promise<DecryptedAuthorizationResponse>;
+//# sourceMappingURL=response-jwt.d.ts.map

package/dist/response-jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-jwt.d.ts","sourceRoot":"","sources":["../src/response-jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAe,KAAK,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE;wDACwD;AACxD,eAAO,MAAM,wBAAwB,YAAY,CAAC;AAClD,0EAA0E;AAC1E,eAAO,MAAM,wBAAwB,YAAY,CAAC;AAElD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,oCAAoC;IACnD,oDAAoD;IACpD,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,uDAAuD;IACvD,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAsB,6BAA6B,CACjD,OAAO,GAAE,oCAAyC,GACjD,OAAO,CAAC;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAAC,CAwB5D;AAMD,MAAM,WAAW,mCAAmC;IAClD;6DACyD;IACzD,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACzC,sEAAsE;IACtE,QAAQ,CAAC,aAAa,EAAE,UAAU,CAAC;IACnC;2EACuE;IACvE,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;2CACuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;8BAC0B;IAC1B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,mCAAmC,GAC3C,OAAO,CAAC,MAAM,CAAC,CA2DjB;AA2BD,MAAM,WAAW,mCAAmC;IAClD,wEAAwE;IACxE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;kDAC8C;IAC9C,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC;qDACiD;IACjD,QAAQ,CAAC,GAAG,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC;wBACoB;IACpB,QAAQ,CAAC,GAAG,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,8BAA8B;IAC7C;kDAC8C;IAC9C,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACzC,+DAA+D;IAC/D,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACpD;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,mCAAmC,GAC3C,OAAO,CAAC,8BAA8B,CAAC,CA0HzC"}

package/dist/response-jwt.js

@@ -0,0 +1,295 @@
+/**
+ * `direct_post.jwt` response mode — OID4VP Final 1.0 §8.3.1, HAIP §5.1.
+ *
+ * Where `direct_post` sends the Authorization Response as plaintext
+ * `application/x-www-form-urlencoded`, `direct_post.jwt` wraps the
+ * exact same fields (`vp_token`, optional `presentation_submission`,
+ * `state`, `iss`) into a JSON object, then encrypts that object into
+ * a compact-serialised JWE keyed by the verifier's published
+ * encryption JWK. The JWE rides on a single form field named
+ * `response`.
+ *
+ *   wallet ─ JSON encode vp_token + state + iss ──►
+ *          ─ JWE-wrap with verifier.client_metadata.jwks[*].use="enc" ──►
+ *          ─ form-encode as response=<JWE> ──►
+ *                                                verifier
+ *
+ *   verifier ─ extract `response` form param ──►
+ *            ─ decrypt JWE with private encryption key ──►
+ *            ─ JSON parse the cleartext payload ──►
+ *            ─ feed into parseAuthorizationResponseBody equivalent ──►
+ *
+ * Why HAIP mandates this: with plaintext `direct_post` the PID claims
+ * (disclosed names, birthdates, addresses) travel as form fields the
+ * verifier's TLS terminator, reverse proxy, and downstream log
+ * pipelines can capture. Encrypting end-to-end (wallet → application)
+ * shrinks the trust boundary to the application that holds the
+ * private key.
+ *
+ * The crypto primitives used by default:
+ *   - `alg = ECDH-ES`  — direct ECDH-derived CEK, no extra key wrap.
+ *     P-256 is the curve every HAIP wallet implements.
+ *   - `enc = A256GCM`  — authenticated encryption of the payload.
+ *
+ * Callers can opt into different `alg`/`enc` values via the options.
