@openid4vc/openid4vci 0.3.0-alpha-20250820113635 → 0.3.0-alpha-20250825150235

package/dist/index.js

@@ -274,7 +274,7 @@ var import_utils5 = require("@openid4vc/utils");
 // src/metadata/credential-issuer/z-credential-issuer-metadata.ts
 var import_oauth24 = require("@openid4vc/oauth2");
 var import_utils4 = require("@openid4vc/utils");
-var import_zod12 = __toESM(require("zod"));
+var import_zod13 = __toESM(require("zod"));
 
 // src/formats/credential/mso-mdoc/z-mso-mdoc.ts
 var import_zod5 = __toESM(require("zod"));
@@ -433,25 +433,28 @@ var zMsoMdocCredentialRequestFormatDraft14 = import_zod5.default.object({
 
 // src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
 var import_zod6 = __toESM(require("zod"));
-var zSdJwtVcFormatIdentifier = import_zod6.default.literal("vc+sd-jwt");
-var zSdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+var zLegacySdJwtVcFormatIdentifier = import_zod6.default.literal("vc+sd-jwt");
+var zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
   vct: import_zod6.default.string(),
-  format: zSdJwtVcFormatIdentifier,
+  format: zLegacySdJwtVcFormatIdentifier,
   order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
   credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
     claims: import_zod6.default.array(zCredentialConfigurationSupportedClaimsDraft14).optional()
-  }).optional()
+  }).optional(),
+  credential_definition: import_zod6.default.optional(import_zod6.default.never())
 });
-var zSdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+var zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
   vct: import_zod6.default.string(),
-  format: zSdJwtVcFormatIdentifier,
+  format: zLegacySdJwtVcFormatIdentifier,
   claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string()))
+  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
+  credential_definition: import_zod6.default.optional(import_zod6.default.never())
 });
-var zSdJwtVcCredentialRequestFormatDraft14 = import_zod6.default.object({
-  format: zSdJwtVcFormatIdentifier,
+var zLegacySdJwtVcCredentialRequestFormatDraft14 = import_zod6.default.object({
+  format: zLegacySdJwtVcFormatIdentifier,
   vct: import_zod6.default.string(),
-  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14)
+  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
+  credential_definition: import_zod6.default.optional(import_zod6.default.never())
 });
 
 // src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
@@ -493,7 +496,7 @@ var zClaimValueSchemaDraft14 = import_zod8.default.union([
 var zW3cVcCredentialSubjectDraft14 = import_zod8.default.record(import_zod8.default.string(), zClaimValueSchemaDraft14);
 var zW3cVcJsonLdCredentialDefinition = import_zod8.default.object({
   "@context": import_zod8.default.array(import_zod8.default.string()),
-  type: import_zod8.default.array(import_zod8.default.string())
+  type: import_zod8.default.array(import_zod8.default.string()).nonempty()
 }).passthrough();
 var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({
   credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
@@ -652,7 +655,7 @@ var zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestForm
 var import_zod11 = __toESM(require("zod"));
 var zJwtVcJsonFormatIdentifier = import_zod11.default.literal("jwt_vc_json");
 var zJwtVcJsonCredentialDefinition = import_zod11.default.object({
-  type: import_zod11.default.array(import_zod11.default.string())
+  type: import_zod11.default.array(import_zod11.default.string()).nonempty()
 }).passthrough();
 var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
   credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
@@ -726,6 +729,28 @@ var zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDr
   ...credentialDefinition
 })).pipe(zJwtVcJsonCredentialRequestDraft11);
 
