@openid4vc/openid4vci 0.3.0-alpha-20250320203319 → 0.3.0-alpha-20250320210854

package/dist/index.js

@@ -40,11 +40,11 @@ __export(src_exports, {
   credentialsSupportedToCredentialConfigurationsSupported: () => credentialsSupportedToCredentialConfigurationsSupported,
   extractScopesForCredentialConfigurationIds: () => extractScopesForCredentialConfigurationIds,
   getCredentialConfigurationsMatchingRequestFormat: () => getCredentialConfigurationsMatchingRequestFormat,
-  getGlobalConfig: () => import_utils19.getGlobalConfig,
-  setGlobalConfig: () => import_utils19.setGlobalConfig
+  getGlobalConfig: () => import_utils20.getGlobalConfig,
+  setGlobalConfig: () => import_utils20.setGlobalConfig
 });
 module.exports = __toCommonJS(src_exports);
-var import_utils19 = require("@openid4vc/utils");
+var import_utils20 = require("@openid4vc/utils");
 
 // src/credential-request/credential-request-configurations.ts
 var import_utils4 = require("@openid4vc/utils");
@@ -712,69 +712,46 @@ var import_oauth218 = require("@openid4vc/oauth2");
 
 // src/credential-offer/credential-offer.ts
 var import_oauth26 = require("@openid4vc/oauth2");
-var import_utils6 = require("@openid4vc/utils");
+var import_utils7 = require("@openid4vc/utils");
 
 // src/credential-offer/z-credential-offer.ts
 var import_oauth25 = require("@openid4vc/oauth2");
-var import_zod11 = __toESM(require("zod"));
-
-// ../utils/src/validation.ts
+var import_utils6 = require("@openid4vc/utils");
 var import_zod10 = __toESM(require("zod"));
-
-// ../utils/src/config.ts
-var GLOBAL_CONFIG = {
-  allowInsecureUrls: false
-};
-function getGlobalConfig() {
-  return GLOBAL_CONFIG;
-}
-
-// ../utils/src/validation.ts
-var zHttpsUrl2 = import_zod10.default.string().url().refine(
-  (url) => {
-    const { allowInsecureUrls } = getGlobalConfig();
-    return allowInsecureUrls ? url.startsWith("http://") || url.startsWith("https://") : url.startsWith("https://");
-  },
-  { message: "url must be an https:// url" }
-);
-var zInteger2 = import_zod10.default.number().int();
-var zHttpMethod = import_zod10.default.enum(["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "TRACE", "CONNECT", "PATCH"]);
-
-// src/credential-offer/z-credential-offer.ts
-var zTxCode = import_zod11.default.object({
-  input_mode: import_zod11.default.union([import_zod11.default.literal("numeric"), import_zod11.default.literal("text")]).optional(),
-  length: import_zod11.default.number().int().optional(),
-  description: import_zod11.default.string().max(300).optional()
+var zTxCode = import_zod10.default.object({
+  input_mode: import_zod10.default.union([import_zod10.default.literal("numeric"), import_zod10.default.literal("text")]).optional(),
+  length: import_zod10.default.number().int().optional(),
+  description: import_zod10.default.string().max(300).optional()
 }).passthrough();
-var zCredentialOfferGrants = import_zod11.default.object({
-  authorization_code: import_zod11.default.object({
-    issuer_state: import_zod11.default.string().optional(),
-    authorization_server: zHttpsUrl2.optional()
+var zCredentialOfferGrants = import_zod10.default.object({
+  authorization_code: import_zod10.default.object({
+    issuer_state: import_zod10.default.string().optional(),
+    authorization_server: import_utils6.zHttpsUrl.optional()
   }).passthrough().optional(),
-  [import_oauth25.preAuthorizedCodeGrantIdentifier]: import_zod11.default.object({
-    "pre-authorized_code": import_zod11.default.string(),
+  [import_oauth25.preAuthorizedCodeGrantIdentifier]: import_zod10.default.object({
+    "pre-authorized_code": import_zod10.default.string(),
     tx_code: zTxCode.optional(),
-    authorization_server: zHttpsUrl2.optional()
+    authorization_server: import_utils6.zHttpsUrl.optional()
   }).passthrough().optional()
 }).passthrough();
-var zCredentialOfferObjectDraft14 = import_zod11.default.object({
-  credential_issuer: zHttpsUrl2,
-  credential_configuration_ids: import_zod11.default.array(import_zod11.default.string()),
-  grants: import_zod11.default.optional(zCredentialOfferGrants)
+var zCredentialOfferObjectDraft14 = import_zod10.default.object({
+  credential_issuer: import_utils6.zHttpsUrl,
+  credential_configuration_ids: import_zod10.default.array(import_zod10.default.string()),
+  grants: import_zod10.default.optional(zCredentialOfferGrants)
 }).passthrough();
-var zCredentialOfferObjectDraft11To14 = import_zod11.default.object({
-  credential_issuer: zHttpsUrl2,
+var zCredentialOfferObjectDraft11To14 = import_zod10.default.object({
+  credential_issuer: import_utils6.zHttpsUrl,
   // We don't support the inline offer objects from draft 11
-  credentials: import_zod11.default.array(
-    import_zod11.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })
+  credentials: import_zod10.default.array(
+    import_zod10.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })
   ),
-  grants: import_zod11.default.optional(
-    import_zod11.default.object({
+  grants: import_zod10.default.optional(
+    import_zod10.default.object({
       // Has extra param in draft 14, but doesn't matter for transform purposes
       authorization_code: zCredentialOfferGrants.shape.authorization_code,
-      [import_oauth25.preAuthorizedCodeGrantIdentifier]: import_zod11.default.object({
-        "pre-authorized_code": import_zod11.default.string(),
-        user_pin_required: import_zod11.default.optional(import_zod11.default.boolean())
+      [import_oauth25.preAuthorizedCodeGrantIdentifier]: import_zod10.default.object({
+        "pre-authorized_code": import_zod10.default.string(),
+        user_pin_required: import_zod10.default.optional(import_zod10.default.boolean())
       }).passthrough().optional()
     })
   )
@@ -799,7 +776,7 @@ var zCredentialOfferObjectDraft11To14 = import_zod11.default.object({
   }
   return v14;
 }).pipe(zCredentialOfferObjectDraft14);
-var zCredentialOfferObject = import_zod11.default.union([
+var zCredentialOfferObject = import_zod10.default.union([
   // First prioritize draft 14 (and 13)
   zCredentialOfferObjectDraft14,
   // Then try parsing draft 11 and transform into draft 14
@@ -808,13 +785,13 @@ var zCredentialOfferObject = import_zod11.default.union([
 
