@openid4vc/openid4vci 0.3.0-alpha-20250813113255 → 0.3.0-alpha-20250820090758

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +10192 -2986
  2. package/dist/index.d.ts +10192 -2986
  3. package/dist/index.js +118 -88
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +118 -88
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +3 -3
package/dist/index.mjs CHANGED
@@ -312,25 +312,24 @@ var zKeyAttestationJwtPayloadForUse = (use) => z3.object({
312
312
  }).passthrough();
313
313
 
314
314
  // src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
315
+ var zCredentialConfigurationSupportedDisplayEntry = z4.object({
316
+ name: z4.string(),
317
+ locale: z4.string().optional(),
318
+ logo: z4.object({
319
+ // FIXME: make required again, but need to support draft 11 first
320
+ uri: z4.string().optional(),
321
+ alt_text: z4.string().optional()
322
+ }).passthrough().optional(),
323
+ description: z4.string().optional(),
324
+ background_color: z4.string().optional(),
325
+ background_image: z4.object({
326
+ // TODO: should be required, but paradym's metadata is wrong here.
327
+ uri: z4.string().optional()
328
+ }).passthrough().optional(),
329
+ text_color: z4.string().optional()
330
+ }).passthrough();
315
331
  var zCredentialConfigurationSupportedCommonCredentialMetadata = z4.object({
316
- display: z4.array(
317
- z4.object({
318
- name: z4.string(),
319
- locale: z4.string().optional(),
320
- logo: z4.object({
321
- // FIXME: make required again, but need to support draft 11 first
322
- uri: z4.string().optional(),
323
- alt_text: z4.string().optional()
324
- }).passthrough().optional(),
325
- description: z4.string().optional(),
326
- background_color: z4.string().optional(),
327
- background_image: z4.object({
328
- // TODO: should be required, but paradym's metadata is wrong here.
329
- uri: z4.string().optional()
330
- }).passthrough().optional(),
331
- text_color: z4.string().optional()
332
- }).passthrough()
333
- ).optional()
332
+ display: z4.array(zCredentialConfigurationSupportedDisplayEntry).optional()
334
333
  });
335
334
  var zCredentialConfigurationSupportedCommon = z4.object({
336
335
  format: z4.string(),
@@ -347,24 +346,45 @@ var zCredentialConfigurationSupportedCommon = z4.object({
347
346
  }).passthrough().optional()
348
347
  })
349
348
  ).optional(),
350
- credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional()
351
- }).passthrough();
349
+ credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
350
+ // For typing purposes. Can be removed once we drop support for draft <= 15.
351
+ claims: z4.optional(z4.never())
352
+ });
353
+ var zCredentialConfigurationSupportedCommonDraft15 = z4.object({
354
+ format: z4.string(),
355
+ scope: z4.string().optional(),
356
+ cryptographic_binding_methods_supported: z4.array(z4.string()).optional(),
357
+ credential_signing_alg_values_supported: z4.array(z4.string()).or(z4.array(z4.number())).optional(),
358
+ proof_types_supported: z4.record(
359
+ z4.union([z4.literal("jwt"), z4.literal("attestation"), z4.string()]),
360
+ z4.object({
361
+ proof_signing_alg_values_supported: z4.array(z4.string()),
362
+ key_attestations_required: z4.object({
363
+ key_storage: zIso18045OrStringArray.optional(),
364
+ user_authentication: zIso18045OrStringArray.optional()
365
+ }).passthrough().optional()
366
+ })
367
+ ).optional(),
368
+ display: z4.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
369
+ // For typing purposes.
