npm - @openid4vc/oauth2 - Versions diffs - 0.3.0-alpha-20250324183425 → 0.3.0-alpha-20250328112257 - Mend

@openid4vc/oauth2 0.3.0-alpha-20250324183425 → 0.3.0-alpha-20250328112257

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as z from 'zod';
 import z__default, { z as z$1 } from 'zod';
-import { HttpMethod, FetchHeaders, ContentType, OrPromise, Fetch, BaseSchema, FetchResponse, FetchRequestInit, StringWithAutoCompletion } from '@openid4vc/utils';
+import { HttpMethod, FetchHeaders, ContentType, OrPromise, Fetch, BaseSchema, FetchResponse, StringWithAutoCompletion, FetchRequestInit } from '@openid4vc/utils';
 export { HttpMethod, InvalidFetchResponseError, Oid4vcTsConfig, getGlobalConfig, setGlobalConfig } from '@openid4vc/utils';
 declare enum Oauth2ErrorCodes {
@@ -149,7 +149,7 @@ type AccessTokenErrorResponse = z__default.infer<typeof zAccessTokenErrorRespons
 declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.ZodObject<{
     issuer: z__default.ZodEffects<z__default.ZodString, string, string>;
     token_endpoint: z__default.ZodEffects<z__default.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     authorization_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     jwks_uri: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     code_challenge_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
@@ -157,14 +157,15 @@ declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.Zod
     require_pushed_authorization_requests: z__default.ZodOptional<z__default.ZodBoolean>;
     pushed_authorization_request_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     introspection_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodLiteral<"client_secret_jwt">, z__default.ZodLiteral<"private_key_jwt">, z__default.ZodString]>, "many">>;
+    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     introspection_endpoint_auth_signing_alg_values_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodEffects<z__default.ZodString, string, string>, "many">>;
     authorization_challenge_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     pre_authorized_grant_anonymous_access_supported: z__default.ZodOptional<z__default.ZodBoolean>;
+    client_attestation_pop_nonce_required: z__default.ZodOptional<z__default.ZodBoolean>;
 }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
     issuer: z__default.ZodEffects<z__default.ZodString, string, string>;
     token_endpoint: z__default.ZodEffects<z__default.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     authorization_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     jwks_uri: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     code_challenge_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
@@ -172,14 +173,15 @@ declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.Zod
     require_pushed_authorization_requests: z__default.ZodOptional<z__default.ZodBoolean>;
     pushed_authorization_request_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     introspection_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodLiteral<"client_secret_jwt">, z__default.ZodLiteral<"private_key_jwt">, z__default.ZodString]>, "many">>;
+    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     introspection_endpoint_auth_signing_alg_values_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodEffects<z__default.ZodString, string, string>, "many">>;
     authorization_challenge_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     pre_authorized_grant_anonymous_access_supported: z__default.ZodOptional<z__default.ZodBoolean>;
+    client_attestation_pop_nonce_required: z__default.ZodOptional<z__default.ZodBoolean>;
 }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
     issuer: z__default.ZodEffects<z__default.ZodString, string, string>;
     token_endpoint: z__default.ZodEffects<z__default.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     authorization_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     jwks_uri: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     code_challenge_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
@@ -187,14 +189,15 @@ declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.Zod
     require_pushed_authorization_requests: z__default.ZodOptional<z__default.ZodBoolean>;
     pushed_authorization_request_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     introspection_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodLiteral<"client_secret_jwt">, z__default.ZodLiteral<"private_key_jwt">, z__default.ZodString]>, "many">>;
+    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     introspection_endpoint_auth_signing_alg_values_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodEffects<z__default.ZodString, string, string>, "many">>;
     authorization_challenge_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     pre_authorized_grant_anonymous_access_supported: z__default.ZodOptional<z__default.ZodBoolean>;
+    client_attestation_pop_nonce_required: z__default.ZodOptional<z__default.ZodBoolean>;
 }, z__default.ZodTypeAny, "passthrough">>, z__default.objectOutputType<{
     issuer: z__default.ZodEffects<z__default.ZodString, string, string>;
     token_endpoint: z__default.ZodEffects<z__default.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     authorization_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     jwks_uri: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     code_challenge_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
@@ -202,14 +205,15 @@ declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.Zod
     require_pushed_authorization_requests: z__default.ZodOptional<z__default.ZodBoolean>;
     pushed_authorization_request_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     introspection_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodLiteral<"client_secret_jwt">, z__default.ZodLiteral<"private_key_jwt">, z__default.ZodString]>, "many">>;
+    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     introspection_endpoint_auth_signing_alg_values_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodEffects<z__default.ZodString, string, string>, "many">>;
     authorization_challenge_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     pre_authorized_grant_anonymous_access_supported: z__default.ZodOptional<z__default.ZodBoolean>;
+    client_attestation_pop_nonce_required: z__default.ZodOptional<z__default.ZodBoolean>;
 }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
     issuer: z__default.ZodEffects<z__default.ZodString, string, string>;
     token_endpoint: z__default.ZodEffects<z__default.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+    token_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     authorization_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     jwks_uri: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     code_challenge_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
@@ -217,20 +221,30 @@ declare const zAuthorizationServerMetadata: z__default.ZodEffects<z__default.Zod
     require_pushed_authorization_requests: z__default.ZodOptional<z__default.ZodBoolean>;
     pushed_authorization_request_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     introspection_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodLiteral<"client_secret_jwt">, z__default.ZodLiteral<"private_key_jwt">, z__default.ZodString]>, "many">>;
+    introspection_endpoint_auth_methods_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodUnion<[z__default.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z__default.ZodString]>, "many">>;
     introspection_endpoint_auth_signing_alg_values_supported: z__default.ZodOptional<z__default.ZodArray<z__default.ZodEffects<z__default.ZodString, string, string>, "many">>;
     authorization_challenge_endpoint: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
     pre_authorized_grant_anonymous_access_supported: z__default.ZodOptional<z__default.ZodBoolean>;
+    client_attestation_pop_nonce_required: z__default.ZodOptional<z__default.ZodBoolean>;
 }, z__default.ZodTypeAny, "passthrough">>;
 type AuthorizationServerMetadata = z__default.infer<typeof zAuthorizationServerMetadata>;
+declare enum SupportedClientAuthenticationMethod {
+    ClientSecretBasic = "client_secret_basic",
+    ClientSecretPost = "client_secret_post",
+    ClientAttestationJwt = "attest_jwt_client_auth",
+    None = "none"
+}
 interface ClientAuthenticationDynamicOptions {
     clientId: string;
     clientSecret: string;
 }
 /**
  * Dynamicaly get the client authentication method based on endpoint type and authorization server.
- * Only `client_secret_post` and `client_secret_basic` supported.
+ * Only `client_secret_post`, `client_secret_basic`, and `none` supported.
+ *
+ * It also supports anonymous access to the token endpoint for pre-authorized code flow
+ * if the authorization server has enabled `pre_authorized_grant_anonymous_access_supported`
  */
 declare function clientAuthenticationDynamic(options: ClientAuthenticationDynamicOptions): ClientAuthenticationCallback;
 /**
@@ -240,7 +254,7 @@ interface ClientAuthenticationCallbackOptions {
     /**
      * Metadata of the authorization server
      */
-    authorizationServerMetata: AuthorizationServerMetadata;
+    authorizationServerMetadata: AuthorizationServerMetadata;
     /**
      * URL to which the request will be made
      */
@@ -282,10 +296,25 @@ interface ClientAuthenticationClientSecretBasicOptions {
  * Client authentication using `client_secret_basic` option
  */
 declare function clientAuthenticationClientSecretBasic(options: ClientAuthenticationClientSecretBasicOptions): ClientAuthenticationCallback;
+interface ClientAuthenticationNoneOptions {
+    clientId: string;
+}
+/**
+ * Client authentication using `none` option
+ */
+declare function clientAuthenticationNone(options: ClientAuthenticationNoneOptions): ClientAuthenticationCallback;
+/**
+ * Anonymous client authentication
+ */
+declare function clientAuthenticationAnonymous(): ClientAuthenticationCallback;
+interface ClientAuthenticationClientAttestationJwtOptions {
+    clientAttestationJwt: string;
+    callbacks: Pick<CallbackContext, 'signJwt' | 'generateRandom'>;
+}
 /**
- * No client authentication
+ * Client authentication using `attest_jwt_client_auth` option.
  */
-declare function clientAuthenticationNone(): () => void;
+declare function clientAuthenticationClientAttestationJwt(options: ClientAuthenticationClientAttestationJwtOptions): ClientAuthenticationCallback;
 declare const zJwk: z__default.ZodObject<{
     kty: z__default.ZodString;
@@ -2237,7 +2266,9 @@ interface CallbackContext {
      * There are three default client authentication methods provided:
      * - `clientAuthenticationClientSecretPost`
      * - `clientAuthenticationClientSecretBasic`
+     * - `clientAuthenticationClientAttestationJwt`
      * - `clientAuthenticationNone`
+     * - `clientAuthenticationAnonymous`
      *
      * A custom implementation can be made for other methods, or allowing complex
      * scenarios where multiple authorization servers are supported.