 // src/credential-offer/credential-offer.ts
 async function resolveCredentialOffer(credentialOffer, options) {
-  const parsedQueryParams = (0, import_utils6.getQueryParams)(credentialOffer);
+  const parsedQueryParams = (0, import_utils7.getQueryParams)(credentialOffer);
   let credentialOfferParseResult;
   if (parsedQueryParams.credential_offer_uri) {
-    const fetchWithZod = (0, import_utils6.createZodFetcher)(options?.fetch);
+    const fetchWithZod = (0, import_utils7.createZodFetcher)(options?.fetch);
     const { response, result } = await fetchWithZod(
       zCredentialOfferObject,
-      import_utils6.ContentType.Json,
+      import_utils7.ContentType.Json,
       parsedQueryParams.credential_offer_uri
     );
     if (!response.ok || !result) {
@@ -837,7 +814,7 @@ async function resolveCredentialOffer(credentialOffer, options) {
     throw new import_oauth26.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
   }
   if (credentialOfferParseResult.error) {
-    throw new import_utils6.ValidationError(
+    throw new import_utils7.ValidationError(
       `Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`,
       credentialOfferParseResult.error
     );
@@ -895,7 +872,7 @@ async function createCredentialOffer(options) {
     });
     grants[import_oauth26.preAuthorizedCodeGrantIdentifier] = {
       ...preAuthorizedCodeGrant,
-      "pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, import_utils6.encodeToBase64Url)(await options.callbacks.generateRandom(32))
+      "pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, import_utils7.encodeToBase64Url)(await options.callbacks.generateRandom(32))
     };
     const txCode = grants[import_oauth26.preAuthorizedCodeGrantIdentifier].tx_code;
     if (txCode && options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
@@ -911,7 +888,7 @@ async function createCredentialOffer(options) {
     );
   }
   const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
-  const credentialOfferObject = (0, import_utils6.parseWithErrorHandling)(zCredentialOfferObject, {
+  const credentialOfferObject = (0, import_utils7.parseWithErrorHandling)(zCredentialOfferObject, {
     credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
     credential_configuration_ids: options.credentialConfigurationIds,
     grants,
@@ -920,10 +897,10 @@ async function createCredentialOffer(options) {
   if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
     credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
   }
-  const url = new import_utils6.URL(credentialOfferScheme);
-  url.search = `?${new import_utils6.URLSearchParams([
+  const url = new import_utils7.URL(credentialOfferScheme);
+  url.search = `?${new import_utils7.URLSearchParams([
     ...url.searchParams.entries(),
-    ...(0, import_utils6.objectToQueryParams)({
+    ...(0, import_utils7.objectToQueryParams)({
       credential_offer_uri: options.credentialOfferUri,
       // Only add credential_offer is uri is undefined
       credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
@@ -936,7 +913,7 @@ async function createCredentialOffer(options) {
 }
 