370
+ credential_metadata: z4.optional(z4.never())
371
+ });
352
372
 
353
373
  // src/formats/credential/mso-mdoc/z-mso-mdoc.ts
354
374
  var zMsoMdocFormatIdentifier = z5.literal("mso_mdoc");
355
- var zMsoMdocCredentialIssuerMetadata = z5.object({
375
+ var zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
356
376
  format: zMsoMdocFormatIdentifier,
357
377
  doctype: z5.string(),
358
378
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
359
379
  claims: z5.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
360
380
  }).optional()
361
381
  });
362
- var zMsoMdocCredentialIssuerMetadataDraft15 = z5.object({
382
+ var zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
363
383
  format: zMsoMdocFormatIdentifier,
364
384
  doctype: z5.string(),
365
385
  claims: z5.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
366
386
  });
367
- var zMsoMdocCredentialIssuerMetadataDraft14 = z5.object({
387
+ var zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
368
388
  format: zMsoMdocFormatIdentifier,
369
389
  doctype: z5.string(),
370
390
  claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
@@ -380,13 +400,21 @@ var zMsoMdocCredentialRequestFormatDraft14 = z5.object({
380
400
  // src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
381
401
  import z6 from "zod";
382
402
  var zSdJwtVcFormatIdentifier = z6.literal("vc+sd-jwt");
383
- var zSdJwtVcCredentialIssuerMetadataDraft14 = z6.object({
403
+ var zSdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
404
+ vct: z6.string(),
405
+ format: zSdJwtVcFormatIdentifier,
406
+ order: z6.optional(z6.array(z6.string())),
407
+ credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
408
+ claims: z6.array(zCredentialConfigurationSupportedClaimsDraft14).optional()
409
+ }).optional()
410
+ });
411
+ var zSdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
384
412
  vct: z6.string(),
385
413
  format: zSdJwtVcFormatIdentifier,
386
414
  claims: z6.optional(zCredentialConfigurationSupportedClaimsDraft14),
387
415
  order: z6.optional(z6.array(z6.string()))
388
416
  });
389
- var zSdJwtVcCredentialRequestFormatDraft14 = z6.object({
417
+ var zSdJwtVcCredentialRequestFormatDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
390
418
  format: zSdJwtVcFormatIdentifier,
391
419
  vct: z6.string(),
392
420
  claims: z6.optional(zCredentialConfigurationSupportedClaimsDraft14)
@@ -395,14 +423,14 @@ var zSdJwtVcCredentialRequestFormatDraft14 = z6.object({
395
423
  // src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
396
424
  import z7 from "zod";
397
425
  var zSdJwtDcFormatIdentifier = z7.literal("dc+sd-jwt");
398
- var zSdJwtDcCredentialIssuerMetadata = z7.object({
426
+ var zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
399
427
  vct: z7.string(),
400
428
  format: zSdJwtDcFormatIdentifier,
401
429
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
402
430
  claims: z7.array(zIssuerMetadataClaimsDescription).optional()
403
431
  }).optional()
404
432
  });
405
- var zSdJwtDcCredentialIssuerMetadataDraft15 = z7.object({
433
+ var zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
406
434
  vct: z7.string(),
407
435
  format: zSdJwtDcFormatIdentifier,
408
436
  claims: z7.array(zIssuerMetadataClaimsDescription).optional()
@@ -439,19 +467,19 @@ var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.e
439
467
 
440
468
  // src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
441
469
  var zLdpVcFormatIdentifier = z9.literal("ldp_vc");
442
- var zLdpVcCredentialIssuerMetadata = z9.object({
470
+ var zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
443
471
  format: zLdpVcFormatIdentifier,
444
472
  credential_definition: zW3cVcJsonLdCredentialDefinition,
445
473
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
446
474
  claims: zIssuerMetadataClaimsDescription.optional()
447
475
  }).optional()
448
476
  });
449
- var zLdpVcCredentialIssuerMetadataDraft15 = z9.object({
477
+ var zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
450
478
  format: zLdpVcFormatIdentifier,
451
479
  credential_definition: zW3cVcJsonLdCredentialDefinition,
452
480
  claims: zIssuerMetadataClaimsDescription.optional()
453
481
  });
454
- var zLdpVcCredentialIssuerMetadataDraft14 = z9.object({
482
+ var zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
455
483
  format: zLdpVcFormatIdentifier,
456
484
  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
457
485
  order: z9.array(z9.string()).optional()
@@ -514,19 +542,19 @@ var zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.pa
514
542
  // src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
515
543
  import z10 from "zod";
516
544
  var zJwtVcJsonLdFormatIdentifier = z10.literal("jwt_vc_json-ld");
517
- var zJwtVcJsonLdCredentialIssuerMetadata = z10.object({
545
