@openid4vc/openid4vci 0.3.0-alpha-20250813113255 → 0.3.0-alpha-20250820113635

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -346,25 +346,24 @@ var zKeyAttestationJwtPayloadForUse = (use) => import_zod3.default.object({
346
346
  }).passthrough();
347
347
 
348
348
  // src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
349
+ var zCredentialConfigurationSupportedDisplayEntry = import_zod4.default.object({
350
+ name: import_zod4.default.string(),
351
+ locale: import_zod4.default.string().optional(),
352
+ logo: import_zod4.default.object({
353
+ // FIXME: make required again, but need to support draft 11 first
354
+ uri: import_zod4.default.string().optional(),
355
+ alt_text: import_zod4.default.string().optional()
356
+ }).passthrough().optional(),
357
+ description: import_zod4.default.string().optional(),
358
+ background_color: import_zod4.default.string().optional(),
359
+ background_image: import_zod4.default.object({
360
+ // TODO: should be required, but paradym's metadata is wrong here.
361
+ uri: import_zod4.default.string().optional()
362
+ }).passthrough().optional(),
363
+ text_color: import_zod4.default.string().optional()
364
+ }).passthrough();
349
365
  var zCredentialConfigurationSupportedCommonCredentialMetadata = import_zod4.default.object({
350
- display: import_zod4.default.array(
351
- import_zod4.default.object({
352
- name: import_zod4.default.string(),
353
- locale: import_zod4.default.string().optional(),
354
- logo: import_zod4.default.object({
355
- // FIXME: make required again, but need to support draft 11 first
356
- uri: import_zod4.default.string().optional(),
357
- alt_text: import_zod4.default.string().optional()
358
- }).passthrough().optional(),
359
- description: import_zod4.default.string().optional(),
360
- background_color: import_zod4.default.string().optional(),
361
- background_image: import_zod4.default.object({
362
- // TODO: should be required, but paradym's metadata is wrong here.
363
- uri: import_zod4.default.string().optional()
364
- }).passthrough().optional(),
365
- text_color: import_zod4.default.string().optional()
366
- }).passthrough()
367
- ).optional()
366
+ display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional()
368
367
  });
369
368
  var zCredentialConfigurationSupportedCommon = import_zod4.default.object({
370
369
  format: import_zod4.default.string(),
@@ -381,24 +380,45 @@ var zCredentialConfigurationSupportedCommon = import_zod4.default.object({
381
380
  }).passthrough().optional()
382
381
  })
383
382
  ).optional(),
384
- credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional()
383
+ credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
384
+ // For typing purposes. Can be removed once we drop support for draft <= 15.
385
+ claims: import_zod4.default.optional(import_zod4.default.never())
386
+ }).passthrough();
387
+ var zCredentialConfigurationSupportedCommonDraft15 = import_zod4.default.object({
388
+ format: import_zod4.default.string(),
389
+ scope: import_zod4.default.string().optional(),
390
+ cryptographic_binding_methods_supported: import_zod4.default.array(import_zod4.default.string()).optional(),
391
+ credential_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()).or(import_zod4.default.array(import_zod4.default.number())).optional(),
392
+ proof_types_supported: import_zod4.default.record(
393
+ import_zod4.default.union([import_zod4.default.literal("jwt"), import_zod4.default.literal("attestation"), import_zod4.default.string()]),
394
+ import_zod4.default.object({
395
+ proof_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()),
396
+ key_attestations_required: import_zod4.default.object({
397
+ key_storage: zIso18045OrStringArray.optional(),
398
+ user_authentication: zIso18045OrStringArray.optional()
399
+ }).passthrough().optional()
400
+ })
401
+ ).optional(),
402
+ display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
403
+ // For typing purposes.