 // src/credential-request/format-payload.ts
-var import_utils7 = require("@openid4vc/utils");
+var import_utils8 = require("@openid4vc/utils");
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
   const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
   if (!credentialConfiguration) {
@@ -944,19 +921,19 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
       `Could not find credential configuration with id '${options.credentialConfigurationId}' in metadata of credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'.`
     );
   }
-  if ((0, import_utils7.zIs)(zSdJwtVcCredentialIssuerMetadata, credentialConfiguration)) {
+  if ((0, import_utils8.zIs)(zSdJwtVcCredentialIssuerMetadata, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       vct: credentialConfiguration.vct
     };
   }
-  if ((0, import_utils7.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration)) {
+  if ((0, import_utils8.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       doctype: credentialConfiguration.doctype
     };
   }
-  if ((0, import_utils7.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration)) {
+  if ((0, import_utils8.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       credential_definition: {
@@ -965,7 +942,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
       }
     };
   }
-  if ((0, import_utils7.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration)) {
+  if ((0, import_utils8.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       credential_definition: {
@@ -974,7 +951,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
       }
     };
   }
-  if ((0, import_utils7.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration)) {
+  if ((0, import_utils8.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       credential_definition: {
@@ -989,77 +966,77 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
 
 // src/credential-request/retrieve-credentials.ts
 var import_oauth210 = require("@openid4vc/oauth2");
-var import_utils9 = require("@openid4vc/utils");
+var import_utils10 = require("@openid4vc/utils");
 
 // src/credential-request/z-credential-request.ts
-var import_zod15 = __toESM(require("zod"));
+var import_zod14 = __toESM(require("zod"));
 
 // src/credential-request/z-credential-request-common.ts
 var import_oauth29 = require("@openid4vc/oauth2");
-var import_zod14 = __toESM(require("zod"));
+var import_zod13 = __toESM(require("zod"));
 
 // src/formats/proof-type/jwt/z-jwt-proof-type.ts
 var import_oauth27 = require("@openid4vc/oauth2");
-var import_utils8 = require("@openid4vc/utils");
-var import_zod12 = __toESM(require("zod"));
-var zJwtProofTypeIdentifier = import_zod12.default.literal("jwt");
+var import_utils9 = require("@openid4vc/utils");
+var import_zod11 = __toESM(require("zod"));
+var zJwtProofTypeIdentifier = import_zod11.default.literal("jwt");
 var jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
-var zCredentialRequestProofJwt = import_zod12.default.object({
+var zCredentialRequestProofJwt = import_zod11.default.object({
   proof_type: zJwtProofTypeIdentifier,
   jwt: import_oauth27.zCompactJwt
 });
 var zCredentialRequestJwtProofTypeHeader = import_oauth27.zJwtHeader.merge(
-  import_zod12.default.object({
-    key_attestation: import_zod12.default.optional(import_oauth27.zCompactJwt),
-    typ: import_zod12.default.literal("openid4vci-proof+jwt")
+  import_zod11.default.object({
+    key_attestation: import_zod11.default.optional(import_oauth27.zCompactJwt),
+    typ: import_zod11.default.literal("openid4vci-proof+jwt")
   })
 ).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
   message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
 }).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
   message: `When 'trust_chain' is provided, 'kid' is required`
 });
-var zCredentialRequestJwtProofTypePayload = import_zod12.default.object({
+var zCredentialRequestJwtProofTypePayload = import_zod11.default.object({
   ...import_oauth27.zJwtPayload.shape,
-  aud: import_utils8.zHttpsUrl,
-  iat: import_utils8.zInteger
+  aud: import_utils9.zHttpsUrl,
+  iat: import_utils9.zInteger
 }).passthrough();
 
