@openid4vc/oauth2 0.3.0-alpha-20250504132432 → 0.3.0-alpha-20250511115959

package/dist/index.d.mts

@@ -763,26 +763,52 @@ type JwtSignerDid = {
     method: 'did';
     didUrl: string;
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the didUrl.
+     */
+    kid?: string;
 };
 type JwtSignerJwk = {
     method: 'jwk';
     publicJwk: Jwk;
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the jwk.
+     *
+     * If not provided the kid can also be extracted from the `publicJwk`. Providing it here means the `kid` won't
+     * be included in the JWT header.
+     */
+    kid?: string;
 };
 type JwtSignerX5c = {
     method: 'x5c';
     x5c: string[];
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the leaf certificate.
+     */
+    kid?: string;
 };
 type JwtSignerFederation = {
     method: 'federation';
     trustChain?: [string, ...string[]];
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with a key present in the federation.
+     */
     kid: string;
 };
 type JwtSignerCustom = {
     method: 'custom';
     alg: string;
+    /**
+     * The key id that should be used for signing.
+     */
+    kid?: string;
 };
 type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
 type JwtSignerWithJwk = JwtSigner & {

package/dist/index.d.ts

@@ -763,26 +763,52 @@ type JwtSignerDid = {
     method: 'did';
     didUrl: string;
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the didUrl.
+     */
+    kid?: string;
 };
 type JwtSignerJwk = {
     method: 'jwk';
     publicJwk: Jwk;
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the jwk.
+     *
+     * If not provided the kid can also be extracted from the `publicJwk`. Providing it here means the `kid` won't
+     * be included in the JWT header.
+     */
+    kid?: string;
 };
 type JwtSignerX5c = {
     method: 'x5c';
     x5c: string[];
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with the key associated with the leaf certificate.
+     */
+    kid?: string;
 };
 type JwtSignerFederation = {
     method: 'federation';
     trustChain?: [string, ...string[]];
     alg: string;
+    /**
+     * The key id that should be used for signing. You need to make sure the kid actuall matches
+     * with a key present in the federation.
+     */
     kid: string;
 };
 type JwtSignerCustom = {
     method: 'custom';
     alg: string;
+    /**
+     * The key id that should be used for signing.
+     */
+    kid?: string;
 };
 type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
 type JwtSignerWithJwk = JwtSigner & {

package/dist/index.js

@@ -415,7 +415,8 @@ function jwtSignerFromJwt({
       signer: {
         alg: header.alg,
         method: "x5c",
-        x5c: header.x5c
+        x5c: header.x5c,
+        kid: header.kid
       }
     });
   }
@@ -491,7 +492,8 @@ ${found.map((m) => m.valid ? `SUCCEEDED: method ${m.method}` : `FAILED: method $
   if (!allowedSignerMethods || allowedSignerMethods.includes("custom")) {
     return {
       method: "custom",
-      alg: header.alg
+      alg: header.alg,
+      kid: header.kid
     };
   }
   throw new Oauth2Error(