@@ -3529,8 +3560,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -3641,8 +3670,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -3753,10 +3780,9 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">>;
-    aal: z__default.ZodOptional<z__default.ZodString>;
+    wallet_name: z__default.ZodOptional<z__default.ZodString>;
+    wallet_link: z__default.ZodOptional<z__default.ZodString>;
     aud: z__default.ZodOptional<z__default.ZodString>;
     iat: z__default.ZodOptional<z__default.ZodNumber>;
     nbf: z__default.ZodOptional<z__default.ZodNumber>;
@@ -3878,8 +3904,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -3990,8 +4014,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -4102,10 +4124,9 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">>;
-    aal: z__default.ZodOptional<z__default.ZodString>;
+    wallet_name: z__default.ZodOptional<z__default.ZodString>;
+    wallet_link: z__default.ZodOptional<z__default.ZodString>;
     aud: z__default.ZodOptional<z__default.ZodString>;
     iat: z__default.ZodOptional<z__default.ZodNumber>;
     nbf: z__default.ZodOptional<z__default.ZodNumber>;
@@ -4227,8 +4248,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -4339,8 +4358,6 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
         jwk: z__default.ZodObject<{
             kty: z__default.ZodString;
@@ -4451,10 +4468,9 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, z__default.ZodTypeAny, "passthrough">>;
-        key_type: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z__default.ZodString]>>;
-        user_authentication: z__default.ZodOptional<z__default.ZodUnion<[z__default.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z__default.ZodString]>>;
     }, z__default.ZodTypeAny, "passthrough">>;
-    aal: z__default.ZodOptional<z__default.ZodString>;
+    wallet_name: z__default.ZodOptional<z__default.ZodString>;
+    wallet_link: z__default.ZodOptional<z__default.ZodString>;
     aud: z__default.ZodOptional<z__default.ZodString>;
     iat: z__default.ZodOptional<z__default.ZodNumber>;
     nbf: z__default.ZodOptional<z__default.ZodNumber>;
@@ -6209,270 +6225,1441 @@ interface RequestClientAttestationOptions {
      */
     jwt: string;
     /**
-     * The signer of the client attestation pop jwt
-     */
-    signer: JwtSignerJwk;
-    /**
-     * Whether to include the legacy draft 2 `client_assertion` and `client_assertion_type` properties
-     * IN ADDITION to the new header syntax
+     * The signer of the client attestation pop jwt.
      *
-     * @default false
+     * Will be extracted from the client attestation if not provided.
      */
-    includeLegacyDraft2ClientAssertion?: boolean;
-}
-declare const zAlgValueNotNone: z__default.ZodEffects<z__default.ZodString, string, string>;
-interface RequestLike {
-    headers: FetchHeaders;
-    method: HttpMethod;
-    url: string;
+    signer?: JwtSignerJwk;
 }
-interface RequestDpopOptions {
+interface VerifyClientAttestationPopJwtOptions {
     /**
-     * Dpop nonce to use for constructing the dpop jwt
+     * The compact client attestation pop jwt.
      */
-    nonce?: string;
+    clientAttestationPopJwt: string;
     /**
-     * The signer of the dpop jwt
+     * The issuer identifier of the authorization server handling the client attestation
      */
-    signer: JwtSignerJwk;
-}
-declare const zAuthorizationChallengeRequest: z__default.ZodObject<{
-    client_id: z__default.ZodOptional<z__default.ZodString>;
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
-    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
-    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    scope: z__default.ZodOptional<z__default.ZodString>;
-    issuer_state: z__default.ZodOptional<z__default.ZodString>;
-    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
-}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
-    client_id: z__default.ZodOptional<z__default.ZodString>;
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
-    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
-    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    scope: z__default.ZodOptional<z__default.ZodString>;
-    issuer_state: z__default.ZodOptional<z__default.ZodString>;
-    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
-}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
-    client_id: z__default.ZodOptional<z__default.ZodString>;
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
-    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
-    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
-    scope: z__default.ZodOptional<z__default.ZodString>;
-    issuer_state: z__default.ZodOptional<z__default.ZodString>;
-    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge: z__default.ZodOptional<z__default.ZodString>;
-    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
-}, z__default.ZodTypeAny, "passthrough">>;
-type AuthorizationChallengeRequest = z__default.infer<typeof zAuthorizationChallengeRequest>;
-declare const zAuthorizationChallengeResponse: z__default.ZodObject<{
-    authorization_code: z__default.ZodString;
-}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
-    authorization_code: z__default.ZodString;
-}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
-    authorization_code: z__default.ZodString;
-}, z__default.ZodTypeAny, "passthrough">>;
-type AuthorizationChallengeResponse = z__default.infer<typeof zAuthorizationChallengeResponse>;
-declare const zAuthorizationChallengeErrorResponse: z__default.ZodObject<{
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    request_uri: z__default.ZodOptional<z__default.ZodString>;
-    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
-    presentation: z__default.ZodOptional<z__default.ZodString>;
-    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
-    error_description: z__default.ZodOptional<z__default.ZodString>;
-    error_uri: z__default.ZodOptional<z__default.ZodString>;
-}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    request_uri: z__default.ZodOptional<z__default.ZodString>;
-    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
-    presentation: z__default.ZodOptional<z__default.ZodString>;
-    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
-    error_description: z__default.ZodOptional<z__default.ZodString>;
-    error_uri: z__default.ZodOptional<z__default.ZodString>;
-}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
-    auth_session: z__default.ZodOptional<z__default.ZodString>;
-    request_uri: z__default.ZodOptional<z__default.ZodString>;
-    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
-    presentation: z__default.ZodOptional<z__default.ZodString>;
-    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
-    error_description: z__default.ZodOptional<z__default.ZodString>;
-    error_uri: z__default.ZodOptional<z__default.ZodString>;
-}, z__default.ZodTypeAny, "passthrough">>;
-type AuthorizationChallengeErrorResponse = z__default.infer<typeof zAuthorizationChallengeErrorResponse>;
-interface Oauth2ErrorOptions {
-    cause?: unknown;
-}
-declare class Oauth2Error extends Error {
-    readonly cause?: unknown;
-    constructor(message?: string, options?: Oauth2ErrorOptions);
-}
-declare class Oauth2ClientErrorResponseError extends Oauth2Error {
-    readonly errorResponse: Oauth2ErrorResponse;
-    readonly response: FetchResponse;
-    constructor(message: string, errorResponse: Oauth2ErrorResponse, response: FetchResponse);
-}
-declare class Oauth2ClientAuthorizationChallengeError extends Oauth2ClientErrorResponseError {
-    readonly errorResponse: AuthorizationChallengeErrorResponse;
-    constructor(message: string, errorResponse: AuthorizationChallengeErrorResponse, response: FetchResponse);
-}
-declare class Oauth2JwtParseError extends Oauth2Error {
-    constructor(message?: string);
-}
-declare class Oauth2JwtVerificationError extends Oauth2Error {
-    constructor(message?: string, options?: Oauth2ErrorOptions);
-}
-declare enum SupportedAuthenticationScheme {
-    Bearer = "Bearer",
-    DPoP = "DPoP"
-}
-interface WwwAuthenticateHeaderChallenge {
-    scheme: SupportedAuthenticationScheme | (string & {});
+    authorizationServer: string;
     /**
-     * Space delimited scope value that lists scopes required
-     * to access this resource.
+     * Expected nonce in the payload. If not provided the nonce won't be validated.
      */
-    scope?: string;
+    expectedNonce?: string;
     /**
-     * Error should only be undefined if no access token was provided at all
+     * Date to use for expiration. If not provided current date will be used.
      */
-    error?: Oauth2ErrorCodes | string;
-    error_description?: string;
+    now?: Date;
     /**
-     * Additional payload items to include in the Www-Authenticate
-     * header response.
+     * Callbacks used for verifying client attestation pop jwt.
      */
-    additionalPayload?: Record<string, string>;
-}
-declare class Oauth2ResourceUnauthorizedError extends Oauth2Error {
-    readonly wwwAuthenticateHeaders: WwwAuthenticateHeaderChallenge[];
-    constructor(internalMessage: string | undefined, wwwAuthenticateHeaders: WwwAuthenticateHeaderChallenge | Array<WwwAuthenticateHeaderChallenge>);
-    static fromHeaderValue(value: string): Oauth2ResourceUnauthorizedError;
-    toHeaderValue(): string;
-}
-interface Oauth2ServerErrorResponseErrorOptions extends Oauth2ErrorOptions {
-    internalMessage?: string;
+    callbacks: Pick<CallbackContext, 'verifyJwt'>;
     /**
-     * @default 400
+     * The parsed and verified client attestation jwt
      */
-    status?: number;
-}
-declare class Oauth2ServerErrorResponseError extends Oauth2Error {
-    readonly errorResponse: Oauth2ErrorResponse;
-    readonly status: number;
-    constructor(errorResponse: Oauth2ErrorResponse, options?: Oauth2ServerErrorResponseErrorOptions);
+    clientAttestation: {
+        header: ClientAttestationJwtHeader;
+        payload: ClientAttestationJwtPayload;
+    };
 }
-/**
- * fetch authorization server metadata. It first tries to fetch the oauth-authorization-server metadata. If that returns
- *  a 404, the openid-configuration metadata will be fetched.
- */
-declare function fetchAuthorizationServerMetadata(issuer: string, fetch?: Fetch): Promise<AuthorizationServerMetadata | null>;
-declare function getAuthorizationServerMetadataFromList(authorizationServersMetadata: AuthorizationServerMetadata[], issuer: string): z.objectOutputType<{
-    issuer: z.ZodEffects<z.ZodString, string, string>;
-    token_endpoint: z.ZodEffects<z.ZodString, string, string>;
-    token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    authorization_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
-    pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"client_secret_jwt">, z.ZodLiteral<"private_key_jwt">, z.ZodString]>, "many">>;
-    introspection_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
-    authorization_challenge_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    pre_authorized_grant_anonymous_access_supported: z.ZodOptional<z.ZodBoolean>;
-}, z.ZodTypeAny, "passthrough">;
-/**
- * Fetch JWKs from a provided JWKs URI.
- *
- * Returns validated metadata if successfull response
- * Throws error otherwise
- *
- * @throws {ValidationError} if successfull response but validation of response failed
- * @throws {InvalidFetchResponseError} if unsuccesful response
- */
-declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
-/**
- * Fetch well known metadata and validate the response.