+ */
+import { CompactEncrypt, compactDecrypt, exportJWK, generateKeyPair, importJWK } from "jose";
+import { Oid4vpError } from "./types.js";
+/** Default JWE key-agreement algorithm — ECDH-ES, the option the EU
+ * reference wallet and HAIP §5.1 baseline implement. */
+export const DEFAULT_RESPONSE_JWE_ALG = "ECDH-ES";
+/** Default JWE content-encryption algorithm — A256GCM (authenticated). */
+export const DEFAULT_RESPONSE_JWE_ENC = "A256GCM";
+export async function generateResponseEncryptionKey(options = {}) {
+    const alg = options.alg ?? DEFAULT_RESPONSE_JWE_ALG;
+    let keys;
+    try {
+        keys = await generateKeyPair(alg, { extractable: true });
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.cert_generation_failed", `generateResponseEncryptionKey: alg ${JSON.stringify(alg)} not supported: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const publicJwk = (await exportJWK(keys.publicKey));
+    const privateJwk = (await exportJWK(keys.privateKey));
+    publicJwk.use = "enc";
+    privateJwk.use = "enc";
+    publicJwk.alg = alg;
+    privateJwk.alg = alg;
+    if (options.kid !== undefined) {
+        publicJwk.kid = options.kid;
+        privateJwk.kid = options.kid;
+    }
+    return { publicJwk, privateJwk };
+}
+/**
+ * Encrypt an Authorization Response per OID4VP §8.3.1.
+ *
+ * The cleartext is the JSON object the spec describes — same shape as
+ * the form-encoded `direct_post` body would carry, but as JSON rather
+ * than URL-encoded form. The output is a compact-serialised JWE
+ * suitable for the `response` form parameter of the wallet's POST to
+ * the verifier's `response_uri`.
+ *
+ * @throws {@link Oid4vpError} `oid4vp.response_encryption_failed`.
+ */
+export async function encryptAuthorizationResponse(options) {
+    if (options.encryptionKey === null ||
+        typeof options.encryptionKey !== "object") {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", "encryptAuthorizationResponse: encryptionKey is required");
+    }
+    const alg = options.alg ??
+        (typeof options.encryptionKey.alg === "string"
+            ? options.encryptionKey.alg
+            : DEFAULT_RESPONSE_JWE_ALG);
+    const enc = options.enc ?? DEFAULT_RESPONSE_JWE_ENC;
+    const payload = buildJwtResponsePayload(options.response);
+    let publicKey;
+    try {
+        publicKey = await importJWK(options.encryptionKey, alg);
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `encryptAuthorizationResponse: failed to import encryption JWK: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const protectedHeader = { alg, enc };
+    const kid = options.kid ??
+        (typeof options.encryptionKey.kid === "string"
+            ? options.encryptionKey.kid
+            : undefined);
+    if (kid !== undefined)
+        protectedHeader["kid"] = kid;
+    try {
+        const cleartext = new TextEncoder().encode(JSON.stringify(payload));
+        return await new CompactEncrypt(cleartext)
+            .setProtectedHeader(protectedHeader)
+            .encrypt(publicKey);
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `encryptAuthorizationResponse: JWE encryption failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+/** Convert an AuthorizationResponse to the JSON object that
+ * `direct_post.jwt` ships as the JWE cleartext.
+ *
+ * The JWE cleartext is conceptually the same as the `direct_post`
+ * form body, except parameters are JSON-typed (no URL encoding /
+ * string coercion), and complex values (vp_token map, submission
+ * map) are nested as objects rather than embedded as JSON-string
+ * fields. This mirrors what production EU wallets send.
+ */
+function buildJwtResponsePayload(response) {
+    const out = { vp_token: response.vp_token };
+    if (response.presentation_submission !== undefined) {
+        out["presentation_submission"] = response.presentation_submission;
+    }
+    if (response.state !== undefined)
+        out["state"] = response.state;
+    if (response.iss !== undefined)
+        out["iss"] = response.iss;
+    return out;
+}
+/**
+ * Decrypt a `direct_post.jwt` Authorization Response.
+ *
+ * Reverses {@link encryptAuthorizationResponse}: imports the private
+ * JWK, runs JWE compact-decrypt, JSON-parses the cleartext, validates
+ * shape (vp_token present, PEX path carries presentation_submission),
+ * and returns the {@link AuthorizationResponse}.
+ *
+ * The function enforces:
+ *   - The JWE protected header `alg` is in the caller's allowlist
+ *     (default `["ECDH-ES"]`).
+ *   - The JWE protected header `enc` is in the caller's allowlist
+ *     (default `["A256GCM"]`).
+ *   - The cleartext is a JSON object (not an array, not bare string).
+ *   - `vp_token` is present and is one of: string, string[], DCQL
+ *     credential map.