 // src/formats/proof-type/attestation/z-attestation-proof-type.ts
 var import_oauth28 = require("@openid4vc/oauth2");
-var import_zod13 = __toESM(require("zod"));
-var zAttestationProofTypeIdentifier = import_zod13.default.literal("attestation");
+var import_zod12 = __toESM(require("zod"));
+var zAttestationProofTypeIdentifier = import_zod12.default.literal("attestation");
 var attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
-var zCredentialRequestProofAttestation = import_zod13.default.object({
+var zCredentialRequestProofAttestation = import_zod12.default.object({
   proof_type: zAttestationProofTypeIdentifier,
   attestation: import_oauth28.zCompactJwt
 });
 var zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
 
 // src/credential-request/z-credential-request-common.ts
-var zCredentialRequestProofCommon = import_zod14.default.object({
-  proof_type: import_zod14.default.string()
+var zCredentialRequestProofCommon = import_zod13.default.object({
+  proof_type: import_zod13.default.string()
 }).passthrough();
 var allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
-var zCredentialRequestProof = import_zod14.default.union([
+var zCredentialRequestProof = import_zod13.default.union([
   zCredentialRequestProofCommon,
-  import_zod14.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
+  import_zod13.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
 ]);
-var zCredentialRequestProofsCommon = import_zod14.default.record(import_zod14.default.string(), import_zod14.default.array(import_zod14.default.unknown()));
-var zCredentialRequestProofs = import_zod14.default.object({
-  [zJwtProofTypeIdentifier.value]: import_zod14.default.optional(import_zod14.default.array(zCredentialRequestProofJwt.shape.jwt)),
-  [zAttestationProofTypeIdentifier.value]: import_zod14.default.optional(import_zod14.default.array(zCredentialRequestProofAttestation.shape.attestation))
+var zCredentialRequestProofsCommon = import_zod13.default.record(import_zod13.default.string(), import_zod13.default.array(import_zod13.default.unknown()));
+var zCredentialRequestProofs = import_zod13.default.object({
+  [zJwtProofTypeIdentifier.value]: import_zod13.default.optional(import_zod13.default.array(zCredentialRequestProofJwt.shape.jwt)),
+  [zAttestationProofTypeIdentifier.value]: import_zod13.default.optional(import_zod13.default.array(zCredentialRequestProofAttestation.shape.attestation))
 });
-var zCredentialRequestCommon = import_zod14.default.object({
+var zCredentialRequestCommon = import_zod13.default.object({
   proof: zCredentialRequestProof.optional(),
-  proofs: import_zod14.default.optional(
-    import_zod14.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
+  proofs: import_zod13.default.optional(
+    import_zod13.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
       message: `The 'proofs' object in a credential request should contain exactly one attribute`
     })
   ),
-  credential_response_encryption: import_zod14.default.object({
+  credential_response_encryption: import_zod13.default.object({
     jwk: import_oauth29.zJwk,
-    alg: import_zod14.default.string(),
-    enc: import_zod14.default.string()
+    alg: import_zod13.default.string(),
+    enc: import_zod13.default.string()
   }).passthrough().optional()
 }).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), {
   message: `Both 'proof' and 'proofs' are defined. Only one is allowed`
@@ -1076,27 +1053,27 @@ var allCredentialRequestFormats = [
 var allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map(
   (format) => format.shape.format.value
 );
-var zAuthorizationDetailsCredentialRequest = import_zod15.default.object({
-  credential_identifier: import_zod15.default.string(),
+var zAuthorizationDetailsCredentialRequest = import_zod14.default.object({
+  credential_identifier: import_zod14.default.string(),
   // Cannot be present if credential identifier is present
-  format: import_zod15.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
+  format: import_zod14.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
 });
-var zCredentialRequestFormatNoCredentialIdentifier = import_zod15.default.object({
-  format: import_zod15.default.string(),
-  credential_identifier: import_zod15.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional()
+var zCredentialRequestFormatNoCredentialIdentifier = import_zod14.default.object({
+  format: import_zod14.default.string(),
+  credential_identifier: import_zod14.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional()
 }).passthrough();
 var zCredenialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormatNoCredentialIdentifier).transform((data, ctx) => {
   if (!allCredentialRequestFormatIdentifiers.includes(data.format)) return data;
-  const result = import_zod15.default.object({}).passthrough().and(import_zod15.default.discriminatedUnion("format", allCredentialRequestFormats)).safeParse(data);
+  const result = import_zod14.default.object({}).passthrough().and(import_zod14.default.discriminatedUnion("format", allCredentialRequestFormats)).safeParse(data);
   if (result.success) {
     return result.data;
   }
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod15.default.NEVER;
+  return import_zod14.default.NEVER;
 });
-var zCredentialRequestDraft14 = import_zod15.default.union([
+var zCredentialRequestDraft14 = import_zod14.default.union([
   zCredenialRequestDraft14WithFormat,
   zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)
 ]);
@@ -1113,7 +1090,7 @@ var zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequ
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod15.default.NEVER;
+  return import_zod14.default.NEVER;
 }).pipe(zCredentialRequestDraft14);
 var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
   (data) => data.credential_identifier === void 0,
@@ -1131,15 +1108,15 @@ var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod15.default.NEVER;
+  return import_zod14.default.NEVER;
 });
-var zCredentialRequest = import_zod15.default.union([zCredentialRequestDraft14, zCredentialRequestDraft11To14]);
+var zCredentialRequest = import_zod14.default.union([zCredentialRequestDraft14, zCredentialRequestDraft11To14]);
 