- *
- * Returns null if 404 is returned
- * Returns validated metadata if successfull response
- * Throws error otherwise
- *
- * @throws {ValidationError} if successfull response but validation of response failed
- * @throws {InvalidFetchResponseError} if no successfull or 404 response
- * @throws {Error} if parsing json from response fails
- */
-declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z__default.infer<Schema> | null>;
-declare const zTokenIntrospectionResponse: z__default.ZodObject<{
-    active: z__default.ZodBoolean;
-    scope: z__default.ZodOptional<z__default.ZodString>;
-    client_id: z__default.ZodOptional<z__default.ZodString>;
-    username: z__default.ZodOptional<z__default.ZodString>;
-    token_type: z__default.ZodOptional<z__default.ZodString>;
-    exp: z__default.ZodOptional<z__default.ZodNumber>;
-    iat: z__default.ZodOptional<z__default.ZodNumber>;
-    nbf: z__default.ZodOptional<z__default.ZodNumber>;
-    sub: z__default.ZodOptional<z__default.ZodString>;
-    aud: z__default.ZodOptional<z__default.ZodString>;
-    iss: z__default.ZodOptional<z__default.ZodString>;
-    jti: z__default.ZodOptional<z__default.ZodString>;
-    cnf: z__default.ZodOptional<z__default.ZodObject<{
-        jwk: z__default.ZodOptional<z__default.ZodObject<{
-            kty: z__default.ZodString;
-            crv: z__default.ZodOptional<z__default.ZodString>;
-            x: z__default.ZodOptional<z__default.ZodString>;
-            y: z__default.ZodOptional<z__default.ZodString>;
-            e: z__default.ZodOptional<z__default.ZodString>;
-            n: z__default.ZodOptional<z__default.ZodString>;
-            alg: z__default.ZodOptional<z__default.ZodString>;
-            d: z__default.ZodOptional<z__default.ZodString>;
-            dp: z__default.ZodOptional<z__default.ZodString>;
-            dq: z__default.ZodOptional<z__default.ZodString>;
-            ext: z__default.ZodOptional<z__default.ZodBoolean>;
-            k: z__default.ZodOptional<z__default.ZodString>;
-            key_ops: z__default.ZodOptional<z__default.ZodString>;
-            kid: z__default.ZodOptional<z__default.ZodString>;
-            oth: z__default.ZodOptional<z__default.ZodArray<z__default.ZodObject<{
-                d: z__default.ZodOptional<z__default.ZodString>;
-                r: z__default.ZodOptional<z__default.ZodString>;
-                t: z__default.ZodOptional<z__default.ZodString>;
-            }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
-                d: z__default.ZodOptional<z__default.ZodString>;
-                r: z__default.ZodOptional<z__default.ZodString>;
-                t: z__default.ZodOptional<z__default.ZodString>;
-            }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
-                d: z__default.ZodOptional<z__default.ZodString>;
-                r: z__default.ZodOptional<z__default.ZodString>;
-                t: z__default.ZodOptional<z__default.ZodString>;
-            }, z__default.ZodTypeAny, "passthrough">>, "many">>;
-            p: z__default.ZodOptional<z__default.ZodString>;
-            q: z__default.ZodOptional<z__default.ZodString>;
-            qi: z__default.ZodOptional<z__default.ZodString>;
-            use: z__default.ZodOptional<z__default.ZodString>;
-            x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
-            x5t: z__default.ZodOptional<z__default.ZodString>;
+type VerifiedClientAttestationPopJwt = Awaited<ReturnType<typeof verifyClientAttestationPopJwt>>;
+declare function verifyClientAttestationPopJwt(options: VerifyClientAttestationPopJwtOptions): Promise<{
+    header: z.objectOutputType<{
+        typ: z.ZodLiteral<"oauth-client-attestation-pop+jwt">;
+        alg: z.ZodEffects<z.ZodString, string, string>;
+        kid: z.ZodOptional<z.ZodString>;
+        jwk: z.ZodOptional<z.ZodObject<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">>>;
+        x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    }, z.ZodTypeAny, "passthrough">;
+    payload: z.objectOutputType<{
+        iss: z.ZodString;
+        exp: z.ZodNumber;
+        aud: z.ZodEffects<z.ZodString, string, string>;
+        jti: z.ZodString;
+        nonce: z.ZodOptional<z.ZodString>;
+        iat: z.ZodOptional<z.ZodNumber>;
+        nbf: z.ZodOptional<z.ZodNumber>;
+        cnf: z.ZodOptional<z.ZodObject<{
+            jwk: z.ZodOptional<z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>>;
+            jkt: z.ZodOptional<z.ZodString>;
+        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+            jwk: z.ZodOptional<z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>>;
+            jkt: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+            jwk: z.ZodOptional<z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>>;
+            jkt: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">>>;
+        status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+        trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    }, z.ZodTypeAny, "passthrough">;
+    signer: JwtSignerWithJwk;
+}>;
+interface VerifyClientAttestationJwtOptions {
+    /**
+     * The compact client attestation jwt.
+     */
+    clientAttestationJwt: string;
+    /**
+     * Date to use for expiration. If not provided current date will be used.
+     */
+    now?: Date;
+    /**
+     * Callbacks used for verifying client attestation pop jwt.
+     */
+    callbacks: Pick<CallbackContext, 'verifyJwt'>;
+}
+type VerifiedClientAttestationJwt = Awaited<ReturnType<typeof verifyClientAttestationJwt>>;
+declare function verifyClientAttestationJwt(options: VerifyClientAttestationJwtOptions): Promise<{
+    header: z.objectOutputType<{
+        typ: z.ZodLiteral<"oauth-client-attestation+jwt">;
+        alg: z.ZodEffects<z.ZodString, string, string>;
+        kid: z.ZodOptional<z.ZodString>;
+        jwk: z.ZodOptional<z.ZodObject<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
+            d: z.ZodOptional<z.ZodString>;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">>>;
+        x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    }, z.ZodTypeAny, "passthrough">;
+    payload: z.objectOutputType<{
+        iss: z.ZodString;
+        sub: z.ZodString;
+        exp: z.ZodNumber;
+        cnf: z.ZodObject<{
+            jwk: z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>;
+        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+            jwk: z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>;
+        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+            jwk: z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>;
+        }, z.ZodTypeAny, "passthrough">>;
+        wallet_name: z.ZodOptional<z.ZodString>;
+        wallet_link: z.ZodOptional<z.ZodString>;
+        aud: z.ZodOptional<z.ZodString>;
+        iat: z.ZodOptional<z.ZodNumber>;
+        nbf: z.ZodOptional<z.ZodNumber>;
+        nonce: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+        trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
+    }, z.ZodTypeAny, "passthrough">;
+    signer: JwtSignerWithJwk;
+}>;
+interface CreateClientAttestationJwtOptions {
+    /**
+     * Creation time of the JWT. If not provided the current date will be used
+     */
+    issuedAt?: Date;
+    /**
+     * Expiration time of the JWT.
+     */
+    expiresAt: Date;
+    /**
+     * Issuer of the client attestation, usually identifier of the client backend
+     */
+    issuer: string;
+    /**
+     * The client id of the client instance.
+     */
+    clientId: string;
+    /**
+     * The confirmation payload for the client, attesting the `jwk`, `key_type` and `user_authentication`
+     */
+    confirmation: ClientAttestationJwtPayload['cnf'];
+    /**
+     * Additional payload to include in the client attestation jwt payload. Will be applied after
+     * any default claims that are included, so add claims with caution.
+     */
+    additionalPayload?: Record<string, unknown>;
+    /**
+     * Callback used for client attestation
+     */
+    callbacks: Pick<CallbackContext, 'signJwt'>;
+    /**
+     * The signer of the client attestation jwt.
+     */
+    signer: JwtSigner;
+}
+declare function createClientAttestationJwt(options: CreateClientAttestationJwtOptions): Promise<string>;
+interface VerifyClientAttestationOptions {
+    authorizationServer: string;
+    clientAttestationJwt: string;
+    clientAttestationPopJwt: string;
+    callbacks: Pick<CallbackContext, 'verifyJwt'>;
+    /**
+     * Date to use for expiration. If not provided current date will be used.
+     */
+    now?: Date;
+}
+declare const zAlgValueNotNone: z__default.ZodEffects<z__default.ZodString, string, string>;
+interface RequestLike {
+    headers: FetchHeaders;
+    method: HttpMethod;
+    url: string;
+}
+interface RequestDpopOptions {
+    /**
+     * Dpop nonce to use for constructing the dpop jwt
+     */
+    nonce?: string;
+    /**
+     * The signer of the dpop jwt
+     */
+    signer: JwtSignerJwk;
+}
+interface VerifyDpopJwtOptions {
+    /**
+     * The compact dpop jwt.
+     */
+    dpopJwt: string;
+    /**
+     * The requet for which to verify the dpop jwt
+     */
+    request: RequestLike;
+    /**
+     * Allowed dpop signing alg values. If not provided
+     * any alg values are allowed and it's up to the `verifyJwtCallback`
+     * to handle the alg.
+     */
+    allowedSigningAlgs?: string[];
+    /**
+     * Expected nonce in the payload. If not provided the nonce won't be validated.
+     */
+    expectedNonce?: string;
+    /**
+     * Access token to which the dpop jwt is bound. If provided the sha-256 hash of the
+     * access token needs to match the 'ath' claim.
+     */
+    accessToken?: string;
+    /**
+     * The expected jwk thumprint 'jti' confirmation method. If provided the thumprint of the
+     * jwk used to sign the dpop jwt must match this provided thumbprint value. The 'jti' value
+     * can be extracted from the access token payload, or if opaque tokens are used can be retrieved
+     * using token introspection.