404
+ credential_metadata: import_zod4.default.optional(import_zod4.default.never())
385
405
  }).passthrough();
386
406
 
387
407
  // src/formats/credential/mso-mdoc/z-mso-mdoc.ts
388
408
  var zMsoMdocFormatIdentifier = import_zod5.default.literal("mso_mdoc");
389
- var zMsoMdocCredentialIssuerMetadata = import_zod5.default.object({
409
+ var zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
390
410
  format: zMsoMdocFormatIdentifier,
391
411
  doctype: import_zod5.default.string(),
392
412
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
393
413
  claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
394
414
  }).optional()
395
415
  });
396
- var zMsoMdocCredentialIssuerMetadataDraft15 = import_zod5.default.object({
416
+ var zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
397
417
  format: zMsoMdocFormatIdentifier,
398
418
  doctype: import_zod5.default.string(),
399
419
  claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
400
420
  });
401
- var zMsoMdocCredentialIssuerMetadataDraft14 = import_zod5.default.object({
421
+ var zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
402
422
  format: zMsoMdocFormatIdentifier,
403
423
  doctype: import_zod5.default.string(),
404
424
  claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
@@ -414,7 +434,15 @@ var zMsoMdocCredentialRequestFormatDraft14 = import_zod5.default.object({
414
434
  // src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
415
435
  var import_zod6 = __toESM(require("zod"));
416
436
  var zSdJwtVcFormatIdentifier = import_zod6.default.literal("vc+sd-jwt");
417
- var zSdJwtVcCredentialIssuerMetadataDraft14 = import_zod6.default.object({
437
+ var zSdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
438
+ vct: import_zod6.default.string(),
439
+ format: zSdJwtVcFormatIdentifier,
440
+ order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
441
+ credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
442
+ claims: import_zod6.default.array(zCredentialConfigurationSupportedClaimsDraft14).optional()
443
+ }).optional()
444
+ });
445
+ var zSdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
418
446
  vct: import_zod6.default.string(),
419
447
  format: zSdJwtVcFormatIdentifier,
420
448
  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
@@ -429,14 +457,14 @@ var zSdJwtVcCredentialRequestFormatDraft14 = import_zod6.default.object({
429
457
  // src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
430
458
  var import_zod7 = __toESM(require("zod"));
431
459
  var zSdJwtDcFormatIdentifier = import_zod7.default.literal("dc+sd-jwt");
432
- var zSdJwtDcCredentialIssuerMetadata = import_zod7.default.object({
460
+ var zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
433
461
  vct: import_zod7.default.string(),
434
462
  format: zSdJwtDcFormatIdentifier,
435
463
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
436
464
  claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
437
465
  }).optional()
438
466
  });
439
- var zSdJwtDcCredentialIssuerMetadataDraft15 = import_zod7.default.object({
467
+ var zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
440
468
  vct: import_zod7.default.string(),
441
469
  format: zSdJwtDcFormatIdentifier,
442
470
  claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
@@ -473,19 +501,19 @@ var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.e
473
501
 
474
502
  // src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
475
503
  var zLdpVcFormatIdentifier = import_zod9.default.literal("ldp_vc");
476
- var zLdpVcCredentialIssuerMetadata = import_zod9.default.object({
504
+ var zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
477
505
  format: zLdpVcFormatIdentifier,
478
506
  credential_definition: zW3cVcJsonLdCredentialDefinition,
479
507
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
480
508
  claims: zIssuerMetadataClaimsDescription.optional()
481
509
  }).optional()
482
510
  });
483
- var zLdpVcCredentialIssuerMetadataDraft15 = import_zod9.default.object({
511
+ var zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
484
512
  format: zLdpVcFormatIdentifier,
485
513
  credential_definition: zW3cVcJsonLdCredentialDefinition,
486
514
  claims: zIssuerMetadataClaimsDescription.optional()
487
515
  });
488
- var zLdpVcCredentialIssuerMetadataDraft14 = import_zod9.default.object({
516
+ var zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
489
517
  format: zLdpVcFormatIdentifier,
490
518
  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
491
519
  order: import_zod9.default.array(import_zod9.default.string()).optional()
@@ -548,19 +576,19 @@ var zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.pa
548
576
  // src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
549
577
  var import_zod10 = __toESM(require("zod"));
550
578
  var zJwtVcJsonLdFormatIdentifier = import_zod10.default.literal("jwt_vc_json-ld");
551
- var zJwtVcJsonLdCredentialIssuerMetadata = import_zod10.default.object({
579
+ var zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
552
580
  format: zJwtVcJsonLdFormatIdentifier,
553
581
  credential_definition: zW3cVcJsonLdCredentialDefinition,