+ var zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
518
546
  format: zJwtVcJsonLdFormatIdentifier,
519
547
  credential_definition: zW3cVcJsonLdCredentialDefinition,
520
548
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
521
549
  claims: zIssuerMetadataClaimsDescription.optional()
522
550
  }).optional()
523
551
  });
524
- var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = z10.object({
552
+ var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
525
553
  format: zJwtVcJsonLdFormatIdentifier,
526
554
  credential_definition: zW3cVcJsonLdCredentialDefinition,
527
555
  claims: zIssuerMetadataClaimsDescription.optional()
528
556
  });
529
- var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = z10.object({
557
+ var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
530
558
  format: zJwtVcJsonLdFormatIdentifier,
531
559
  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
532
560
  order: z10.optional(z10.array(z10.string()))
@@ -595,19 +623,19 @@ var zJwtVcJsonCredentialDefinition = z11.object({
595
623
  var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
596
624
  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
597
625
  });
598
- var zJwtVcJsonCredentialIssuerMetadata = z11.object({
626
+ var zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
599
627
  format: zJwtVcJsonFormatIdentifier,
600
628
  credential_definition: zJwtVcJsonCredentialDefinition,
601
629
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
602
630
  claims: zIssuerMetadataClaimsDescription.optional()
603
631
  }).optional()
604
632
  });
605
- var zJwtVcJsonCredentialIssuerMetadataDraft15 = z11.object({
633
+ var zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
606
634
  format: zJwtVcJsonFormatIdentifier,
607
635
  credential_definition: zJwtVcJsonCredentialDefinition,
608
636
  claims: zIssuerMetadataClaimsDescription.optional()
609
637
  });
610
- var zJwtVcJsonCredentialIssuerMetadataDraft14 = z11.object({
638
+ var zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
611
639
  format: zJwtVcJsonFormatIdentifier,
612
640
  credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
613
641
  order: z11.array(z11.string()).optional()
@@ -671,6 +699,7 @@ var allCredentialIssuerMetadataFormats = [
671
699
  zJwtVcJsonLdCredentialIssuerMetadata,
672
700
  zLdpVcCredentialIssuerMetadata,
673
701
  zJwtVcJsonCredentialIssuerMetadata,
702
+ zSdJwtVcCredentialIssuerMetadataDraft16,
674
703
  zSdJwtDcCredentialIssuerMetadataDraft15,
675
704
  zMsoMdocCredentialIssuerMetadataDraft15,
676
705
  zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -685,32 +714,27 @@ var allCredentialIssuerMetadataFormats = [
685
714
  var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
686
715
  (format) => format.shape.format.value
687
716
  );
688
- var zCredentialConfigurationSupportedWithFormats = zCredentialConfigurationSupportedCommon.transform(
689
- (data, ctx) => {
690
- if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
691
- const validators = allCredentialIssuerMetadataFormats.reduce(
692
- (validators2, formatValidator) => {
693
- const format = formatValidator.shape.format.value;
694
- if (!validators2[format]) {
695
- validators2[format] = [];
696
- }
697
- validators2[format].push(formatValidator);
698
- return validators2;
699
- },
700
- {}
701
- )[data.format];
702
- const result = z12.object({}).passthrough().and(
703
- validators.length > 1 ? z12.union(validators) : validators[0]
704
- ).safeParse(data);
705
- if (result.success) {
706
- return result.data;
707
- }
708
- for (const issue of result.error.issues) {
709
- ctx.addIssue(issue);
710
- }
711
- return z12.NEVER;
717
+ var zCredentialConfigurationSupportedWithFormats = z12.union([
718
+ zCredentialConfigurationSupportedCommon.passthrough(),
719
+ zCredentialConfigurationSupportedCommonDraft15.passthrough()
720
+ ]).transform((data, ctx) => {
721
+ if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
722
+ const validators = allCredentialIssuerMetadataFormats.filter(
723
+ (formatValidator) => formatValidator.shape.format.value === data.format
724
+ );
725
+ const result = z12.object({}).passthrough().and(
726
+ validators.length > 1 ? z12.union(
727
+ validators
728
+ ) : validators[0]
729
+ ).safeParse(data);
730
+ if (result.success) {
731
+ return result.data;
712
732
  }
713
- );
733
+ for (const issue of result.error.issues) {
734
+ ctx.addIssue(issue);
735
+ }
736
+ return z12.NEVER;
737
+ });
714
738
  var zCredentialIssuerMetadataDisplayEntry = z12.object({
715
739
  name: z12.string().optional(),
716
740
  locale: z12.string().optional(),
@@ -740,7 +764,7 @@ var zCredentialIssuerMetadataDraft14Draft15Draft16 = z12.object({
740
764
  display: z12.array(zCredentialIssuerMetadataDisplayEntry).optional(),
741
765
  credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedWithFormats)
742
766
  }).passthrough();
743
- var zCredentialConfigurationSupportedDraft11To14 = z12.object({
767
+ var zCredentialConfigurationSupportedDraft11To16 = z12.object({
744
768
  id: z12.string().optional(),
745
769
  format: z12.string(),
746
770
  cryptographic_suites_supported: z12.array(z12.string()).optional(),
@@ -753,30 +777,36 @@ var zCredentialConfigurationSupportedDraft11To14 = z12.object({
753
777
  url: z12.string().url().optional()
754
778
  }).passthrough().optional()
755
779
  }).passthrough()
756
- ).optional()
757
- }).passthrough().transform(({ cryptographic_suites_supported, display, id, ...rest }) => ({
780
+ ).optional(),
781
+ claims: z12.any().optional()
782
+ }).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
758
783
  ...rest,
759
784
  ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
760
- ...display ? {
761
- display: display.map(({ logo, background_image, ...displayRest }) => ({
762
- ...displayRest,
763
- // url became uri and also required
764
- // so if there's no url in the logo, we remove the whole logo object
765
- ...logo?.url ? {
766
- // TODO: we should add the other params from logo as well
767
- logo: {
768
- uri: logo.url
769
- }
770
- } : {},
771
- // TODO: we should add the other params from background_image as well
772
- // url became uri and also required
773
- // so if there's no url in the background_image, we remove the whole logo object
774
- ...background_image?.url ? {
775
- background_image: {
776
- uri: background_image.url
777
- }
785
+ ...claims || display ? {
786
+ credential_metadata: {
787
+ ...claims ? { claims } : {},
788
+ ...display ? {
789
+ display: display.map(({ logo, background_image, ...displayRest }) => ({
790
+ ...displayRest,
791
+ // url became uri and also required
792
+ // so if there's no url in the logo, we remove the whole logo object
793
+ ...logo?.url ? {
794
+ // TODO: we should add the other params from logo as well
795
+ logo: {
796
+ uri: logo.url
797
+ }
798
+ } : {},
799
+ // TODO: we should add the other params from background_image as well
800
+ // url became uri and also required
801
+ // so if there's no url in the background_image, we remove the whole logo object
802
+ ...background_image?.url ? {
803
+ background_image: {
804
+ uri: background_image.url
805
+ }
806
+ } : {}
807
+ }))
778
808
  } : {}
779
- }))
809
+ }
780
810
  } : {}
781
811
  })).transform((data, ctx) => {
782
812
  const formatSpecificTransformations = {
@@ -799,7 +829,7 @@ var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSuppo
799
829
  ...rest
800
830
  })
801
831
  );
802
- var zCredentialConfigurationSupportedDraft14To11 = zCredentialConfigurationSupportedDraft16To15.and(
832
+ var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
803
833
  z12.object({
804
834
  id: z12.string()
805
835
  }).passthrough()
@@ -858,7 +888,7 @@ var zCredentialIssuerMetadataDraft11To16 = z12.object({
858
888
  }).pipe(
859
889
  z12.object({
860
890
  // Update from v11 structure to v14 structure
861
- credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedDraft11To14)
891
+ credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedDraft11To16)
862
892
  }).passthrough()
863
893
  ).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
864
894
  var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
@@ -870,7 +900,7 @@ var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft
870
900
  }))
871
901
  })).pipe(
872
902
  zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
873
- credentials_supported: z12.array(zCredentialConfigurationSupportedDraft14To11)
903
+ credentials_supported: z12.array(zCredentialConfigurationSupportedDraft16To11)
874
904
  })
875
905
  );
876
906
  var zCredentialIssuerMetadata = z12.union([
@@ -1076,7 +1106,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
1076
1106
  `Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`
1077
1107
  );
1078
1108
  }
1079
- const parseResult = zCredentialConfigurationSupportedDraft11To14.safeParse(credentialSupported);
1109
+ const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
1080
1110
  if (!parseResult.success) {
1081
1111
  throw new ValidationError2(
1082
1112
  `Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`,
@@ -1106,7 +1136,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
1106
1136
  options.issuerMetadata.credentialIssuer.credential_configurations_supported,
1107
1137
  options.credentialConfigurationId
1108
1138
  );
1109
- if (zIs(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
1139
+ if (zIs(zSdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || zIs(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
1110
1140
  return {
1111
1141
  format: credentialConfiguration.format,
1112
1142
  vct: credentialConfiguration.vct