+     */
+    expectedJwkThumbprint?: string;
+    /**
+     * Callbacks used for verifying dpop jwt
+     */
+    callbacks: Pick<CallbackContext, 'verifyJwt' | 'hash'>;
+    now?: Date;
+}
+declare const zAuthorizationChallengeRequest: z__default.ZodObject<{
+    client_id: z__default.ZodOptional<z__default.ZodString>;
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
+    client_id: z__default.ZodOptional<z__default.ZodString>;
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
+    client_id: z__default.ZodOptional<z__default.ZodString>;
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    presentation_during_issuance_session: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">>;
+type AuthorizationChallengeRequest = z__default.infer<typeof zAuthorizationChallengeRequest>;
+declare const zAuthorizationChallengeResponse: z__default.ZodObject<{
+    authorization_code: z__default.ZodString;
+}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
+    authorization_code: z__default.ZodString;
+}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
+    authorization_code: z__default.ZodString;
+}, z__default.ZodTypeAny, "passthrough">>;
+type AuthorizationChallengeResponse = z__default.infer<typeof zAuthorizationChallengeResponse>;
+declare const zAuthorizationChallengeErrorResponse: z__default.ZodObject<{
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    request_uri: z__default.ZodOptional<z__default.ZodString>;
+    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
+    presentation: z__default.ZodOptional<z__default.ZodString>;
+    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
+    error_description: z__default.ZodOptional<z__default.ZodString>;
+    error_uri: z__default.ZodOptional<z__default.ZodString>;
+}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    request_uri: z__default.ZodOptional<z__default.ZodString>;
+    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
+    presentation: z__default.ZodOptional<z__default.ZodString>;
+    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
+    error_description: z__default.ZodOptional<z__default.ZodString>;
+    error_uri: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
+    auth_session: z__default.ZodOptional<z__default.ZodString>;
+    request_uri: z__default.ZodOptional<z__default.ZodString>;
+    expires_in: z__default.ZodOptional<z__default.ZodNumber>;
+    presentation: z__default.ZodOptional<z__default.ZodString>;
+    error: z__default.ZodUnion<[z__default.ZodNativeEnum<typeof Oauth2ErrorCodes>, z__default.ZodString]>;
+    error_description: z__default.ZodOptional<z__default.ZodString>;
+    error_uri: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">>;
+type AuthorizationChallengeErrorResponse = z__default.infer<typeof zAuthorizationChallengeErrorResponse>;
+interface Oauth2ErrorOptions {
+    cause?: unknown;
+}
+declare class Oauth2Error extends Error {
+    readonly cause?: unknown;
+    constructor(message?: string, options?: Oauth2ErrorOptions);
+}
+declare class Oauth2ClientErrorResponseError extends Oauth2Error {
+    readonly errorResponse: Oauth2ErrorResponse;
+    readonly response: FetchResponse;
+    constructor(message: string, errorResponse: Oauth2ErrorResponse, response: FetchResponse);
+}
+declare class Oauth2ClientAuthorizationChallengeError extends Oauth2ClientErrorResponseError {
+    readonly errorResponse: AuthorizationChallengeErrorResponse;
+    constructor(message: string, errorResponse: AuthorizationChallengeErrorResponse, response: FetchResponse);
+}
+declare class Oauth2JwtParseError extends Oauth2Error {
+    constructor(message?: string);
+}
+declare class Oauth2JwtVerificationError extends Oauth2Error {
+    constructor(message?: string, options?: Oauth2ErrorOptions);
+}
+declare enum SupportedAuthenticationScheme {
+    Bearer = "Bearer",
+    DPoP = "DPoP"
+}
+interface WwwAuthenticateHeaderChallenge {
+    scheme: SupportedAuthenticationScheme | (string & {});
+    /**
+     * Space delimited scope value that lists scopes required
+     * to access this resource.
+     */
+    scope?: string;
+    /**
+     * Error should only be undefined if no access token was provided at all
+     */
+    error?: Oauth2ErrorCodes | string;
+    error_description?: string;
+    /**
+     * Additional payload items to include in the Www-Authenticate
+     * header response.
+     */
+    additionalPayload?: Record<string, string>;
+}
+declare class Oauth2ResourceUnauthorizedError extends Oauth2Error {
+    readonly wwwAuthenticateHeaders: WwwAuthenticateHeaderChallenge[];
+    constructor(internalMessage: string | undefined, wwwAuthenticateHeaders: WwwAuthenticateHeaderChallenge | Array<WwwAuthenticateHeaderChallenge>);
+    static fromHeaderValue(value: string): Oauth2ResourceUnauthorizedError;
+    toHeaderValue(): string;
+}
+interface Oauth2ServerErrorResponseErrorOptions extends Oauth2ErrorOptions {
+    internalMessage?: string;
+    /**
+     * @default 400
+     */
+    status?: number;
+}
+declare class Oauth2ServerErrorResponseError extends Oauth2Error {
+    readonly errorResponse: Oauth2ErrorResponse;
+    readonly status: number;
+    constructor(errorResponse: Oauth2ErrorResponse, options?: Oauth2ServerErrorResponseErrorOptions);
+}
+interface VerifyAuthorizationRequestDpop {
+    /**
+     * Whether dpop is required.
+     */
+    required?: boolean;
+    /**
+     * The dpop jwt from the pushed authorization request.
+     *
+     * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
+     * be provided. If both are provided, the jwk thubmprints are matched
+     */
+    jwt?: string;
+    /**
+     * The jwk thumbprint as provided in the `dpop_jkt` parameter.
+     *
+     * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
+     * be provided. If both are provided, the jwk thubmprints are matched
+     */
+    jwkThumbprint?: string;
+    /**
+     * Allowed dpop signing alg values. If not provided
+     * any alg values are allowed and it's up to the `verifyJwtCallback`
+     * to handle the alg.
+     */
+    allowedSigningAlgs?: string[];
+}
+interface VerifyAuthorizationRequestClientAttestation {
+    /**
+     * Whether client attestation is required.
+     */
+    required?: boolean;
+    /**
+     * Whether to ensure that the key used in client attestation confirmation
+     * is the same key used for DPoP. This only has effect if both DPoP and client
+     * attestations are present.
+     *
+     * @default false
+     */
+    ensureConfirmationKeyMatchesDpopKey?: boolean;
+    clientAttestationJwt?: string;
+    clientAttestationPopJwt?: string;
+}
+interface VerifyAuthorizationRequestReturn {
+    dpop?: {
+        /**
+         * base64url encoding of the JWK SHA-256 Thumbprint (according to [RFC7638])
+         * of the DPoP public key (in JWK format).
+         *
+         * This will always be returned if dpop is used for the PAR endpoint
+         */
+        jwkThumbprint: string;
+        /**
+         * The JWK will be returend if a DPoP proof was provided in the header.
+         */
+        jwk?: Jwk;
+    };
+    /**
+     * The verified client attestation if any were provided.
+     */
+    clientAttestation?: {
+        clientAttestation: VerifiedClientAttestationJwt;
+        clientAttestationPop: VerifiedClientAttestationPopJwt;
+    };
+}
+interface VerifyAuthorizationRequestOptions {
+    authorizationServerMetadata: AuthorizationServerMetadata;
+    authorizationRequest: {
+        client_id?: string;
+    };
+    request: RequestLike;
+    dpop?: VerifyAuthorizationRequestDpop;
+    clientAttestation?: VerifyAuthorizationRequestClientAttestation;
+    /**
+     * Date to use for expiration. If not provided current date will be used.
+     */
+    now?: Date;
+    callbacks: Pick<CallbackContext, 'hash' | 'verifyJwt'>;
+}
+type VerifyAuthorizationChallengeRequestReturn = VerifyAuthorizationRequestReturn;
+interface VerifyAuthorizationChallengeRequestOptions extends Omit<VerifyAuthorizationRequestOptions, 'authorizationRequest'> {
+    authorizationChallengeRequest: AuthorizationChallengeRequest;
+}
+interface ParseAuthorizationRequestResult {
+    /**
+     * The dpop params from the authorization request.
+     *
+     * Both `dpop_jkt` and DPoP header can be included in the request.
+     *
+     * The jkt and the signer of the jwt have not been verified against
+     * each other yet, this only happens during verification
+     */
+    dpop?: {
+        jwkThumbprint: string;
+        jwt?: string;
+    } | {
+        jwkThumbprint?: string;
+        jwt: string;
+    };
+    /**
+     * The client attestation jwts from the authorization request headers.
+     * These have not been verified yet.
+     */
+    clientAttestation?: {
+        clientAttestationJwt: string;
+        clientAttestationPopJwt: string;
+    };
+}
+interface ParseAuthorizationChallengeRequestOptions {
+    request: RequestLike;
+    authorizationChallengeRequest: unknown;
+}
+interface ParseAuthorizationChallengeRequestResult extends ParseAuthorizationRequestResult {
+    authorizationChallengeRequest: AuthorizationChallengeRequest;
+}
+/**
+ * fetch authorization server metadata. It first tries to fetch the oauth-authorization-server metadata. If that returns
+ *  a 404, the openid-configuration metadata will be fetched.
+ */
+declare function fetchAuthorizationServerMetadata(issuer: string, fetch?: Fetch): Promise<AuthorizationServerMetadata | null>;
+declare function getAuthorizationServerMetadataFromList(authorizationServersMetadata: AuthorizationServerMetadata[], issuer: string): z.objectOutputType<{
+    issuer: z.ZodEffects<z.ZodString, string, string>;
+    token_endpoint: z.ZodEffects<z.ZodString, string, string>;
+    token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
+    authorization_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
+    pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
+    introspection_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+    authorization_challenge_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    pre_authorized_grant_anonymous_access_supported: z.ZodOptional<z.ZodBoolean>;
+    client_attestation_pop_nonce_required: z.ZodOptional<z.ZodBoolean>;
+}, z.ZodTypeAny, "passthrough">;
+/**
+ * Fetch JWKs from a provided JWKs URI.
+ *
+ * Returns validated metadata if successfull response
+ * Throws error otherwise
+ *
+ * @throws {ValidationError} if successfull response but validation of response failed
+ * @throws {InvalidFetchResponseError} if unsuccesful response
+ */
+declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
+/**
+ * Fetch well known metadata and validate the response.
