npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20250813113255 → 0.3.0-alpha-20250820113635 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20250813113255 → 0.3.0-alpha-20250820113635

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -312,25 +312,24 @@ var zKeyAttestationJwtPayloadForUse = (use) => z3.object({
 }).passthrough();
 // src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
+var zCredentialConfigurationSupportedDisplayEntry = z4.object({
+  name: z4.string(),
+  locale: z4.string().optional(),
+  logo: z4.object({
+    // FIXME: make required again, but need to support draft 11 first
+    uri: z4.string().optional(),
+    alt_text: z4.string().optional()
+  }).passthrough().optional(),
+  description: z4.string().optional(),
+  background_color: z4.string().optional(),
+  background_image: z4.object({
+    // TODO: should be required, but paradym's metadata is wrong here.
+    uri: z4.string().optional()
+  }).passthrough().optional(),
+  text_color: z4.string().optional()
+}).passthrough();
 var zCredentialConfigurationSupportedCommonCredentialMetadata = z4.object({
-  display: z4.array(
-    z4.object({
-      name: z4.string(),
-      locale: z4.string().optional(),
-      logo: z4.object({
-        // FIXME: make required again, but need to support draft 11 first
-        uri: z4.string().optional(),
-        alt_text: z4.string().optional()
-      }).passthrough().optional(),
-      description: z4.string().optional(),
-      background_color: z4.string().optional(),
-      background_image: z4.object({
-        // TODO: should be required, but paradym's metadata is wrong here.
-        uri: z4.string().optional()
-      }).passthrough().optional(),
-      text_color: z4.string().optional()
-    }).passthrough()
-  ).optional()
+  display: z4.array(zCredentialConfigurationSupportedDisplayEntry).optional()
 });
 var zCredentialConfigurationSupportedCommon = z4.object({
   format: z4.string(),
@@ -347,24 +346,45 @@ var zCredentialConfigurationSupportedCommon = z4.object({
       }).passthrough().optional()
     })
   ).optional(),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional()
+  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
+  // For typing purposes. Can be removed once we drop support for draft <= 15.
+  claims: z4.optional(z4.never())
+}).passthrough();
+var zCredentialConfigurationSupportedCommonDraft15 = z4.object({
+  format: z4.string(),
+  scope: z4.string().optional(),
+  cryptographic_binding_methods_supported: z4.array(z4.string()).optional(),
+  credential_signing_alg_values_supported: z4.array(z4.string()).or(z4.array(z4.number())).optional(),
+  proof_types_supported: z4.record(
+    z4.union([z4.literal("jwt"), z4.literal("attestation"), z4.string()]),
+    z4.object({
+      proof_signing_alg_values_supported: z4.array(z4.string()),
+      key_attestations_required: z4.object({
+        key_storage: zIso18045OrStringArray.optional(),
+        user_authentication: zIso18045OrStringArray.optional()
+      }).passthrough().optional()
+    })
+  ).optional(),
+  display: z4.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
+  // For typing purposes.
+  credential_metadata: z4.optional(z4.never())
 }).passthrough();
 // src/formats/credential/mso-mdoc/z-mso-mdoc.ts
 var zMsoMdocFormatIdentifier = z5.literal("mso_mdoc");
-var zMsoMdocCredentialIssuerMetadata = z5.object({
+var zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
   format: zMsoMdocFormatIdentifier,
   doctype: z5.string(),
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: z5.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
   }).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft15 = z5.object({
+var zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zMsoMdocFormatIdentifier,
   doctype: z5.string(),
   claims: z5.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft14 = z5.object({
+var zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zMsoMdocFormatIdentifier,
   doctype: z5.string(),
   claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
@@ -380,7 +400,15 @@ var zMsoMdocCredentialRequestFormatDraft14 = z5.object({
 // src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
 import z6 from "zod";
 var zSdJwtVcFormatIdentifier = z6.literal("vc+sd-jwt");
-var zSdJwtVcCredentialIssuerMetadataDraft14 = z6.object({
+var zSdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+  vct: z6.string(),
+  format: zSdJwtVcFormatIdentifier,
+  order: z6.optional(z6.array(z6.string())),
+  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
+    claims: z6.array(zCredentialConfigurationSupportedClaimsDraft14).optional()
+  }).optional()
+});
+var zSdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   vct: z6.string(),
   format: zSdJwtVcFormatIdentifier,
   claims: z6.optional(zCredentialConfigurationSupportedClaimsDraft14),
@@ -395,14 +423,14 @@ var zSdJwtVcCredentialRequestFormatDraft14 = z6.object({
 // src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
 import z7 from "zod";
 var zSdJwtDcFormatIdentifier = z7.literal("dc+sd-jwt");
-var zSdJwtDcCredentialIssuerMetadata = z7.object({
+var zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
   vct: z7.string(),