+ *   - PEX responses (string / string[]) carry `presentation_submission`;
+ *     DCQL responses (object) need not.
+ *
+ * @throws {@link Oid4vpError} with codes
+ *   `oid4vp.response_encryption_failed` (decryption / header rejection),
+ *   `oid4vp.required_field_missing`, `oid4vp.invalid_value_type`,
+ *   `oid4vp.malformed_body`, or `oid4vp.invalid_json`.
+ */
+export async function decryptAuthorizationResponse(options) {
+    if (typeof options.jwe !== "string" || options.jwe.length === 0) {
+        throw new Oid4vpError("oid4vp.required_field_missing", "decryptAuthorizationResponse: jwe is required");
+    }
+    if (options.privateKey === null ||
+        typeof options.privateKey !== "object") {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", "decryptAuthorizationResponse: privateKey is required");
+    }
+    const allowedAlgs = options.alg ?? [DEFAULT_RESPONSE_JWE_ALG];
+    const allowedEncs = options.enc ?? [DEFAULT_RESPONSE_JWE_ENC];
+    // Pre-flight header inspection — the JWE library will also reject
+    // out-of-allowlist algs once we pass keyManagementAlgorithms /
+    // contentEncryptionAlgorithms, but we want spec-quality errors with
+    // our stable codes, so we look at the header explicitly first.
+    const segments = options.jwe.split(".");
+    if (segments.length !== 5) {
+        throw new Oid4vpError("oid4vp.malformed_body", "decryptAuthorizationResponse: malformed JWE (compact serialisation has 5 segments)");
+    }
+    let header;
+    try {
+        const json = Buffer.from(segments[0], "base64url").toString("utf-8");
+        const parsed = JSON.parse(json);
+        if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+            throw new Error("JWE header is not a JSON object");
+        }
+        header = parsed;
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.malformed_body", `decryptAuthorizationResponse: malformed JWE header: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const headerAlg = header["alg"];
+    const headerEnc = header["enc"];
+    if (typeof headerAlg !== "string" ||
+        !allowedAlgs.includes(headerAlg)) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `decryptAuthorizationResponse: JWE alg ${JSON.stringify(headerAlg)} is not in allowlist (${allowedAlgs.join(", ")})`);
+    }
+    if (typeof headerEnc !== "string" ||
+        !allowedEncs.includes(headerEnc)) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `decryptAuthorizationResponse: JWE enc ${JSON.stringify(headerEnc)} is not in allowlist (${allowedEncs.join(", ")})`);
+    }
+    let privateKey;
+    try {
+        privateKey = await importJWK(options.privateKey, headerAlg);
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `decryptAuthorizationResponse: failed to import private JWK: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    let plaintextBytes;
+    try {
+        const decrypted = await compactDecrypt(options.jwe, privateKey, {
+            keyManagementAlgorithms: [...allowedAlgs],
+            contentEncryptionAlgorithms: [...allowedEncs],
+        });
+        plaintextBytes = decrypted.plaintext;
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.response_encryption_failed", `decryptAuthorizationResponse: JWE decryption failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    let body;
+    try {
+        const json = new TextDecoder().decode(plaintextBytes);
+        const parsed = JSON.parse(json);
+        if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+            throw new Error("response payload is not a JSON object");
+        }
+        body = parsed;
+    }
+    catch (err) {
+        throw new Oid4vpError("oid4vp.invalid_json", `decryptAuthorizationResponse: cleartext is not a JSON object: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const response = parseJwtResponsePayload(body);
+    return { response, header };
+}
+/** Convert the JWE cleartext (already parsed as a JSON object) into an
+ * AuthorizationResponse. The shape constraints mirror those enforced
+ * by `parseAuthorizationResponseFromParams` for the form-encoded path.
+ */
+function parseJwtResponsePayload(body) {
+    const vpTokenRaw = body["vp_token"];
+    if (vpTokenRaw === undefined) {
+        throw new Oid4vpError("oid4vp.required_field_missing", "Authorization Response is missing required parameter: vp_token");
+    }
+    let vp_token;
+    if (typeof vpTokenRaw === "string") {
+        vp_token = vpTokenRaw;
+    }
+    else if (Array.isArray(vpTokenRaw) &&
+        vpTokenRaw.every((v) => typeof v === "string")) {
+        vp_token = vpTokenRaw;
+    }
+    else if (vpTokenRaw !== null &&
+        typeof vpTokenRaw === "object" &&
+        !Array.isArray(vpTokenRaw)) {
+        // DCQL credential map — keys are credential ids. Some wallets wrap
+        // each value in a single-element array (mirroring multi-instance
+        // presentation futures); flatten to match the form-encoded path.
