@openid4vc/oauth2 0.3.0-alpha-20250714110838 → 0.3.0-alpha-20250811083900

package/dist/index.d.mts

@@ -21,11 +21,14 @@ declare enum Oauth2ErrorCodes {
     InsufficientAuthorization = "insufficient_authorization",
     InvalidCredentialRequest = "invalid_credential_request",
     CredentialRequestDenied = "credential_request_denied",
-    UnsupportedCredentialType = "unsupported_credential_type",
-    UnsupportedCredentialFormat = "unsupported_credential_format",
     InvalidProof = "invalid_proof",
     InvalidNonce = "invalid_nonce",
     InvalidEncryptionParameters = "invalid_encryption_parameters",
+    UnknownCredentialConfiguration = "unknown_credential_configuration",
+    UnknownCredentialIdentifier = "unknown_credential_identifier",
+    InvalidTransactionId = "invalid_transaction_id",
+    UnsupportedCredentialType = "unsupported_credential_type",
+    UnsupportedCredentialFormat = "unsupported_credential_format",
     InvalidRequestUri = "invalid_request_uri",
     InvalidRequestObject = "invalid_request_object",
     RequestNotSupported = "request_not_supported",
@@ -7488,14 +7491,14 @@ interface VerifyAuthorizationRequestDpop {
      * The dpop jwt from the pushed authorization request.
      *
      * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
-     * be provided. If both are provided, the jwk thubmprints are matched
+     * be provided. If both are provided, the jwk thumbprints are matched
      */
     jwt?: string;
     /**
      * The jwk thumbprint as provided in the `dpop_jkt` parameter.
      *
      * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
-     * be provided. If both are provided, the jwk thubmprints are matched
+     * be provided. If both are provided, the jwk thumbprints are matched
      */
     jwkThumbprint?: string;
     /**
@@ -7531,7 +7534,7 @@ interface VerifyAuthorizationRequestReturn {
          */
         jwkThumbprint: string;
         /**
-         * The JWK will be returend if a DPoP proof was provided in the header.
+         * The JWK will be returned if a DPoP proof was provided in the header.
          */
         jwk?: Jwk;
     };
@@ -7623,10 +7626,10 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
 /**
  * Fetch JWKs from a provided JWKs URI.
  *
- * Returns validated metadata if successfull response
+ * Returns validated metadata if successful response
  * Throws error otherwise
  *
- * @throws {ValidationError} if successfull response but validation of response failed
+ * @throws {ValidationError} if successful response but validation of response failed
  * @throws {InvalidFetchResponseError} if unsuccesful response
  */
 declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
@@ -7635,11 +7638,11 @@ declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
  * Fetch well known metadata and validate the response.
  *
  * Returns null if 404 is returned
- * Returns validated metadata if successfull response
+ * Returns validated metadata if successful response
  * Throws error otherwise
  *
- * @throws {ValidationError} if successfull response but validation of response failed
- * @throws {InvalidFetchResponseError} if no successfull or 404 response
+ * @throws {ValidationError} if successful response but validation of response failed
+ * @throws {InvalidFetchResponseError} if no successful or 404 response
  * @throws {Error} if parsing json from response fails
  */
 declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z__default.infer<Schema> | null>;
@@ -8811,7 +8814,7 @@ interface ParseAccessTokenRequestOptions {
     request: RequestLike;
     /**
      * The access token request as a JSON object. Your server should decode the
-     * `x-www-url-form-urlencoded` body into an object (e.g. using `bodyParser.urlEncoed()` in express)
+     * `x-www-url-form-urlencoded` body into an object (e.g. using `bodyParser.urlEncoded()` in express)
      */
     accessTokenRequest: Record<string, unknown>;
 }