 // src/credential-request/z-credential-response.ts
-var import_zod17 = __toESM(require("zod"));
+var import_zod16 = __toESM(require("zod"));
 
 // ../oauth2/src/common/z-oauth2-error.ts
-var import_zod16 = __toESM(require("zod"));
+var import_zod15 = __toESM(require("zod"));
 var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
   Oauth2ErrorCodes4["ServerError"] = "server_error";
   Oauth2ErrorCodes4["InvalidTarget"] = "invalid_target";
@@ -1176,21 +1153,21 @@ var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
   Oauth2ErrorCodes4["WalletUnavailable"] = "wallet_unavailable";
   return Oauth2ErrorCodes4;
 })(Oauth2ErrorCodes || {});
-var zOauth2ErrorResponse = import_zod16.default.object({
-  error: import_zod16.default.union([import_zod16.default.nativeEnum(Oauth2ErrorCodes), import_zod16.default.string()]),
-  error_description: import_zod16.default.string().optional(),
-  error_uri: import_zod16.default.string().optional()
+var zOauth2ErrorResponse = import_zod15.default.object({
+  error: import_zod15.default.union([import_zod15.default.nativeEnum(Oauth2ErrorCodes), import_zod15.default.string()]),
+  error_description: import_zod15.default.string().optional(),
+  error_uri: import_zod15.default.string().optional()
 }).passthrough();
 
 // src/credential-request/z-credential-response.ts
-var zCredentialEncoding = import_zod17.default.union([import_zod17.default.string(), import_zod17.default.record(import_zod17.default.string(), import_zod17.default.any())]);
-var zCredentialResponse = import_zod17.default.object({
-  credential: import_zod17.default.optional(zCredentialEncoding),
-  credentials: import_zod17.default.optional(import_zod17.default.array(zCredentialEncoding)),
-  transaction_id: import_zod17.default.string().optional(),
-  c_nonce: import_zod17.default.string().optional(),
-  c_nonce_expires_in: import_zod17.default.number().int().optional(),
-  notification_id: import_zod17.default.string().optional()
+var zCredentialEncoding = import_zod16.default.union([import_zod16.default.string(), import_zod16.default.record(import_zod16.default.string(), import_zod16.default.any())]);
+var zCredentialResponse = import_zod16.default.object({
+  credential: import_zod16.default.optional(zCredentialEncoding),
+  credentials: import_zod16.default.optional(import_zod16.default.array(zCredentialEncoding)),
+  transaction_id: import_zod16.default.string().optional(),
+  c_nonce: import_zod16.default.string().optional(),
+  c_nonce_expires_in: import_zod16.default.number().int().optional(),
+  notification_id: import_zod16.default.string().optional()
 }).passthrough().refine(
   (value) => {
     const { credential, credentials, transaction_id } = value;
@@ -1200,10 +1177,10 @@ var zCredentialResponse = import_zod17.default.object({
     message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
   }
 );
-var zCredentialErrorResponse = import_zod17.default.object({
+var zCredentialErrorResponse = import_zod16.default.object({
   ...zOauth2ErrorResponse.shape,
-  c_nonce: import_zod17.default.string().optional(),
-  c_nonce_expires_in: import_zod17.default.number().int().optional()
+  c_nonce: import_zod16.default.string().optional(),
+  c_nonce_expires_in: import_zod16.default.number().int().optional()
 }).passthrough();
 