+ *
+ * Returns null if 404 is returned
+ * Returns validated metadata if successfull response
+ * Throws error otherwise
+ *
+ * @throws {ValidationError} if successfull response but validation of response failed
+ * @throws {InvalidFetchResponseError} if no successfull or 404 response
+ * @throws {Error} if parsing json from response fails
+ */
+declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z__default.infer<Schema> | null>;
+declare const zTokenIntrospectionResponse: z__default.ZodObject<{
+    active: z__default.ZodBoolean;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    client_id: z__default.ZodOptional<z__default.ZodString>;
+    username: z__default.ZodOptional<z__default.ZodString>;
+    token_type: z__default.ZodOptional<z__default.ZodString>;
+    exp: z__default.ZodOptional<z__default.ZodNumber>;
+    iat: z__default.ZodOptional<z__default.ZodNumber>;
+    nbf: z__default.ZodOptional<z__default.ZodNumber>;
+    sub: z__default.ZodOptional<z__default.ZodString>;
+    aud: z__default.ZodOptional<z__default.ZodString>;
+    iss: z__default.ZodOptional<z__default.ZodString>;
+    jti: z__default.ZodOptional<z__default.ZodString>;
+    cnf: z__default.ZodOptional<z__default.ZodObject<{
+        jwk: z__default.ZodOptional<z__default.ZodObject<{
+            kty: z__default.ZodString;
+            crv: z__default.ZodOptional<z__default.ZodString>;
+            x: z__default.ZodOptional<z__default.ZodString>;
+            y: z__default.ZodOptional<z__default.ZodString>;
+            e: z__default.ZodOptional<z__default.ZodString>;
+            n: z__default.ZodOptional<z__default.ZodString>;
+            alg: z__default.ZodOptional<z__default.ZodString>;
+            d: z__default.ZodOptional<z__default.ZodString>;
+            dp: z__default.ZodOptional<z__default.ZodString>;
+            dq: z__default.ZodOptional<z__default.ZodString>;
+            ext: z__default.ZodOptional<z__default.ZodBoolean>;
+            k: z__default.ZodOptional<z__default.ZodString>;
+            key_ops: z__default.ZodOptional<z__default.ZodString>;
+            kid: z__default.ZodOptional<z__default.ZodString>;
+            oth: z__default.ZodOptional<z__default.ZodArray<z__default.ZodObject<{
+                d: z__default.ZodOptional<z__default.ZodString>;
+                r: z__default.ZodOptional<z__default.ZodString>;
+                t: z__default.ZodOptional<z__default.ZodString>;
+            }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
+                d: z__default.ZodOptional<z__default.ZodString>;
+                r: z__default.ZodOptional<z__default.ZodString>;
+                t: z__default.ZodOptional<z__default.ZodString>;
+            }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
+                d: z__default.ZodOptional<z__default.ZodString>;
+                r: z__default.ZodOptional<z__default.ZodString>;
+                t: z__default.ZodOptional<z__default.ZodString>;
+            }, z__default.ZodTypeAny, "passthrough">>, "many">>;
+            p: z__default.ZodOptional<z__default.ZodString>;
+            q: z__default.ZodOptional<z__default.ZodString>;
+            qi: z__default.ZodOptional<z__default.ZodString>;
+            use: z__default.ZodOptional<z__default.ZodString>;
+            x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
+            x5t: z__default.ZodOptional<z__default.ZodString>;
             'x5t#S256': z__default.ZodOptional<z__default.ZodString>;
             x5u: z__default.ZodOptional<z__default.ZodString>;
         }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
@@ -7481,7 +8668,7 @@ interface RetrieveAccessTokenBaseOptions {
     /**
      * Callbacks to use for requesting access token
      */
-    callbacks: Pick<CallbackContext, 'fetch' | 'generateRandom' | 'hash' | 'signJwt'>;
+    callbacks: Pick<CallbackContext, 'fetch' | 'generateRandom' | 'hash' | 'signJwt' | 'clientAuthentication'>;
     /**
      * The resource to which access is being requested. This can help the authorization
      * server in determining the resource server to handle the authorization request for
@@ -7495,10 +8682,6 @@ interface RetrieveAccessTokenBaseOptions {
      * metadata, or the 'alg' value does not match an error will be thrown.
      */
     dpop?: RequestDpopOptions;
-    /**
-     * If client attestation needs to be included in the request.
-     */
-    clientAttestation?: RequestClientAttestationOptions;
 }
 interface RetrievePreAuthorizedCodeAccessTokenOptions extends RetrieveAccessTokenBaseOptions {
     preAuthorizedCode: string;
@@ -7577,7 +8760,16 @@ interface ParseAccessTokenRequestResult {
     /**
      * The dpop jwt from the access token request headers
      */
-    dpopJwt?: string;
+    dpop?: {
+        jwt: string;
+    };
+    /**
+     * The client attestation jwts from the access token request headers
+     */
+    clientAttestation?: {
+        clientAttestationJwt: string;
+        clientAttestationPopJwt: string;
+    };
     /**
      * The pkce code verifier from the access token request
      */
@@ -7601,6 +8793,11 @@ interface VerifyAccessTokenRequestDpop {
      * The dpop jwt from the access token request
      */
     jwt?: string;
+    /**
+     * The expected jwk thumbprint, and can be used to match a dpop provided in the authorization
+     * request to the dpop key used for the access token request.
+     */
+    expectedJwkThumbprint?: string;
     /**
      * Allowed dpop signing alg values. If not provided
      * any alg values are allowed and it's up to the `verifyJwtCallback`
@@ -7608,20 +8805,54 @@ interface VerifyAccessTokenRequestDpop {
      */
     allowedSigningAlgs?: string[];
 }
+interface VerifyAccessTokenRequestClientAttestation {
+    /**
+     * Whether client attestation is required.
+     */
+    required?: boolean;
+    /**
+     * Whether to ensure that the key used in client attestation confirmation
+     * is the same key used for DPoP. This only has effect if both DPoP and client
+     * attestations are present.
+     *
+     * @default false
+     */
+    ensureConfirmationKeyMatchesDpopKey?: boolean;
+    clientAttestationJwt?: string;
+    clientAttestationPopJwt?: string;
+    /**
+     * The expected client id that is bound to the authorization session, and can be used to match the client id
+     * provided in the authorization request to the client used for the access token request.
+     */
+    expectedClientId?: string;
+}
 interface VerifyAccessTokenRequestPkce {
     codeVerifier?: string;
     codeChallenge: string;
     codeChallengeMethod: PkceCodeChallengeMethod;
 }
 interface VerifyAccessTokenRequestReturn {
-    dpopJwk?: Jwk;
+    dpop?: {
+        /**
+         * base64url encoding of the JWK SHA-256 Thumbprint (according to [RFC7638])
+         * of the DPoP public key (in JWK format)
+         */
+        jwkThumbprint: string;
+        jwk: Jwk;
+    };
+    clientAttestation?: {
+        clientAttestation: VerifiedClientAttestationJwt;
+        clientAttestationPop: VerifiedClientAttestationPopJwt;
+    };
 }
 interface VerifyPreAuthorizedCodeAccessTokenRequestOptions {
+    authorizationServerMetadata: AuthorizationServerMetadata;
     grant: ParsedAccessTokenPreAuthorizedCodeRequestGrant;
     accessTokenRequest: AccessTokenRequest;
     request: RequestLike;
     expectedPreAuthorizedCode: string;
     expectedTxCode?: string;
+    clientAttestation?: VerifyAccessTokenRequestClientAttestation;
     dpop?: VerifyAccessTokenRequestDpop;
     pkce?: VerifyAccessTokenRequestPkce;
     preAuthorizedCodeExpiresAt?: Date;
@@ -7629,10 +8860,12 @@ interface VerifyPreAuthorizedCodeAccessTokenRequestOptions {
     callbacks: Pick<CallbackContext, 'hash' | 'verifyJwt'>;
 }
 interface VerifyAuthorizationCodeAccessTokenRequestOptions {
+    authorizationServerMetadata: AuthorizationServerMetadata;
     grant: ParsedAccessTokenAuthorizationCodeRequestGrant;
     accessTokenRequest: AccessTokenRequest;
     request: RequestLike;
     expectedCode: string;
+    clientAttestation?: VerifyAccessTokenRequestClientAttestation;
     dpop?: VerifyAccessTokenRequestDpop;
     pkce?: VerifyAccessTokenRequestPkce;
     codeExpiresAt?: Date;
@@ -7644,13 +8877,17 @@ interface CreateAuthorizationRequestUrlOptions {
     /**
      * Callback context mostly for crypto related functionality
      */
-    callbacks: Pick<CallbackContext, 'fetch' | 'hash' | 'generateRandom' | 'signJwt'>;
+    callbacks: Pick<CallbackContext, 'fetch' | 'hash' | 'generateRandom' | 'signJwt' | 'clientAuthentication'>;
     /**
      * Metadata of the authorization server for which to create the authorization request url
      */
     authorizationServerMetadata: AuthorizationServerMetadata;
     /**
-     * The client id to use for the authorization request
+     * The client id to use for the authorization request.
+     *
+     * For authorization requests the `client_id` is ALWAYS required, even if client authentication is used
+     * (which differs from the token endpoint). This should match with the client_id that will be used for
+     * client authentication
      */
     clientId: string;
     /**
@@ -7675,12 +8912,6 @@ interface CreateAuthorizationRequestUrlOptions {
      * Code verifier to use for pkce. If not provided a value will generated when pkce is supported
      */
     pkceCodeVerifier?: string;
-    /**
-     * If client attestation needs to be included in the request.
-     *
-     * Will ONLY be used if PAR is used.
-     */
-    clientAttestation?: RequestClientAttestationOptions;
     /**
      * DPoP options
      *
@@ -7689,6 +8920,81 @@ interface CreateAuthorizationRequestUrlOptions {
     dpop?: RequestDpopOptions;
 }
+interface CreatePushedAuthorizationResponseOptions {
+    /**
+     * The request uri where the client should redirect to
+     */
+    requestUri: string;
+    /**
+     * Number of seconds after which the `requestUri` will expire.
+     */
+    expiresInSeconds: number;
+    /**
+     * Additional payload to include in the pushed authorization response.
+     */
+    additionalPayload?: Record<string, unknown>;
+}
+interface CreatePushedAuthorizationErrorResponseOptions {
+    /**
+     * The pushed authorization error
+     */
+    error: StringWithAutoCompletion<Oauth2ErrorCodes>;
+    /**
+     * Optional error description
+     */
+    errorDescription?: string;
+    /**
+     * Additional payload to include in the pushed authorization error response.