+        const obj = vpTokenRaw;
+        const flat = {};
+        for (const [id, val] of Object.entries(obj)) {
+            if (typeof val === "string") {
+                flat[id] = val;
+            }
+            else if (Array.isArray(val) &&
+                val.length === 1 &&
+                typeof val[0] === "string") {
+                flat[id] = val[0];
+            }
+            else {
+                throw new Oid4vpError("oid4vp.invalid_value_type", `vp_token[${id}] must be a string or single-element array of strings`);
+            }
+        }
+        vp_token = flat;
+    }
+    else {
+        throw new Oid4vpError("oid4vp.invalid_value_type", "vp_token must be a string, array of strings, or DCQL credential map");
+    }
+    const isDcqlResponse = typeof vp_token === "object" && !Array.isArray(vp_token);
+    let submission;
+    const submissionRaw = body["presentation_submission"];
+    if (submissionRaw !== undefined) {
+        if (submissionRaw === null ||
+            typeof submissionRaw !== "object" ||
+            Array.isArray(submissionRaw)) {
+            throw new Oid4vpError("oid4vp.malformed_submission", "presentation_submission must be a JSON object (DIF Presentation Exchange v2)");
+        }
+        submission = submissionRaw;
+    }
+    else if (!isDcqlResponse) {
+        throw new Oid4vpError("oid4vp.required_field_missing", "Authorization Response is missing required parameter: presentation_submission");
+    }
+    const result = { vp_token };
+    if (submission !== undefined)
+        result.presentation_submission = submission;
+    const state = body["state"];
+    if (typeof state === "string")
+        result.state = state;
+    const iss = body["iss"];
+    if (typeof iss === "string")
+        result.iss = iss;
+    return result;
+}
+//# sourceMappingURL=response-jwt.js.map

package/dist/response-jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-jwt.js","sourceRoot":"","sources":["../src/response-jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAE7F,OAAO,EAAE,WAAW,EAA8B,MAAM,YAAY,CAAC;AAErE;wDACwD;AACxD,MAAM,CAAC,MAAM,wBAAwB,GAAG,SAAS,CAAC;AAClD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,wBAAwB,GAAG,SAAS,CAAC;AA4BlD,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,UAAgD,EAAE;IAElD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,wBAAwB,CAAC;IACpD,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,sCAAsC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,mBACvD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAe,CAAC;IAClE,MAAM,UAAU,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAe,CAAC;IACpE,SAAS,CAAC,GAAG,GAAG,KAAK,CAAC;IACtB,UAAU,CAAC,GAAG,GAAG,KAAK,CAAC;IACvB,SAAS,CAAC,GAAG,GAAG,GAAG,CAAC;IACpB,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC;IACrB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC9B,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QAC5B,UAAU,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC/B,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAuBD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAA4C;IAE5C,IACE,OAAO,CAAC,aAAa,KAAK,IAAI;QAC9B,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ,EACzC,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GACP,OAAO,CAAC,GAAG;QACX,CAAC,OAAO,OAAO,CAAC,aAAa,CAAC,GAAG,KAAK,QAAQ;YAC5C,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG;YAC3B,CAAC,CAAC,wBAAwB,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,wBAAwB,CAAC;IAEpD,MAAM,OAAO,GAAG,uBAAuB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1D,IAAI,SAAS,CAAC;IACd,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,SAAS,CACzB,OAAO,CAAC,aAAgD,EACxD,GAAG,CACJ,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,kEACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAA4B,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IAC9D,MAAM,GAAG,GACP,OAAO,CAAC,GAAG;QACX,CAAC,OAAO,OAAO,CAAC,aAAa,CAAC,GAAG,KAAK,QAAQ;YAC5C,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG;YAC3B,CAAC,CAAC,SAAS,CAAC,CAAC;IACjB,IAAI,GAAG,KAAK,SAAS;QAAE,eAAe,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACpE,OAAO,MAAM,IAAI,cAAc,CAAC,SAAS,CAAC;aACvC,kBAAkB,CACjB,eAEI,CACL;aACA,OAAO,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,wDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,uBAAuB,CAC9B,QAA+B;IAE/B,MAAM,GAAG,GAA4B,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC;IACrE,IAAI,QAAQ,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;QACnD,GAAG,CAAC,yBAAyB,CAAC,GAAG,QAAQ,CAAC,uBAAuB,CAAC;IACpE,CAAC;