 // src/credential-request/retrieve-credentials.ts
@@ -1224,7 +1201,7 @@ async function retrieveCredentialsWithFormat(options) {
 }
 async function retrieveCredentials(options) {
   const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
-  let credentialRequest = (0, import_utils9.parseWithErrorHandling)(
+  let credentialRequest = (0, import_utils10.parseWithErrorHandling)(
     zCredentialRequest,
     options.credentialRequest,
     "Error validating credential request"
@@ -1244,7 +1221,7 @@ async function retrieveCredentials(options) {
     }
   }
   if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-    credentialRequest = (0, import_utils9.parseWithErrorHandling)(
+    credentialRequest = (0, import_utils10.parseWithErrorHandling)(
       zCredentialRequestDraft14To11,
       credentialRequest,
       `Error transforming credential request from ${"Draft14" /* Draft14 */} to ${"Draft11" /* Draft11 */}`
@@ -1258,19 +1235,19 @@ async function retrieveCredentials(options) {
     requestOptions: {
       method: "POST",
       headers: {
-        "Content-Type": import_utils9.ContentType.Json
+        "Content-Type": import_utils10.ContentType.Json
       },
       body: JSON.stringify(credentialRequest)
     }
   });
   if (!resourceResponse.ok) {
-    const credentialErrorResponseResult = (0, import_utils9.isResponseContentType)(import_utils9.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+    const credentialErrorResponseResult = (0, import_utils10.isResponseContentType)(import_utils10.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
     return {
       ...resourceResponse,
       credentialErrorResponseResult
     };
   }
-  const credentialResponseResult = (0, import_utils9.isResponseContentType)(import_utils9.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+  const credentialResponseResult = (0, import_utils10.isResponseContentType)(import_utils10.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
   if (!credentialResponseResult?.success) {
     return {
       ...resourceResponse,
@@ -1287,12 +1264,12 @@ async function retrieveCredentials(options) {
 // src/formats/proof-type/jwt/jwt-proof-type.ts
 var import_oauth213 = require("@openid4vc/oauth2");
 var import_oauth214 = require("@openid4vc/oauth2");
-var import_utils11 = require("@openid4vc/utils");
+var import_utils12 = require("@openid4vc/utils");
 
 // src/key-attestation/key-attestation.ts
 var import_oauth211 = require("@openid4vc/oauth2");
 var import_oauth212 = require("@openid4vc/oauth2");
-var import_utils10 = require("@openid4vc/utils");
+var import_utils11 = require("@openid4vc/utils");
 async function verifyKeyAttestationJwt(options) {
   const { header, payload } = (0, import_oauth211.decodeJwt)({
     jwt: options.keyAttestationJwt,
@@ -1322,15 +1299,15 @@ async function verifyKeyAttestationJwt(options) {
 
 // src/formats/proof-type/jwt/jwt-proof-type.ts
 async function createCredentialRequestJwtProof(options) {
-  const header = (0, import_utils11.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
+  const header = (0, import_utils12.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
     ...(0, import_oauth213.jwtHeaderFromJwtSigner)(options.signer),
     key_attestation: options.keyAttestationJwt,
     typ: "openid4vci-proof+jwt"
   });
-  const payload = (0, import_utils11.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
+  const payload = (0, import_utils12.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
     nonce: options.nonce,
     aud: options.credentialIssuer,
-    iat: (0, import_utils11.dateToSeconds)(options.issuedAt),
+    iat: (0, import_utils12.dateToSeconds)(options.issuedAt),
     iss: options.clientId
   });
   const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, { header, payload });
@@ -1403,7 +1380,7 @@ async function verifyCredentialRequestJwtProof(options) {
 