+     */
+    additionalPayload?: Record<string, unknown>;
+}
+declare const zAuthorizationRequest: z__default.ZodObject<{
+    response_type: z__default.ZodString;
+    client_id: z__default.ZodString;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
+    response_type: z__default.ZodString;
+    client_id: z__default.ZodString;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
+    response_type: z__default.ZodString;
+    client_id: z__default.ZodString;
+    issuer_state: z__default.ZodOptional<z__default.ZodString>;
+    redirect_uri: z__default.ZodOptional<z__default.ZodString>;
+    resource: z__default.ZodOptional<z__default.ZodEffects<z__default.ZodString, string, string>>;
+    scope: z__default.ZodOptional<z__default.ZodString>;
+    dpop_jkt: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge: z__default.ZodOptional<z__default.ZodString>;
+    code_challenge_method: z__default.ZodOptional<z__default.ZodString>;
+}, z__default.ZodTypeAny, "passthrough">>;
+type AuthorizationRequest = z__default.infer<typeof zAuthorizationRequest>;
+interface ParsePushedAuthorizationRequestOptions {
+    request: RequestLike;
+    authorizationRequest: unknown;
+}
+interface ParsePushedAuthorizationRequestResult extends ParseAuthorizationRequestResult {
+    authorizationRequest: AuthorizationRequest;
+}
+type VerifyPushedAuthorizationRequestReturn = VerifyAuthorizationRequestReturn;
+interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationRequestOptions {
+    authorizationRequest: AuthorizationRequest;
+}
 interface ResourceRequestOptions {
     /**
      * DPoP options
@@ -8456,43 +9762,45 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
             jkt: z.ZodOptional<z.ZodString>;
         }, z.ZodTypeAny, "passthrough">>>;
     }, z.ZodTypeAny, "passthrough">;
-    dpopJwk: z.objectOutputType<{
-        kty: z.ZodString;
-        crv: z.ZodOptional<z.ZodString>;
-        x: z.ZodOptional<z.ZodString>;
-        y: z.ZodOptional<z.ZodString>;
-        e: z.ZodOptional<z.ZodString>;
-        n: z.ZodOptional<z.ZodString>;
-        alg: z.ZodOptional<z.ZodString>;
-        d: z.ZodOptional<z.ZodString>;
-        dp: z.ZodOptional<z.ZodString>;
-        dq: z.ZodOptional<z.ZodString>;
-        ext: z.ZodOptional<z.ZodBoolean>;
-        k: z.ZodOptional<z.ZodString>;
-        key_ops: z.ZodOptional<z.ZodString>;
-        kid: z.ZodOptional<z.ZodString>;
-        oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
-            d: z.ZodOptional<z.ZodString>;
-            r: z.ZodOptional<z.ZodString>;
-            t: z.ZodOptional<z.ZodString>;
-        }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-            d: z.ZodOptional<z.ZodString>;
-            r: z.ZodOptional<z.ZodString>;
-            t: z.ZodOptional<z.ZodString>;
-        }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    dpop: {
+        jwk: z.objectOutputType<{
+            kty: z.ZodString;
+            crv: z.ZodOptional<z.ZodString>;
+            x: z.ZodOptional<z.ZodString>;
+            y: z.ZodOptional<z.ZodString>;
+            e: z.ZodOptional<z.ZodString>;
+            n: z.ZodOptional<z.ZodString>;
+            alg: z.ZodOptional<z.ZodString>;
             d: z.ZodOptional<z.ZodString>;
-            r: z.ZodOptional<z.ZodString>;
-            t: z.ZodOptional<z.ZodString>;
-        }, z.ZodTypeAny, "passthrough">>, "many">>;
-        p: z.ZodOptional<z.ZodString>;
-        q: z.ZodOptional<z.ZodString>;
-        qi: z.ZodOptional<z.ZodString>;
-        use: z.ZodOptional<z.ZodString>;
-        x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-        x5t: z.ZodOptional<z.ZodString>;
-        'x5t#S256': z.ZodOptional<z.ZodString>;
-        x5u: z.ZodOptional<z.ZodString>;
-    }, z.ZodTypeAny, "passthrough"> | undefined;
+            dp: z.ZodOptional<z.ZodString>;
+            dq: z.ZodOptional<z.ZodString>;
+            ext: z.ZodOptional<z.ZodBoolean>;
+            k: z.ZodOptional<z.ZodString>;
+            key_ops: z.ZodOptional<z.ZodString>;
+            kid: z.ZodOptional<z.ZodString>;
+            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                d: z.ZodOptional<z.ZodString>;
+                r: z.ZodOptional<z.ZodString>;
+                t: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>, "many">>;
+            p: z.ZodOptional<z.ZodString>;
+            q: z.ZodOptional<z.ZodString>;
+            qi: z.ZodOptional<z.ZodString>;
+            use: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            x5t: z.ZodOptional<z.ZodString>;
+            'x5t#S256': z.ZodOptional<z.ZodString>;
+            x5u: z.ZodOptional<z.ZodString>;
+        }, z.ZodTypeAny, "passthrough">;
+    } | undefined;
     scheme: SupportedAuthenticationScheme;
     accessToken: string;
     authorizationServer: string;
@@ -8503,7 +9811,9 @@ interface CreateAccessTokenOptions {
     /**
      * public dpop jwk key. Will be encoded as jwk thubmprint in the `cnf.jkt` claim.
      */
-    dpopJwk?: Jwk;
+    dpop?: {
+        jwk: Jwk;
+    };
     /**
      * scope of the access token. If the authorization request included scopes
      * they should be added to the access token as well
@@ -8591,14 +9901,10 @@ interface CreateAuthorizationChallengeErrorResponseOptions {
      */
     authSession?: string;
     /**
-     * The presentation during issuance error.
-     *
      * Error codes specific to authorization challenge are:
      *  - @see Oauth2ErrorCodes.RedirectToWeb
      *  - @see Oauth2ErrorCodes.InvalidSession
      *  - @see Oauth2ErrorCodes.InsufficientAuthorization
-     *
-     * If you want to require presentation of a
      */
     error: StringWithAutoCompletion<Oauth2ErrorCodes>;
     /**
@@ -8630,10 +9936,6 @@ interface CreateAuthorizationChallengeErrorResponseOptions {
     additionalPayload?: Record<string, unknown>;
 }
-interface ParseAuthorizationChallengeRequestOptions {
-    authorizationChallengeRequest: unknown;
-}
 interface Oauth2AuthorizationServerOptions {
     /**
      * Callbacks required for the oauth2 authorization server
@@ -8646,7 +9948,7 @@ declare class Oauth2AuthorizationServer {
     createAuthorizationServerMetadata(authorizationServerMetadata: AuthorizationServerMetadata): z.objectOutputType<{
         issuer: z.ZodEffects<z.ZodString, string, string>;
         token_endpoint: z.ZodEffects<z.ZodString, string, string>;
-        token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
         authorization_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -8654,10 +9956,11 @@ declare class Oauth2AuthorizationServer {
         require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
         pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-        introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"client_secret_jwt">, z.ZodLiteral<"private_key_jwt">, z.ZodString]>, "many">>;
+        introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
         introspection_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
         authorization_challenge_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         pre_authorized_grant_anonymous_access_supported: z.ZodOptional<z.ZodBoolean>;
+        client_attestation_pop_nonce_required: z.ZodOptional<z.ZodBoolean>;
     }, z.ZodTypeAny, "passthrough">;
     /**
      * Parse access token request and extract the grant specific properties.
@@ -8676,7 +9979,7 @@ declare class Oauth2AuthorizationServer {
      * For pre-auth flow this can be the pre-authorized_code but there are no requirements
      * on the value.
      */
-    createAccessTokenResponse(options: Pick<CreateAccessTokenOptions, 'expiresInSeconds' | 'scope' | 'clientId' | 'audience' | 'signer' | 'dpopJwk' | 'authorizationServer' | 'now' | 'subject'> & Pick<CreateAccessTokenResponseOptions, 'cNonce' | 'cNonceExpiresIn'> & {
+    createAccessTokenResponse(options: Pick<CreateAccessTokenOptions, 'expiresInSeconds' | 'scope' | 'clientId' | 'audience' | 'signer' | 'dpop' | 'authorizationServer' | 'now' | 'subject'> & Pick<CreateAccessTokenResponseOptions, 'cNonce' | 'cNonceExpiresIn'> & {
         additionalAccessTokenPayload?: CreateAccessTokenOptions['additionalPayload'];
         additionalAccessTokenResponsePayload?: CreateAccessTokenResponseOptions['additionalPayload'];
     }): Promise<z.objectOutputType<{
@@ -8690,57 +9993,525 @@ declare class Oauth2AuthorizationServer {
         c_nonce_expires_in: z.ZodOptional<z.ZodNumber>;
         authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{}, "passthrough", z.ZodTypeAny, z.objectOutputType<{}, z.ZodTypeAny, "passthrough">, z.objectInputType<{}, z.ZodTypeAny, "passthrough">>, "many">>;
     }, z.ZodTypeAny, "passthrough">>;
+    /**
+     * Parse a pushed authorization request
+     */
+    parsePushedAuthorizationRequest(options: ParsePushedAuthorizationRequestOptions): ParsePushedAuthorizationRequestResult;
+    verifyPushedAuthorizationRequest(options: Omit<VerifyPushedAuthorizationRequestOptions, 'callbacks'>): Promise<VerifyAuthorizationRequestReturn>;
+    createPushedAuthorizationResponse(options: CreatePushedAuthorizationResponseOptions): {
+        pushedAuthorizationResponse: z.objectOutputType<{
+            request_uri: z.ZodString;
+            expires_in: z.ZodNumber;
+        }, z.ZodTypeAny, "passthrough">;
+    };
+    createPushedAuthorizationErrorResponse(options: CreatePushedAuthorizationErrorResponseOptions): z.objectOutputType<{
+        error: z.ZodUnion<[z.ZodNativeEnum<typeof Oauth2ErrorCodes>, z.ZodString]>;
+        error_description: z.ZodOptional<z.ZodString>;
+        error_uri: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">;
     /**
      * Parse an authorization challenge request
      */
-    parseAuthorizationChallengeRequest(options: ParseAuthorizationChallengeRequestOptions): {
-        authorizationChallengeRequest: z.objectOutputType<{
-            client_id: z.ZodOptional<z.ZodString>;
-            auth_session: z.ZodOptional<z.ZodString>;
-            presentation_during_issuance_session: z.ZodOptional<z.ZodString>;
-            redirect_uri: z.ZodOptional<z.ZodString>;
-            resource: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-            scope: z.ZodOptional<z.ZodString>;
-            issuer_state: z.ZodOptional<z.ZodString>;
-            dpop_jkt: z.ZodOptional<z.ZodString>;
-            code_challenge: z.ZodOptional<z.ZodString>;
-            code_challenge_method: z.ZodOptional<z.ZodString>;
+    parseAuthorizationChallengeRequest(options: ParseAuthorizationChallengeRequestOptions): ParseAuthorizationChallengeRequestResult;
+    verifyAuthorizationChallengeRequest(options: Omit<VerifyAuthorizationChallengeRequestOptions, 'callbacks'>): Promise<VerifyAuthorizationRequestReturn>;
+    createAuthorizationChallengeResponse(options: CreateAuthorizationChallengeResponseOptions): {
+        authorizationChallengeResponse: z.objectOutputType<{
+            authorization_code: z.ZodString;
+        }, z.ZodTypeAny, "passthrough">;
+    };
+    /**
+     * Create an authorization challenge error response indicating presentation of credentials
+     * using OpenID4VP is required before authorization can be granted.