554
582
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
555
583
  claims: zIssuerMetadataClaimsDescription.optional()
556
584
  }).optional()
557
585
  });
558
- var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = import_zod10.default.object({
586
+ var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
559
587
  format: zJwtVcJsonLdFormatIdentifier,
560
588
  credential_definition: zW3cVcJsonLdCredentialDefinition,
561
589
  claims: zIssuerMetadataClaimsDescription.optional()
562
590
  });
563
- var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = import_zod10.default.object({
591
+ var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
564
592
  format: zJwtVcJsonLdFormatIdentifier,
565
593
  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
566
594
  order: import_zod10.default.optional(import_zod10.default.array(import_zod10.default.string()))
@@ -629,19 +657,19 @@ var zJwtVcJsonCredentialDefinition = import_zod11.default.object({
629
657
  var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
630
658
  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
631
659
  });
632
- var zJwtVcJsonCredentialIssuerMetadata = import_zod11.default.object({
660
+ var zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
633
661
  format: zJwtVcJsonFormatIdentifier,
634
662
  credential_definition: zJwtVcJsonCredentialDefinition,
635
663
  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
636
664
  claims: zIssuerMetadataClaimsDescription.optional()
637
665
  }).optional()
638
666
  });
639
- var zJwtVcJsonCredentialIssuerMetadataDraft15 = import_zod11.default.object({
667
+ var zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
640
668
  format: zJwtVcJsonFormatIdentifier,
641
669
  credential_definition: zJwtVcJsonCredentialDefinition,
642
670
  claims: zIssuerMetadataClaimsDescription.optional()
643
671
  });
644
- var zJwtVcJsonCredentialIssuerMetadataDraft14 = import_zod11.default.object({
672
+ var zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
645
673
  format: zJwtVcJsonFormatIdentifier,
646
674
  credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
647
675
  order: import_zod11.default.array(import_zod11.default.string()).optional()
@@ -705,6 +733,7 @@ var allCredentialIssuerMetadataFormats = [
705
733
  zJwtVcJsonLdCredentialIssuerMetadata,
706
734
  zLdpVcCredentialIssuerMetadata,
707
735
  zJwtVcJsonCredentialIssuerMetadata,
736
+ zSdJwtVcCredentialIssuerMetadataDraft16,
708
737
  zSdJwtDcCredentialIssuerMetadataDraft15,
709
738
  zMsoMdocCredentialIssuerMetadataDraft15,
710
739
  zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -719,32 +748,24 @@ var allCredentialIssuerMetadataFormats = [
719
748
  var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
720
749
  (format) => format.shape.format.value
721
750
  );
722
- var zCredentialConfigurationSupportedWithFormats = zCredentialConfigurationSupportedCommon.transform(
723
- (data, ctx) => {
724
- if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
725
- const validators = allCredentialIssuerMetadataFormats.reduce(
726
- (validators2, formatValidator) => {
727
- const format = formatValidator.shape.format.value;
728
- if (!validators2[format]) {
729
- validators2[format] = [];
730
- }
731
- validators2[format].push(formatValidator);
732
- return validators2;
733
- },
734
- {}
735
- )[data.format];
736
- const result = import_zod12.default.object({}).passthrough().and(
737
- validators.length > 1 ? import_zod12.default.union(validators) : validators[0]
738
- ).safeParse(data);
739
- if (result.success) {
740
- return result.data;
741
- }
742
- for (const issue of result.error.issues) {
743
- ctx.addIssue(issue);
744
- }
745
- return import_zod12.default.NEVER;
751
+ var zCredentialConfigurationSupportedWithFormats = import_zod12.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
752
+ if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
753
+ const validators = allCredentialIssuerMetadataFormats.filter(
754
+ (formatValidator) => formatValidator.shape.format.value === data.format
755
+ );
756
+ const result = import_zod12.default.object({}).passthrough().and(
757
+ validators.length > 1 ? import_zod12.default.union(
758
+ validators
759
+ ) : validators[0]
760
+ ).safeParse(data);
761
+ if (result.success) {
762
+ return result.data;
746
763
  }
747
- );
764
+ for (const issue of result.error.issues) {
765
+ ctx.addIssue(issue);
766
+ }
767
+ return import_zod12.default.NEVER;
768
+ });
748
769
  var zCredentialIssuerMetadataDisplayEntry = import_zod12.default.object({
749
770
  name: import_zod12.default.string().optional(),
750
771
  locale: import_zod12.default.string().optional(),
@@ -774,7 +795,7 @@ var zCredentialIssuerMetadataDraft14Draft15Draft16 = import_zod12.default.object
774
795
  display: import_zod12.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
775
796
  credential_configurations_supported: import_zod12.default.record(import_zod12.default.string(), zCredentialConfigurationSupportedWithFormats)
776
797
  }).passthrough();
777
- var zCredentialConfigurationSupportedDraft11To14 = import_zod12.default.object({