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,SAAS;QAAE,GAAG,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;IAChE,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS;QAAE,GAAG,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;IAC1D,OAAO,GAAG,CAAC;AACb,CAAC;AA4BD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAA4C;IAE5C,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,+CAA+C,CAChD,CAAC;IACJ,CAAC;IACD,IACE,OAAO,CAAC,UAAU,KAAK,IAAI;QAC3B,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,EACtC,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,sDAAsD,CACvD,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAE9D,kEAAkE;IAClE,+DAA+D;IAC/D,oEAAoE;IACpE,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,WAAW,CACnB,uBAAuB,EACvB,oFAAoF,CACrF,CAAC;IACJ,CAAC;IACD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAE,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,GAAG,MAAiC,CAAC;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,uBAAuB,EACvB,uDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,IACE,OAAO,SAAS,KAAK,QAAQ;QAC7B,CAAE,WAAiC,CAAC,QAAQ,CAAC,SAAS,CAAC,EACvD,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,yCAAyC,IAAI,CAAC,SAAS,CACrD,SAAS,CACV,yBAAyB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACpD,CAAC;IACJ,CAAC;IACD,IACE,OAAO,SAAS,KAAK,QAAQ;QAC7B,CAAE,WAAiC,CAAC,QAAQ,CAAC,SAAS,CAAC,EACvD,CAAC;QACD,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,yCAAyC,IAAI,CAAC,SAAS,CACrD,SAAS,CACV,yBAAyB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACpD,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC;IACf,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,SAAS,CAC1B,OAAO,CAAC,UAA6C,EACrD,SAAS,CACV,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,+DACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,IAAI,cAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE;YAC9D,uBAAuB,EAAE,CAAC,GAAG,WAAW,CAAC;YACzC,2BAA2B,EAAE,CAAC,GAAG,WAAW,CAAC;SAC9C,CAAC,CAAC;QACH,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,mCAAmC,EACnC,wDACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,IAAI,IAA6B,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACtD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,GAAG,MAAiC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,iEACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAC9B,IAA6B;IAE7B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IACpC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,gEAAgE,CACjE,CAAC;IACJ,CAAC;IAED,IAAI,QAA2C,CAAC;IAChD,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnC,QAAQ,GAAG,UAAU,CAAC;IACxB,CAAC;SAAM,IACL,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QACzB,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAC9C,CAAC;QACD,QAAQ,GAAG,UAA+B,CAAC;IAC7C,CAAC;SAAM,IACL,UAAU,KAAK,IAAI;QACnB,OAAO,UAAU,KAAK,QAAQ;QAC9B,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAC1B,CAAC;QACD,mEAAmE;QACnE,iEAAiE;QACjE,iEAAiE;QACjE,MAAM,GAAG,GAAG,UAAqC,CAAC;QAClD,MAAM,IAAI,GAA2B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC;YACjB,CAAC;iBAAM,IACL,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;gBAClB,GAAG,CAAC,MAAM,KAAK,CAAC;gBAChB,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,EAC1B,CAAC;gBACD,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,YAAY,EAAE,uDAAuD,CACtE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,QAAQ,GAAG,IAAI,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,WAAW,CACnB,2BAA2B,EAC3B,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAClB,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE3D,IAAI,UAA+C,CAAC;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACtD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,IACE,aAAa,KAAK,IAAI;YACtB,OAAO,aAAa,KAAK,QAAQ;YACjC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAC5B,CAAC;YACD,MAAM,IAAI,WAAW,CACnB,6BAA6B,EAC7B,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QACD,UAAU,GAAG,aAAwC,CAAC;IACxD,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,IAAI,WAAW,CACnB,+BAA+B,EAC/B,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA0B,EAAE,QAAQ,EAAE,CAAC;IACnD,IAAI,UAAU,KAAK,SAAS;QAAE,MAAM,CAAC,uBAAuB,GAAG,UAAU,CAAC;IAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACxB,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,CAAC,GAAG,GAAG,GAAG,CAAC;IAC9C,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/types.d.ts

@@ -7,8 +7,12 @@ import { GramotaError } from "@gramota/core";
  * Presentation Definition (§5.4) is modelled but not yet matched/queried —
  * downstream packages will add DIF Presentation Exchange JSONPath support.