+     *
+     * The `presentation` parameter should be an OpenID4VP authorization request url.
+     * The `authSession` should be used to track the session
+     */
+    createAuthorizationChallengePresentationErrorResponse(options: Pick<CreateAuthorizationChallengeErrorResponseOptions, 'errorDescription' | 'additionalPayload'> & Required<Pick<CreateAuthorizationChallengeErrorResponseOptions, 'authSession' | 'presentation'>>): z.objectOutputType<{
+        auth_session: z.ZodOptional<z.ZodString>;
+        request_uri: z.ZodOptional<z.ZodString>;
+        expires_in: z.ZodOptional<z.ZodNumber>;
+        presentation: z.ZodOptional<z.ZodString>;
+        error: z.ZodUnion<[z.ZodNativeEnum<typeof Oauth2ErrorCodes>, z.ZodString]>;
+        error_description: z.ZodOptional<z.ZodString>;
+        error_uri: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">;
+    createAuthorizationChallengeErrorResponse(options: CreateAuthorizationChallengeErrorResponseOptions): z.objectOutputType<{
+        auth_session: z.ZodOptional<z.ZodString>;
+        request_uri: z.ZodOptional<z.ZodString>;
+        expires_in: z.ZodOptional<z.ZodNumber>;
+        presentation: z.ZodOptional<z.ZodString>;
+        error: z.ZodUnion<[z.ZodNativeEnum<typeof Oauth2ErrorCodes>, z.ZodString]>;
+        error_description: z.ZodOptional<z.ZodString>;
+        error_uri: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">;
+    verifyDpopJwt(options: Omit<VerifyDpopJwtOptions, 'callbacks'>): Promise<{
+        header: z.objectOutputType<{
+            typ: z.ZodLiteral<"dpop+jwt">;
+            jwk: z.ZodObject<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>;
+            alg: z.ZodEffects<z.ZodString, string, string>;
+            kid: z.ZodOptional<z.ZodString>;
+            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
         }, z.ZodTypeAny, "passthrough">;
-    };
-    createAuthorizationChallengeResponse(options: CreateAuthorizationChallengeResponseOptions): {
-        authorizationChallengeResponse: z.objectOutputType<{
-            authorization_code: z.ZodString;
+        payload: z.objectOutputType<{
+            iat: z.ZodNumber;
+            htu: z.ZodEffects<z.ZodString, string, string>;
+            htm: z.ZodEnum<["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "TRACE", "CONNECT", "PATCH"]>;
+            jti: z.ZodString;
+            ath: z.ZodOptional<z.ZodString>;
+            iss: z.ZodOptional<z.ZodString>;
+            aud: z.ZodOptional<z.ZodString>;
+            exp: z.ZodOptional<z.ZodNumber>;
+            nbf: z.ZodOptional<z.ZodNumber>;
+            nonce: z.ZodOptional<z.ZodString>;
+            cnf: z.ZodOptional<z.ZodObject<{
+                jwk: z.ZodOptional<z.ZodObject<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>>;
+                jkt: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                jwk: z.ZodOptional<z.ZodObject<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>>;
+                jkt: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                jwk: z.ZodOptional<z.ZodObject<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    kty: z.ZodString;
+                    crv: z.ZodOptional<z.ZodString>;
+                    x: z.ZodOptional<z.ZodString>;
+                    y: z.ZodOptional<z.ZodString>;
+                    e: z.ZodOptional<z.ZodString>;
+                    n: z.ZodOptional<z.ZodString>;
+                    alg: z.ZodOptional<z.ZodString>;
+                    d: z.ZodOptional<z.ZodString>;
+                    dp: z.ZodOptional<z.ZodString>;
+                    dq: z.ZodOptional<z.ZodString>;
+                    ext: z.ZodOptional<z.ZodBoolean>;
+                    k: z.ZodOptional<z.ZodString>;
+                    key_ops: z.ZodOptional<z.ZodString>;
+                    kid: z.ZodOptional<z.ZodString>;
+                    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                        d: z.ZodOptional<z.ZodString>;
+                        r: z.ZodOptional<z.ZodString>;
+                        t: z.ZodOptional<z.ZodString>;
+                    }, z.ZodTypeAny, "passthrough">>, "many">>;
+                    p: z.ZodOptional<z.ZodString>;
+                    q: z.ZodOptional<z.ZodString>;
+                    qi: z.ZodOptional<z.ZodString>;
+                    use: z.ZodOptional<z.ZodString>;
+                    x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                    x5t: z.ZodOptional<z.ZodString>;
+                    'x5t#S256': z.ZodOptional<z.ZodString>;
+                    x5u: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>>;
+                jkt: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>>;
+            status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+            trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
         }, z.ZodTypeAny, "passthrough">;
-    };
-    /**
-     * Create an authorization challenge error response indicating presentation of credenitals
-     * using OpenID4VP is required before authorization can be granted.
-     *
-     * The `presentation` parameter should be an OpenID4VP authorization request url.
-     * The `authSession` should be used to track the session
-     */
-    createAuthorizationChallengePresentationErrorResponse(options: Pick<CreateAuthorizationChallengeErrorResponseOptions, 'errorDescription' | 'additionalPayload'> & Required<Pick<CreateAuthorizationChallengeErrorResponseOptions, 'authSession' | 'presentation'>>): z.objectOutputType<{
-        auth_session: z.ZodOptional<z.ZodString>;
-        request_uri: z.ZodOptional<z.ZodString>;
-        expires_in: z.ZodOptional<z.ZodNumber>;
-        presentation: z.ZodOptional<z.ZodString>;
-        error: z.ZodUnion<[z.ZodNativeEnum<typeof Oauth2ErrorCodes>, z.ZodString]>;
-        error_description: z.ZodOptional<z.ZodString>;
-        error_uri: z.ZodOptional<z.ZodString>;
-    }, z.ZodTypeAny, "passthrough">;
-    createAuthorizationChallengeErrorResponse(options: CreateAuthorizationChallengeErrorResponseOptions): z.objectOutputType<{
-        auth_session: z.ZodOptional<z.ZodString>;
-        request_uri: z.ZodOptional<z.ZodString>;
-        expires_in: z.ZodOptional<z.ZodNumber>;
-        presentation: z.ZodOptional<z.ZodString>;
-        error: z.ZodUnion<[z.ZodNativeEnum<typeof Oauth2ErrorCodes>, z.ZodString]>;
-        error_description: z.ZodOptional<z.ZodString>;
-        error_uri: z.ZodOptional<z.ZodString>;
-    }, z.ZodTypeAny, "passthrough">;
-    verifyClientAttestation({ authorizationServer, headers, }: {
-        authorizationServer: string;
-        headers: FetchHeaders;
-    }): Promise<{
+        jwkThumbprint: string;
+    }>;
+    verifyClientAttestation(options: Omit<VerifyClientAttestationOptions, 'callbacks'>): Promise<{
         clientAttestation: {
             header: z.objectOutputType<{
                 typ: z.ZodLiteral<"oauth-client-attestation+jwt">;
@@ -8972,8 +10743,6 @@ declare class Oauth2AuthorizationServer {
                         'x5t#S256': z.ZodOptional<z.ZodString>;
                         x5u: z.ZodOptional<z.ZodString>;
                     }, z.ZodTypeAny, "passthrough">>;
-                    key_type: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z.ZodString]>>;
-                    user_authentication: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z.ZodString]>>;
                 }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
                     jwk: z.ZodObject<{
                         kty: z.ZodString;
@@ -9084,8 +10853,6 @@ declare class Oauth2AuthorizationServer {
                         'x5t#S256': z.ZodOptional<z.ZodString>;
                         x5u: z.ZodOptional<z.ZodString>;
                     }, z.ZodTypeAny, "passthrough">>;
-                    key_type: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z.ZodString]>>;
-                    user_authentication: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z.ZodString]>>;
                 }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
                     jwk: z.ZodObject<{
                         kty: z.ZodString;
@@ -9196,10 +10963,9 @@ declare class Oauth2AuthorizationServer {
                         'x5t#S256': z.ZodOptional<z.ZodString>;
                         x5u: z.ZodOptional<z.ZodString>;
                     }, z.ZodTypeAny, "passthrough">>;
-                    key_type: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["software", "hardware", "tee", "secure_enclave", "strong_box", "secure_element", "hsm"]>, z.ZodString]>>;
-                    user_authentication: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["system_biometry", "system_pin", "internal_biometry", "internal_pin", "secure_element_pin"]>, z.ZodString]>>;
                 }, z.ZodTypeAny, "passthrough">>;
-                aal: z.ZodOptional<z.ZodString>;
+                wallet_name: z.ZodOptional<z.ZodString>;
+                wallet_link: z.ZodOptional<z.ZodString>;
                 aud: z.ZodOptional<z.ZodString>;
                 iat: z.ZodOptional<z.ZodNumber>;
                 nbf: z.ZodOptional<z.ZodNumber>;
@@ -9681,7 +11447,7 @@ interface SendAuthorizationChallengeRequestOptions {
     /**
      * Callback context
      */
-    callbacks: Pick<CallbackContext, 'fetch' | 'hash' | 'generateRandom' | 'signJwt'>;
+    callbacks: Pick<CallbackContext, 'fetch' | 'hash' | 'generateRandom' | 'signJwt' | 'clientAuthentication'>;
     /**
      * Metadata of the authorization server where to perform the authorization challenge
      */
@@ -9690,10 +11456,6 @@ interface SendAuthorizationChallengeRequestOptions {
      * Previously established auth session
      */
     authSession?: string;
-    /**
-     * The client id to use for the authorization challenge request
-     */
-    clientId?: string;
     /**
      * Scope to request for the authorization challenge request
      */
@@ -9717,57 +11479,17 @@ interface SendAuthorizationChallengeRequestOptions {
      * Code verifier to use for pkce. If not provided a value will generated when pkce is supported
      */
     pkceCodeVerifier?: string;
-    /**
-     * If client attestation needs to be included in the request.