package/dist/index.d.ts

@@ -21,11 +21,14 @@ declare enum Oauth2ErrorCodes {
     InsufficientAuthorization = "insufficient_authorization",
     InvalidCredentialRequest = "invalid_credential_request",
     CredentialRequestDenied = "credential_request_denied",
-    UnsupportedCredentialType = "unsupported_credential_type",
-    UnsupportedCredentialFormat = "unsupported_credential_format",
     InvalidProof = "invalid_proof",
     InvalidNonce = "invalid_nonce",
     InvalidEncryptionParameters = "invalid_encryption_parameters",
+    UnknownCredentialConfiguration = "unknown_credential_configuration",
+    UnknownCredentialIdentifier = "unknown_credential_identifier",
+    InvalidTransactionId = "invalid_transaction_id",
+    UnsupportedCredentialType = "unsupported_credential_type",
+    UnsupportedCredentialFormat = "unsupported_credential_format",
     InvalidRequestUri = "invalid_request_uri",
     InvalidRequestObject = "invalid_request_object",
     RequestNotSupported = "request_not_supported",
@@ -7488,14 +7491,14 @@ interface VerifyAuthorizationRequestDpop {
      * The dpop jwt from the pushed authorization request.
      *
      * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
-     * be provided. If both are provided, the jwk thubmprints are matched
+     * be provided. If both are provided, the jwk thumbprints are matched
      */
     jwt?: string;
     /**
      * The jwk thumbprint as provided in the `dpop_jkt` parameter.
      *
      * If dpop is required, at least one of `jwt` or `jwkThumbprint` MUST
-     * be provided. If both are provided, the jwk thubmprints are matched
+     * be provided. If both are provided, the jwk thumbprints are matched
      */
     jwkThumbprint?: string;
     /**
@@ -7531,7 +7534,7 @@ interface VerifyAuthorizationRequestReturn {
          */
         jwkThumbprint: string;
         /**
-         * The JWK will be returend if a DPoP proof was provided in the header.
+         * The JWK will be returned if a DPoP proof was provided in the header.
          */
         jwk?: Jwk;
     };
@@ -7623,10 +7626,10 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
 /**
  * Fetch JWKs from a provided JWKs URI.
  *
- * Returns validated metadata if successfull response
+ * Returns validated metadata if successful response
  * Throws error otherwise
  *
- * @throws {ValidationError} if successfull response but validation of response failed
+ * @throws {ValidationError} if successful response but validation of response failed
  * @throws {InvalidFetchResponseError} if unsuccesful response
  */
 declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
@@ -7635,11 +7638,11 @@ declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
  * Fetch well known metadata and validate the response.
  *
  * Returns null if 404 is returned
- * Returns validated metadata if successfull response
+ * Returns validated metadata if successful response
  * Throws error otherwise
  *
- * @throws {ValidationError} if successfull response but validation of response failed
- * @throws {InvalidFetchResponseError} if no successfull or 404 response
+ * @throws {ValidationError} if successful response but validation of response failed
+ * @throws {InvalidFetchResponseError} if no successful or 404 response
  * @throws {Error} if parsing json from response fails
  */
 declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z__default.infer<Schema> | null>;
@@ -8811,7 +8814,7 @@ interface ParseAccessTokenRequestOptions {
     request: RequestLike;
     /**
      * The access token request as a JSON object. Your server should decode the
-     * `x-www-url-form-urlencoded` body into an object (e.g. using `bodyParser.urlEncoed()` in express)
+     * `x-www-url-form-urlencoded` body into an object (e.g. using `bodyParser.urlEncoded()` in express)
      */
     accessTokenRequest: Record<string, unknown>;
 }

package/dist/index.js

@@ -107,11 +107,14 @@ var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes2) => {
   Oauth2ErrorCodes2["InsufficientAuthorization"] = "insufficient_authorization";
   Oauth2ErrorCodes2["InvalidCredentialRequest"] = "invalid_credential_request";
   Oauth2ErrorCodes2["CredentialRequestDenied"] = "credential_request_denied";
-  Oauth2ErrorCodes2["UnsupportedCredentialType"] = "unsupported_credential_type";
-  Oauth2ErrorCodes2["UnsupportedCredentialFormat"] = "unsupported_credential_format";
   Oauth2ErrorCodes2["InvalidProof"] = "invalid_proof";
   Oauth2ErrorCodes2["InvalidNonce"] = "invalid_nonce";
   Oauth2ErrorCodes2["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
+  Oauth2ErrorCodes2["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
+  Oauth2ErrorCodes2["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
+  Oauth2ErrorCodes2["InvalidTransactionId"] = "invalid_transaction_id";
+  Oauth2ErrorCodes2["UnsupportedCredentialType"] = "unsupported_credential_type";
+  Oauth2ErrorCodes2["UnsupportedCredentialFormat"] = "unsupported_credential_format";
   Oauth2ErrorCodes2["InvalidRequestUri"] = "invalid_request_uri";
   Oauth2ErrorCodes2["InvalidRequestObject"] = "invalid_request_object";
   Oauth2ErrorCodes2["RequestNotSupported"] = "request_not_supported";
@@ -506,7 +509,7 @@ var zCompactJwe = import_zod6.z.string().regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\
   message: "Not a valid compact jwe"
 });
 