  */
-/** OID4VP §5.4 — `client_id_scheme` enumerated values. */
-export type ClientIdScheme = "pre-registered" | "redirect_uri" | "https" | "did" | "x509_san_dns" | "x509_san_uri" | "verifier_attestation" | (string & {});
+/** OID4VP §5.4 + §5.9.3 / HAIP Final 1.0 §5 — `client_id_scheme`
+ * enumerated values. HAIP Final 1.0 mandates `x509_hash` for
+ * production verifiers; `x509_san_dns` is the legacy prefix the EU
+ * reference wallet's emulator build still accepts, kept here for
+ * back-compat during the transition. */
+export type ClientIdScheme = "pre-registered" | "redirect_uri" | "https" | "did" | "x509_san_dns" | "x509_san_uri" | "x509_hash" | "verifier_attestation" | (string & {});
 /** OID4VP §6.2 — `response_mode` for the authorization response. */
 export type ResponseMode = "direct_post" | "direct_post.jwt" | "fragment" | "query";
 /** OID4VP §5 — Authorization Request, the bundle a verifier sends to a wallet.
@@ -108,7 +112,7 @@ export interface SigningCert {
     readonly sanDns: string;
 }
 /** Stable codes for `Oid4vpError`. */
-export type Oid4vpErrorCode = "oid4vp.invalid_url" | "oid4vp.required_field_missing" | "oid4vp.unsupported_response_type" | "oid4vp.mutually_exclusive_fields" | "oid4vp.response_uri_required" | "oid4vp.invalid_json" | "oid4vp.invalid_value_type" | "oid4vp.malformed_body" | "oid4vp.malformed_submission" | "oid4vp.cert_generation_failed" | "oid4vp.jar_signing_failed";
+export type Oid4vpErrorCode = "oid4vp.invalid_url" | "oid4vp.required_field_missing" | "oid4vp.unsupported_response_type" | "oid4vp.mutually_exclusive_fields" | "oid4vp.response_uri_required" | "oid4vp.invalid_json" | "oid4vp.invalid_value_type" | "oid4vp.malformed_body" | "oid4vp.malformed_submission" | "oid4vp.cert_generation_failed" | "oid4vp.jar_signing_failed" | "oid4vp.response_encryption_failed";
 export declare class Oid4vpError extends GramotaError {
     readonly code: Oid4vpErrorCode;
     constructor(code: Oid4vpErrorCode, message: string, options?: {

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C;;;;;;;GAOG;AAEH,0DAA0D;AAC1D,MAAM,MAAM,cAAc,GACtB,gBAAgB,GAChB,cAAc,GACd,OAAO,GACP,KAAK,GACL,cAAc,GACd,cAAc,GACd,sBAAsB,GACtB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,oEAAoE;AACpE,MAAM,MAAM,YAAY,GACpB,aAAa,GACb,iBAAiB,GACjB,UAAU,GACV,OAAO,CAAC;AAEZ;;;;2DAI2D;AAC3D,MAAM,WAAW,oBAAoB;IACnC,wCAAwC;IACxC,aAAa,EAAE,UAAU,CAAC;IAC1B,0EAA0E;IAC1E,SAAS,EAAE,MAAM,CAAC;IAClB;uEACmE;IACnE,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC,wEAAwE;IACxE,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qEAAqE;IACrE,KAAK,EAAE,MAAM,CAAC;IACd,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;mCAC+B;IAC/B,uBAAuB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,gFAAgF;IAChF,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC;4DACwD;IACxD,UAAU,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,8CAA8C;IAC9C,eAAe,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACpD;+BAC2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACxE;gEAC4D;IAC5D,uBAAuB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,oCAAoC;IACpC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC;sEACkE;IAClE,QAAQ,CAAC,GAAG,EAAE,SAAS,MAAM,EAAE,CAAC;IAChC;;2CAEuC;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,sCAAsC;AACtC,MAAM,MAAM,eAAe,GACvB,oBAAoB,GACpB,+BAA+B,GAC/B,kCAAkC,GAClC,kCAAkC,GAClC,8BAA8B,GAC9B,qBAAqB,GACrB,2BAA2B,GAC3B,uBAAuB,GACvB,6BAA6B,GAC7B,+BAA+B,GAC/B,2BAA2B,CAAC;AAEhC,qBAAa,WAAY,SAAQ,YAAY;IAC3C,SAAkB,IAAI,EAAE,eAAe,CAAC;gBAGtC,IAAI,EAAE,eAAe,EACrB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAMhC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C;;;;;;;GAOG;AAEH;;;;wCAIwC;AACxC,MAAM,MAAM,cAAc,GACtB,gBAAgB,GAChB,cAAc,GACd,OAAO,GACP,KAAK,GACL,cAAc,GACd,cAAc,GACd,WAAW,GACX,sBAAsB,GACtB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,oEAAoE;AACpE,MAAM,MAAM,YAAY,GACpB,aAAa,GACb,iBAAiB,GACjB,UAAU,GACV,OAAO,CAAC;AAEZ;;;;2DAI2D;AAC3D,MAAM,WAAW,oBAAoB;IACnC,wCAAwC;IACxC,aAAa,EAAE,UAAU,CAAC;IAC1B,0EAA0E;IAC1E,SAAS,EAAE,MAAM,CAAC;IAClB;uEACmE;IACnE,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC,wEAAwE;IACxE,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qEAAqE;IACrE,KAAK,EAAE,MAAM,CAAC;IACd,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;mCAC+B;IAC/B,uBAAuB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,gFAAgF;IAChF,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC;4DACwD;IACxD,UAAU,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,8CAA8C;IAC9C,eAAe,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACpD;+BAC2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACxE;gEAC4D;IAC5D,uBAAuB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,oCAAoC;IACpC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC;sEACkE;IAClE,QAAQ,CAAC,GAAG,EAAE,SAAS,MAAM,EAAE,CAAC;IAChC;;2CAEuC;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,sCAAsC;AACtC,MAAM,MAAM,eAAe,GACvB,oBAAoB,GACpB,+BAA+B,GAC/B,kCAAkC,GAClC,kCAAkC,GAClC,8BAA8B,GAC9B,qBAAqB,GACrB,2BAA2B,GAC3B,uBAAuB,GACvB,6BAA6B,GAC7B,+BAA+B,GAC/B,2BAA2B,GAC3B,mCAAmC,CAAC;AAExC,qBAAa,WAAY,SAAQ,YAAY;IAC3C,SAAkB,IAAI,EAAE,eAAe,CAAC;gBAGtC,IAAI,EAAE,eAAe,EACrB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAMhC"}

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AA8I7C,MAAM,OAAO,WAAY,SAAQ,YAAY;IACzB,IAAI,CAAkB;IAExC,YACE,IAAqB,EACrB,OAAe,EACf,OAA6B;QAE7B,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAoJ7C,MAAM,OAAO,WAAY,SAAQ,YAAY;IACzB,IAAI,CAAkB;IAExC,YACE,IAAqB,EACrB,OAAe,EACf,OAA6B;QAE7B,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gramota/oid4vp",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "OpenID for Verifiable Presentations transport — authorization request/response wire format for EUDIW.",
   "license": "Apache-2.0",
   "type": "module",
@@ -19,8 +19,8 @@
     "@peculiar/x509": "^2.0.0",
     "jose": "^5.9.6",
     "reflect-metadata": "^0.2.0",
-    "@gramota/core": "0.2.0",
-    "@gramota/jose": "0.2.1"
+    "@gramota/core": "0.2.1",
+    "@gramota/jose": "0.3.0"
   },
   "sideEffects": [
     "./dist/cert.js"