-     */
-    clientAttestation?: RequestClientAttestationOptions;
     /**
      * DPoP options
      */
     dpop?: RequestDpopOptions;
 }
-interface CreateClientAttestationJwtOptions {
-    /**
-     * Creation time of the JWT. If not provided the current date will be used
-     */
-    issuedAt?: Date;
-    /**
-     * Expiration time of the JWT.
-     */
-    expiresAt: Date;
-    /**
-     * Issuer of the client attestation, usually identifier of the client backend
-     */
-    issuer: string;
-    /**
-     * The client id of the client instance.
-     */
-    clientId: string;
-    /**
-     * The confirmation payload for the client, attesting the `jwk`, `key_type` and `user_authentication`
-     */
-    confirmation: ClientAttestationJwtPayload['cnf'];
-    /**
-     * Additional payload to include in the client attestation jwt payload. Will be applied after
-     * any default claims that are included, so add claims with caution.
-     */
-    additionalPayload?: Record<string, unknown>;
-    /**
-     * Callback used for client attestation
-     */
-    callbacks: Pick<CallbackContext, 'signJwt'>;
-    /**
-     * The signer of the client attestation jwt.
-     */
-    signer: JwtSigner;
-}
 interface Oauth2ClientOptions {
     /**
      * Callbacks required for the oauth2 client
      */
-    callbacks: Omit<CallbackContext, 'verifyJwt' | 'clientAuthentication' | 'decryptJwe' | 'encryptJwe'>;
+    callbacks: Omit<CallbackContext, 'verifyJwt' | 'decryptJwe' | 'encryptJwe'>;
 }
 declare class Oauth2Client {
     private options;
@@ -9781,10 +11503,17 @@ declare class Oauth2Client {
         readonly supported: true;
         readonly dpopSigningAlgValuesSupported: string[];
     };
+    isClientAttestationSupported(options: {
+        authorizationServerMetadata: AuthorizationServerMetadata;
+    }): {
+        readonly supported: false;
+    } | {
+        readonly supported: true;
+    };
     fetchAuthorizationServerMetadata(issuer: string): Promise<z.objectOutputType<{
         issuer: z.ZodEffects<z.ZodString, string, string>;
         token_endpoint: z.ZodEffects<z.ZodString, string, string>;
-        token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
         authorization_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -9792,10 +11521,11 @@ declare class Oauth2Client {
         require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
         pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-        introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"client_secret_jwt">, z.ZodLiteral<"private_key_jwt">, z.ZodString]>, "many">>;
+        introspection_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodEnum<["client_secret_basic", "client_secret_post", "attest_jwt_client_auth", "client_secret_jwt", "private_key_jwt"]>, z.ZodString]>, "many">>;
         introspection_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
         authorization_challenge_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
         pre_authorized_grant_anonymous_access_supported: z.ZodOptional<z.ZodBoolean>;
+        client_attestation_pop_nonce_required: z.ZodOptional<z.ZodBoolean>;
     }, z.ZodTypeAny, "passthrough"> | null>;
     /**
      * Initiate authorization.
@@ -9837,14 +11567,10 @@ declare class Oauth2Client {
         pkce: CreatePkceReturn | undefined;
         dpop: RequestDpopOptions | undefined;
     }>;
-    retrievePreAuthorizedCodeAccessToken({ authorizationServerMetadata, preAuthorizedCode, additionalRequestPayload, txCode, dpop, resource, clientAttestation, }: Omit<RetrievePreAuthorizedCodeAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
-    retrieveAuthorizationCodeAccessToken({ authorizationServerMetadata, additionalRequestPayload, authorizationCode, pkceCodeVerifier, redirectUri, resource, dpop, clientAttestation, }: Omit<RetrieveAuthorizationCodeAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
-    retrieveRefreshTokenAccessToken({ authorizationServerMetadata, additionalRequestPayload, refreshToken, resource, dpop, clientAttestation, }: Omit<RetrieveRefreshTokenAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
+    retrievePreAuthorizedCodeAccessToken({ authorizationServerMetadata, preAuthorizedCode, additionalRequestPayload, txCode, dpop, resource, }: Omit<RetrievePreAuthorizedCodeAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
+    retrieveAuthorizationCodeAccessToken({ authorizationServerMetadata, additionalRequestPayload, authorizationCode, pkceCodeVerifier, redirectUri, resource, dpop, }: Omit<RetrieveAuthorizationCodeAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
+    retrieveRefreshTokenAccessToken({ authorizationServerMetadata, additionalRequestPayload, refreshToken, resource, dpop, }: Omit<RetrieveRefreshTokenAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
     resourceRequest(options: ResourceRequestOptions): Promise<ResourceRequestResponseOk | ResourceRequestResponseNotOk>;
-    /**
-     * @todo move this to another class?
-     */
-    createClientAttestationJwt(options: Omit<CreateClientAttestationJwtOptions, 'callbacks'>): Promise<string>;
 }
 interface Oauth2ResourceServerOptions {
@@ -10552,43 +12278,45 @@ declare class Oauth2ResourceServer {
                 jkt: z.ZodOptional<z.ZodString>;
             }, z.ZodTypeAny, "passthrough">>>;
         }, z.ZodTypeAny, "passthrough">;
-        dpopJwk: z.objectOutputType<{
-            kty: z.ZodString;
-            crv: z.ZodOptional<z.ZodString>;
-            x: z.ZodOptional<z.ZodString>;
-            y: z.ZodOptional<z.ZodString>;
-            e: z.ZodOptional<z.ZodString>;
-            n: z.ZodOptional<z.ZodString>;
-            alg: z.ZodOptional<z.ZodString>;
-            d: z.ZodOptional<z.ZodString>;
-            dp: z.ZodOptional<z.ZodString>;
-            dq: z.ZodOptional<z.ZodString>;
-            ext: z.ZodOptional<z.ZodBoolean>;
-            k: z.ZodOptional<z.ZodString>;
-            key_ops: z.ZodOptional<z.ZodString>;
-            kid: z.ZodOptional<z.ZodString>;
-            oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                d: z.ZodOptional<z.ZodString>;
-                r: z.ZodOptional<z.ZodString>;
-                t: z.ZodOptional<z.ZodString>;
-            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-                d: z.ZodOptional<z.ZodString>;
-                r: z.ZodOptional<z.ZodString>;
-                t: z.ZodOptional<z.ZodString>;
-            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        dpop: {
+            jwk: z.objectOutputType<{
+                kty: z.ZodString;
+                crv: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                n: z.ZodOptional<z.ZodString>;
+                alg: z.ZodOptional<z.ZodString>;
                 d: z.ZodOptional<z.ZodString>;
-                r: z.ZodOptional<z.ZodString>;
-                t: z.ZodOptional<z.ZodString>;
-            }, z.ZodTypeAny, "passthrough">>, "many">>;
-            p: z.ZodOptional<z.ZodString>;
-            q: z.ZodOptional<z.ZodString>;
-            qi: z.ZodOptional<z.ZodString>;
-            use: z.ZodOptional<z.ZodString>;
-            x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-            x5t: z.ZodOptional<z.ZodString>;
-            'x5t#S256': z.ZodOptional<z.ZodString>;
-            x5u: z.ZodOptional<z.ZodString>;
-        }, z.ZodTypeAny, "passthrough"> | undefined;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodString>;
+                kid: z.ZodOptional<z.ZodString>;
+                oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                    d: z.ZodOptional<z.ZodString>;
+                    r: z.ZodOptional<z.ZodString>;
+                    t: z.ZodOptional<z.ZodString>;
+                }, z.ZodTypeAny, "passthrough">>, "many">>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                'x5t#S256': z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">;
+        } | undefined;
         scheme: SupportedAuthenticationScheme;
         accessToken: string;
         authorizationServer: string;
@@ -10680,4 +12408,4 @@ type DecodeJwtHeaderResult<HeaderSchema extends BaseSchema | undefined = undefin
 };
 declare function decodeJwtHeader<HeaderSchema extends BaseSchema | undefined = undefined>(options: DecodeJwtHeaderOptions<HeaderSchema>): DecodeJwtHeaderResult<HeaderSchema>;
-export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type CreateAuthorizationRequestUrlOptions, type CreatePkceReturn, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, type TokenIntrospectionResponse, type VerifyAccessTokenRequestReturn, type VerifyJwtCallback, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, refreshTokenGrantIdentifier, resourceRequest, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zRefreshTokenGrantIdentifier };
+export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, refreshTokenGrantIdentifier, resourceRequest, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zRefreshTokenGrantIdentifier };