798
+ var zCredentialConfigurationSupportedDraft11To16 = import_zod12.default.object({
778
799
  id: import_zod12.default.string().optional(),
779
800
  format: import_zod12.default.string(),
780
801
  cryptographic_suites_supported: import_zod12.default.array(import_zod12.default.string()).optional(),
@@ -787,30 +808,36 @@ var zCredentialConfigurationSupportedDraft11To14 = import_zod12.default.object({
787
808
  url: import_zod12.default.string().url().optional()
788
809
  }).passthrough().optional()
789
810
  }).passthrough()
790
- ).optional()
791
- }).passthrough().transform(({ cryptographic_suites_supported, display, id, ...rest }) => ({
811
+ ).optional(),
812
+ claims: import_zod12.default.any().optional()
813
+ }).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
792
814
  ...rest,
793
815
  ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
794
- ...display ? {
795
- display: display.map(({ logo, background_image, ...displayRest }) => ({
796
- ...displayRest,
797
- // url became uri and also required
798
- // so if there's no url in the logo, we remove the whole logo object
799
- ...logo?.url ? {
800
- // TODO: we should add the other params from logo as well
801
- logo: {
802
- uri: logo.url
803
- }
804
- } : {},
805
- // TODO: we should add the other params from background_image as well
806
- // url became uri and also required
807
- // so if there's no url in the background_image, we remove the whole logo object
808
- ...background_image?.url ? {
809
- background_image: {
810
- uri: background_image.url
811
- }
816
+ ...claims || display ? {
817
+ credential_metadata: {
818
+ ...claims ? { claims } : {},
819
+ ...display ? {
820
+ display: display.map(({ logo, background_image, ...displayRest }) => ({
821
+ ...displayRest,
822
+ // url became uri and also required
823
+ // so if there's no url in the logo, we remove the whole logo object
824
+ ...logo?.url ? {
825
+ // TODO: we should add the other params from logo as well
826
+ logo: {
827
+ uri: logo.url
828
+ }
829
+ } : {},
830
+ // TODO: we should add the other params from background_image as well
831
+ // url became uri and also required
832
+ // so if there's no url in the background_image, we remove the whole logo object
833
+ ...background_image?.url ? {
834
+ background_image: {
835
+ uri: background_image.url
836
+ }
837
+ } : {}
838
+ }))
812
839
  } : {}
813
- }))
840
+ }
814
841
  } : {}
815
842
  })).transform((data, ctx) => {
816
843
  const formatSpecificTransformations = {
@@ -833,7 +860,7 @@ var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSuppo
833
860
  ...rest
834
861
  })
835
862
  );
836
- var zCredentialConfigurationSupportedDraft14To11 = zCredentialConfigurationSupportedDraft16To15.and(
863
+ var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
837
864
  import_zod12.default.object({
838
865
  id: import_zod12.default.string()
839
866
  }).passthrough()
@@ -892,7 +919,7 @@ var zCredentialIssuerMetadataDraft11To16 = import_zod12.default.object({
892
919
  }).pipe(
893
920
  import_zod12.default.object({
894
921
  // Update from v11 structure to v14 structure
895
- credential_configurations_supported: import_zod12.default.record(import_zod12.default.string(), zCredentialConfigurationSupportedDraft11To14)
922
+ credential_configurations_supported: import_zod12.default.record(import_zod12.default.string(), zCredentialConfigurationSupportedDraft11To16)
896
923
  }).passthrough()
897
924
  ).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
898
925
  var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
@@ -904,7 +931,7 @@ var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft
904
931
  }))
905
932
  })).pipe(
906
933
  zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
907
- credentials_supported: import_zod12.default.array(zCredentialConfigurationSupportedDraft14To11)
934
+ credentials_supported: import_zod12.default.array(zCredentialConfigurationSupportedDraft16To11)
908
935
  })
909
936
  );
910
937
  var zCredentialIssuerMetadata = import_zod12.default.union([
@@ -1110,7 +1137,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
1110
1137
  `Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`
1111
1138
  );
1112
1139
  }
1113
- const parseResult = zCredentialConfigurationSupportedDraft11To14.safeParse(credentialSupported);
1140
+ const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
1114
1141
  if (!parseResult.success) {
1115
1142
  throw new import_utils9.ValidationError(
1116
1143
  `Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`,
@@ -1132,7 +1159,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
1132
1159
  options.issuerMetadata.credentialIssuer.credential_configurations_supported,
1133
1160
  options.credentialConfigurationId
1134
1161
  );
1135
- if ((0, import_utils10.zIs)(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
1162
+ if ((0, import_utils10.zIs)(zSdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, import_utils10.zIs)(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
1136
1163
  return {
1137
1164
  format: credentialConfiguration.format,
1138
1165
  vct: credentialConfiguration.vct