   format: zSdJwtDcFormatIdentifier,
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: z7.array(zIssuerMetadataClaimsDescription).optional()
   }).optional()
 });
-var zSdJwtDcCredentialIssuerMetadataDraft15 = z7.object({
+var zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
   vct: z7.string(),
   format: zSdJwtDcFormatIdentifier,
   claims: z7.array(zIssuerMetadataClaimsDescription).optional()
@@ -439,19 +467,19 @@ var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.e
 // src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
 var zLdpVcFormatIdentifier = z9.literal("ldp_vc");
-var zLdpVcCredentialIssuerMetadata = z9.object({
+var zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
   format: zLdpVcFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinition,
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: zIssuerMetadataClaimsDescription.optional()
   }).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft15 = z9.object({
+var zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zLdpVcFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinition,
   claims: zIssuerMetadataClaimsDescription.optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft14 = z9.object({
+var zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zLdpVcFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
   order: z9.array(z9.string()).optional()
@@ -514,19 +542,19 @@ var zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.pa
 // src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
 import z10 from "zod";
 var zJwtVcJsonLdFormatIdentifier = z10.literal("jwt_vc_json-ld");
-var zJwtVcJsonLdCredentialIssuerMetadata = z10.object({
+var zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
   format: zJwtVcJsonLdFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinition,
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: zIssuerMetadataClaimsDescription.optional()
   }).optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = z10.object({
+var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zJwtVcJsonLdFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinition,
   claims: zIssuerMetadataClaimsDescription.optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = z10.object({
+var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zJwtVcJsonLdFormatIdentifier,
   credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
   order: z10.optional(z10.array(z10.string()))
@@ -595,19 +623,19 @@ var zJwtVcJsonCredentialDefinition = z11.object({
 var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
   credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 });
-var zJwtVcJsonCredentialIssuerMetadata = z11.object({
+var zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
   format: zJwtVcJsonFormatIdentifier,
   credential_definition: zJwtVcJsonCredentialDefinition,
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: zIssuerMetadataClaimsDescription.optional()
   }).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft15 = z11.object({
+var zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zJwtVcJsonFormatIdentifier,
   credential_definition: zJwtVcJsonCredentialDefinition,
   claims: zIssuerMetadataClaimsDescription.optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft14 = z11.object({
+var zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   format: zJwtVcJsonFormatIdentifier,
   credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
   order: z11.array(z11.string()).optional()
@@ -671,6 +699,7 @@ var allCredentialIssuerMetadataFormats = [
   zJwtVcJsonLdCredentialIssuerMetadata,
   zLdpVcCredentialIssuerMetadata,
   zJwtVcJsonCredentialIssuerMetadata,
+  zSdJwtVcCredentialIssuerMetadataDraft16,
   zSdJwtDcCredentialIssuerMetadataDraft15,
   zMsoMdocCredentialIssuerMetadataDraft15,
   zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -685,32 +714,24 @@ var allCredentialIssuerMetadataFormats = [
 var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
   (format) => format.shape.format.value
 );
-var zCredentialConfigurationSupportedWithFormats = zCredentialConfigurationSupportedCommon.transform(
-  (data, ctx) => {
-    if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
-    const validators = allCredentialIssuerMetadataFormats.reduce(
-      (validators2, formatValidator) => {
-        const format = formatValidator.shape.format.value;
-        if (!validators2[format]) {
-          validators2[format] = [];
-        }
-        validators2[format].push(formatValidator);
-        return validators2;
-      },
-      {}
-    )[data.format];
-    const result = z12.object({}).passthrough().and(
-      validators.length > 1 ? z12.union(validators) : validators[0]
-    ).safeParse(data);
-    if (result.success) {
-      return result.data;
-    }
-    for (const issue of result.error.issues) {
-      ctx.addIssue(issue);
-    }
-    return z12.NEVER;
+var zCredentialConfigurationSupportedWithFormats = z12.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
+  if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
+  const validators = allCredentialIssuerMetadataFormats.filter(
+    (formatValidator) => formatValidator.shape.format.value === data.format
+  );