 // src/metadata/fetch-issuer-metadata.ts
 var import_oauth215 = require("@openid4vc/oauth2");
-var import_utils12 = require("@openid4vc/utils");
+var import_utils13 = require("@openid4vc/utils");
 async function resolveIssuerMetadata(credentialIssuer, options) {
   const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
   const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, options?.fetch);
@@ -1419,7 +1396,7 @@ async function resolveIssuerMetadata(credentialIssuer, options) {
     }
     let authorizationServerMetadata = await (0, import_oauth215.fetchAuthorizationServerMetadata)(authorizationServer, options?.fetch);
     if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) {
-      authorizationServerMetadata = (0, import_utils12.parseWithErrorHandling)(
+      authorizationServerMetadata = (0, import_utils13.parseWithErrorHandling)(
         import_oauth215.zAuthorizationServerMetadata,
         {
           token_endpoint: credentialIssuerMetadata.token_endpoint,
@@ -1444,26 +1421,26 @@ async function resolveIssuerMetadata(credentialIssuer, options) {
 
 // src/nonce/nonce-request.ts
 var import_oauth216 = require("@openid4vc/oauth2");
-var import_utils14 = require("@openid4vc/utils");
+var import_utils15 = require("@openid4vc/utils");
 
 // src/nonce/z-nonce.ts
-var import_utils13 = require("@openid4vc/utils");
-var import_zod18 = __toESM(require("zod"));
-var zNonceResponse = import_zod18.default.object({
-  c_nonce: import_zod18.default.string(),
-  c_nonce_expires_in: import_zod18.default.optional(import_utils13.zInteger)
+var import_utils14 = require("@openid4vc/utils");
+var import_zod17 = __toESM(require("zod"));
+var zNonceResponse = import_zod17.default.object({
+  c_nonce: import_zod17.default.string(),
+  c_nonce_expires_in: import_zod17.default.optional(import_utils14.zInteger)
 }).passthrough();
 
 // src/nonce/nonce-request.ts
 async function requestNonce(options) {
-  const fetchWithZod = (0, import_utils14.createZodFetcher)(options?.fetch);
+  const fetchWithZod = (0, import_utils15.createZodFetcher)(options?.fetch);
   const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
   if (!nonceEndpoint) {
     throw new Openid4vciError(
       `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`
     );
   }
-  const { response, result } = await fetchWithZod(zNonceResponse, import_utils14.ContentType.Json, nonceEndpoint, {
+  const { response, result } = await fetchWithZod(zNonceResponse, import_utils15.ContentType.Json, nonceEndpoint, {
     method: "POST"
   });
   if (!response.ok || !result) {
@@ -1474,12 +1451,12 @@ async function requestNonce(options) {
     );
   }
   if (!result.success) {
-    throw new import_utils14.ValidationError("Error parsing nonce response", result.error);
+    throw new import_utils15.ValidationError("Error parsing nonce response", result.error);
   }
   return result.data;
 }
 function createNonceResponse(options) {
-  return (0, import_utils14.parseWithErrorHandling)(zNonceResponse, {
+  return (0, import_utils15.parseWithErrorHandling)(zNonceResponse, {
     c_nonce: options.cNonce,
     c_nonce_expires_in: options.cNonceExpiresIn,
     ...options.additionalPayload
@@ -1488,18 +1465,18 @@ function createNonceResponse(options) {
 
 // src/notification/notification.ts
 var import_oauth217 = require("@openid4vc/oauth2");
-var import_utils15 = require("@openid4vc/utils");
+var import_utils16 = require("@openid4vc/utils");
 
 // src/notification/z-notification.ts
-var import_zod19 = __toESM(require("zod"));
-var zNotificationEvent = import_zod19.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
-var zNotificationRequest = import_zod19.default.object({
-  notification_id: import_zod19.default.string(),
+var import_zod18 = __toESM(require("zod"));
+var zNotificationEvent = import_zod18.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
+var zNotificationRequest = import_zod18.default.object({
+  notification_id: import_zod18.default.string(),
   event: zNotificationEvent,
-  event_description: import_zod19.default.optional(import_zod19.default.string())
+  event_description: import_zod18.default.optional(import_zod18.default.string())
 }).passthrough();
-var zNotificationErrorResponse = import_zod19.default.object({
-  error: import_zod19.default.enum(["invalid_notification_id", "invalid_notification_request"])
+var zNotificationErrorResponse = import_zod18.default.object({
+  error: import_zod18.default.enum(["invalid_notification_id", "invalid_notification_request"])
 }).passthrough();
 