-// src/client-attestation/clent-attestation.ts
+// src/client-attestation/client-attestation.ts
 var import_utils8 = require("@openid4vc/utils");
 
 // src/common/jwt/verify-jwt.ts
@@ -693,7 +696,7 @@ async function createClientAttestationPopJwt(options) {
   return jwt;
 }
 
-// src/client-attestation/clent-attestation.ts
+// src/client-attestation/client-attestation.ts
 async function verifyClientAttestationJwt(options) {
   const { header, payload } = decodeJwt({
     jwt: options.clientAttestationJwt,
@@ -959,7 +962,7 @@ async function fetchWellKnownMetadata(wellKnownMetadataUrl, schema, fetch) {
   }
   if (!response.ok) {
     throw new import_utils11.InvalidFetchResponseError(
-      `Fetching well known metadata from '${wellKnownMetadataUrl}' resulted in an unsuccessfull response with status '${response.status}'.`,
+      `Fetching well known metadata from '${wellKnownMetadataUrl}' resulted in an unsuccessful response with status '${response.status}'.`,
       await response.clone().text(),
       response
     );
@@ -1089,7 +1092,7 @@ async function fetchJwks(jwksUrl, fetch) {
   const { result, response } = await fetcher(zJwkSet, [import_utils14.ContentType.JwkSet, import_utils14.ContentType.Json], jwksUrl);
   if (!response.ok) {
     throw new import_utils15.InvalidFetchResponseError(
-      `Fetching JWKs from jwks_uri '${jwksUrl}' resulted in an unsuccessfull response with status code '${response.status}'.`,
+      `Fetching JWKs from jwks_uri '${jwksUrl}' resulted in an unsuccessful response with status code '${response.status}'.`,
       await response.clone().text(),
       response
     );
@@ -1878,7 +1881,7 @@ function parseAccessTokenRequest(options) {
   if (!parsedAccessTokenRequest.success) {
     throw new Oauth2ServerErrorResponseError({
       error: "invalid_request" /* InvalidRequest */,
-      error_description: `Error occured during validation of authorization request.
+      error_description: `Error occurred during validation of authorization request.
 ${(0, import_utils29.formatZodError)(parsedAccessTokenRequest.error)}`
     });
   }
@@ -2116,7 +2119,7 @@ async function verifyAccessTokenRequestClientAttestation(options, authorizationS
       throw new Oauth2ServerErrorResponseError(
         {
           error: "invalid_request" /* InvalidRequest */,
-          error_description: "Expected the DPoP JWK thumbprint value to match the JWK thumbprint of the client attestation confirmation JWK. Ensrue both DPoP and client attestation use the same key."
+          error_description: "Expected the DPoP JWK thumbprint value to match the JWK thumbprint of the client attestation confirmation JWK. Ensure both DPoP and client attestation use the same key."
         },
         {
           status: 401
@@ -2295,7 +2298,7 @@ function parseAuthorizationChallengeRequest(options) {
   if (!parsedAuthorizationChallengeRequest.success) {
     throw new Oauth2ServerErrorResponseError({
       error: "invalid_request" /* InvalidRequest */,
-      error_description: `Error occured during validation of authorization challenge request.
+      error_description: `Error occurred during validation of authorization challenge request.
 ${(0, import_utils34.formatZodError)(parsedAuthorizationChallengeRequest.error)}`
     });
   }
@@ -2368,7 +2371,7 @@ async function verifyAuthorizationRequestClientAttestation(options, authorizatio
       throw new Oauth2ServerErrorResponseError(
         {
           error: "invalid_request" /* InvalidRequest */,
-          error_description: "Expected the DPoP JWK thumbprint value to match the JWK thumbprint of the client attestation confirmation JWK. Ensrue both DPoP and client attestation use the same key."
+          error_description: "Expected the DPoP JWK thumbprint value to match the JWK thumbprint of the client attestation confirmation JWK. Ensure both DPoP and client attestation use the same key."
         },
         {
           status: 401