+  const result = z12.object({}).passthrough().and(
+    validators.length > 1 ? z12.union(
+      validators
+    ) : validators[0]
+  ).safeParse(data);
+  if (result.success) {
+    return result.data;
   }
-);
+  for (const issue of result.error.issues) {
+    ctx.addIssue(issue);
+  }
+  return z12.NEVER;
+});
 var zCredentialIssuerMetadataDisplayEntry = z12.object({
   name: z12.string().optional(),
   locale: z12.string().optional(),
@@ -740,7 +761,7 @@ var zCredentialIssuerMetadataDraft14Draft15Draft16 = z12.object({
   display: z12.array(zCredentialIssuerMetadataDisplayEntry).optional(),
   credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedWithFormats)
 }).passthrough();
-var zCredentialConfigurationSupportedDraft11To14 = z12.object({
+var zCredentialConfigurationSupportedDraft11To16 = z12.object({
   id: z12.string().optional(),
   format: z12.string(),
   cryptographic_suites_supported: z12.array(z12.string()).optional(),
@@ -753,30 +774,36 @@ var zCredentialConfigurationSupportedDraft11To14 = z12.object({
         url: z12.string().url().optional()
       }).passthrough().optional()
     }).passthrough()
-  ).optional()
-}).passthrough().transform(({ cryptographic_suites_supported, display, id, ...rest }) => ({
+  ).optional(),
+  claims: z12.any().optional()
+}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
   ...rest,
   ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
-  ...display ? {
-    display: display.map(({ logo, background_image, ...displayRest }) => ({
-      ...displayRest,
-      // url became uri and also required
-      // so if there's no url in the logo, we remove the whole logo object
-      ...logo?.url ? {
-        // TODO: we should add the other params from logo as well
-        logo: {
-          uri: logo.url
-        }
-      } : {},
-      // TODO: we should add the other params from background_image as well
-      // url became uri and also required
-      // so if there's no url in the background_image, we remove the whole logo object
-      ...background_image?.url ? {
-        background_image: {
-          uri: background_image.url
-        }
+  ...claims || display ? {
+    credential_metadata: {
+      ...claims ? { claims } : {},
+      ...display ? {
+        display: display.map(({ logo, background_image, ...displayRest }) => ({
+          ...displayRest,
+          // url became uri and also required
+          // so if there's no url in the logo, we remove the whole logo object
+          ...logo?.url ? {
+            // TODO: we should add the other params from logo as well
+            logo: {
+              uri: logo.url
+            }
+          } : {},
+          // TODO: we should add the other params from background_image as well
+          // url became uri and also required
+          // so if there's no url in the background_image, we remove the whole logo object
+          ...background_image?.url ? {
+            background_image: {
+              uri: background_image.url
+            }
+          } : {}
+        }))
       } : {}
-    }))
+    }
   } : {}
 })).transform((data, ctx) => {
   const formatSpecificTransformations = {
@@ -799,7 +826,7 @@ var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSuppo
     ...rest
   })
 );
-var zCredentialConfigurationSupportedDraft14To11 = zCredentialConfigurationSupportedDraft16To15.and(
+var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
   z12.object({
     id: z12.string()
   }).passthrough()
@@ -858,7 +885,7 @@ var zCredentialIssuerMetadataDraft11To16 = z12.object({
 }).pipe(
   z12.object({
     // Update from v11 structure to v14 structure
-    credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedDraft11To14)
+    credential_configurations_supported: z12.record(z12.string(), zCredentialConfigurationSupportedDraft11To16)
   }).passthrough()
 ).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
 var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
@@ -870,7 +897,7 @@ var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft
   }))
 })).pipe(
   zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
-    credentials_supported: z12.array(zCredentialConfigurationSupportedDraft14To11)
+    credentials_supported: z12.array(zCredentialConfigurationSupportedDraft16To11)
   })
 );
 var zCredentialIssuerMetadata = z12.union([
@@ -1076,7 +1103,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
         `Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`
       );
     }
-    const parseResult = zCredentialConfigurationSupportedDraft11To14.safeParse(credentialSupported);
+    const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
     if (!parseResult.success) {
       throw new ValidationError2(
         `Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`,
@@ -1106,7 +1133,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
     options.issuerMetadata.credentialIssuer.credential_configurations_supported,
     options.credentialConfigurationId
   );
-  if (zIs(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
+  if (zIs(zSdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || zIs(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       vct: credentialConfiguration.vct