 // src/notification/notification.ts
@@ -1510,7 +1487,7 @@ async function sendNotifcation(options) {
       `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`
     );
   }
-  const notificationRequest = (0, import_utils15.parseWithErrorHandling)(
+  const notificationRequest = (0, import_utils16.parseWithErrorHandling)(
     zNotificationRequest,
     {
       event: options.notification.event,
@@ -1527,13 +1504,13 @@ async function sendNotifcation(options) {
     requestOptions: {
       method: "POST",
       headers: {
-        "Content-Type": import_utils15.ContentType.Json
+        "Content-Type": import_utils16.ContentType.Json
       },
       body: JSON.stringify(notificationRequest)
     }
   });
   if (!resourceResponse.ok) {
-    const notificationErrorResponseResult = (0, import_utils15.isResponseContentType)(import_utils15.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+    const notificationErrorResponseResult = (0, import_utils16.isResponseContentType)(import_utils16.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
     return {
       ...resourceResponse,
       notificationErrorResponseResult
@@ -1909,12 +1886,12 @@ var Openid4vciClient = class {
 
 // src/Openid4vciIssuer.ts
 var import_oauth219 = require("@openid4vc/oauth2");
-var import_utils18 = require("@openid4vc/utils");
+var import_utils19 = require("@openid4vc/utils");
 
 // src/credential-request/credential-response.ts
-var import_utils16 = require("@openid4vc/utils");
+var import_utils17 = require("@openid4vc/utils");
 function createCredentialResponse(options) {
-  const credentialResponse = (0, import_utils16.parseWithErrorHandling)(zCredentialResponse, {
+  const credentialResponse = (0, import_utils17.parseWithErrorHandling)(zCredentialResponse, {
     c_nonce: options.cNonce,
     c_nonce_expires_in: options.cNonceExpiresInSeconds,
     credential: options.credential,
@@ -1929,10 +1906,10 @@ function createCredentialResponse(options) {
 }
 
 // src/credential-request/parse-credential-request.ts
-var import_utils17 = require("@openid4vc/utils");
-var import_zod20 = __toESM(require("zod"));
+var import_utils18 = require("@openid4vc/utils");
+var import_zod19 = __toESM(require("zod"));
 function parseCredentialRequest(options) {
-  const credentialRequest = (0, import_utils17.parseWithErrorHandling)(
+  const credentialRequest = (0, import_utils18.parseWithErrorHandling)(
     zCredentialRequest,
     options.credentialRequest,
     "Error validating credential request"
@@ -1942,7 +1919,7 @@ function parseCredentialRequest(options) {
   if (knownProofs.success) {
     proofs = knownProofs.data;
   }
-  const knownProof = import_zod20.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
+  const knownProof = import_zod19.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
   if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) {
     proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
   } else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) {
@@ -1958,8 +1935,8 @@ function parseCredentialRequest(options) {
   if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(credentialRequest.format)) {
     return {
       // Removes all claims that are not specific to this format
-      format: (0, import_utils17.parseWithErrorHandling)(
-        import_zod20.default.union(allCredentialRequestFormats),
+      format: (0, import_utils18.parseWithErrorHandling)(
+        import_zod19.default.union(allCredentialRequestFormats),
         credentialRequest,
         "Unable to validate format specific properties from credential request"
       ),
@@ -1988,7 +1965,7 @@ var Openid4vciIssuer = class {
     this.options = options;
   }
   getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
-    return (0, import_utils18.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
+    return (0, import_utils19.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
   }
   getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
     return extractKnownCredentialConfigurationSupportedFormats(
@@ -1999,7 +1976,7 @@ var Openid4vciIssuer = class {
    * Create issuer metadata and validates the structure is correct
    */
   createCredentialIssuerMetadata(credentialIssuerMetadata) {
-    return (0, import_utils18.parseWithErrorHandling)(
+    return (0, import_utils19.parseWithErrorHandling)(
       zCredentialIssuerMetadata,
       credentialIssuerMetadata,
       "Error validating credential issuer metadata"
@@ -2089,7 +2066,7 @@ var Openid4vciIssuer = class {
           error: import_oauth219.Oauth2ErrorCodes.InvalidCredentialRequest,
           error_description: (
             // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_utils18.ValidationError ? error.message : "Invalid request"
+            error instanceof import_utils19.ValidationError ? error.message : "Invalid request"
           )
         },
         {