+// src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
+var import_zod12 = __toESM(require("zod"));
+var zSdJwtW3VcFormatIdentifier = import_zod12.default.literal("vc+sd-jwt");
+var zSdJwtW3VcCredentialDefinition = import_zod12.default.object({
+  type: import_zod12.default.array(import_zod12.default.string()).nonempty()
+}).passthrough();
+var zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+  format: zSdJwtW3VcFormatIdentifier,
+  credential_definition: zSdJwtW3VcCredentialDefinition,
+  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
+    claims: zIssuerMetadataClaimsDescription.optional()
+  }).optional(),
+  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
+  vct: import_zod12.default.optional(import_zod12.default.never())
+});
+var zSdJwtW3VcCredentialRequestFormatDraft14 = import_zod12.default.object({
+  format: zSdJwtW3VcFormatIdentifier,
+  credential_definition: zSdJwtW3VcCredentialDefinition,
+  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
+  vct: import_zod12.default.optional(import_zod12.default.never())
+});
+
 // src/metadata/credential-issuer/z-credential-issuer-metadata.ts
 var allCredentialIssuerMetadataFormats = [
   zSdJwtDcCredentialIssuerMetadata,
@@ -733,14 +758,15 @@ var allCredentialIssuerMetadataFormats = [
   zJwtVcJsonLdCredentialIssuerMetadata,
   zLdpVcCredentialIssuerMetadata,
   zJwtVcJsonCredentialIssuerMetadata,
-  zSdJwtVcCredentialIssuerMetadataDraft16,
+  zSdJwtW3VcCredentialIssuerMetadata,
+  zLegacySdJwtVcCredentialIssuerMetadataDraft16,
   zSdJwtDcCredentialIssuerMetadataDraft15,
   zMsoMdocCredentialIssuerMetadataDraft15,
   zJwtVcJsonLdCredentialIssuerMetadataDraft15,
   zLdpVcCredentialIssuerMetadataDraft15,
   zJwtVcJsonCredentialIssuerMetadataDraft15,
   zMsoMdocCredentialIssuerMetadataDraft14,
-  zSdJwtVcCredentialIssuerMetadataDraft14,
+  zLegacySdJwtVcCredentialIssuerMetadataDraft14,
   zJwtVcJsonLdCredentialIssuerMetadataDraft14,
   zLdpVcCredentialIssuerMetadataDraft14,
   zJwtVcJsonCredentialIssuerMetadataDraft14
@@ -748,13 +774,13 @@ var allCredentialIssuerMetadataFormats = [
 var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
   (format) => format.shape.format.value
 );
-var zCredentialConfigurationSupportedWithFormats = import_zod12.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
+var zCredentialConfigurationSupportedWithFormats = import_zod13.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
   if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
   const validators = allCredentialIssuerMetadataFormats.filter(
     (formatValidator) => formatValidator.shape.format.value === data.format
   );
-  const result = import_zod12.default.object({}).passthrough().and(
-    validators.length > 1 ? import_zod12.default.union(
+  const result = import_zod13.default.object({}).passthrough().and(
+    validators.length > 1 ? import_zod13.default.union(
       validators
     ) : validators[0]
   ).safeParse(data);
@@ -764,52 +790,52 @@ var zCredentialConfigurationSupportedWithFormats = import_zod12.default.union([z
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod12.default.NEVER;
+  return import_zod13.default.NEVER;
 });
-var zCredentialIssuerMetadataDisplayEntry = import_zod12.default.object({
-  name: import_zod12.default.string().optional(),
-  locale: import_zod12.default.string().optional(),
-  logo: import_zod12.default.object({
+var zCredentialIssuerMetadataDisplayEntry = import_zod13.default.object({
+  name: import_zod13.default.string().optional(),
+  locale: import_zod13.default.string().optional(),
+  logo: import_zod13.default.object({
     // FIXME: make required again, but need to support draft 11 first
-    uri: import_zod12.default.string().optional(),
-    alt_text: import_zod12.default.string().optional()
+    uri: import_zod13.default.string().optional(),
+    alt_text: import_zod13.default.string().optional()
   }).passthrough().optional()
 }).passthrough();
-var zCredentialIssuerMetadataDraft14Draft15Draft16 = import_zod12.default.object({
+var zCredentialIssuerMetadataDraft14Draft15Draft16 = import_zod13.default.object({
   credential_issuer: import_utils4.zHttpsUrl,
-  authorization_servers: import_zod12.default.array(import_utils4.zHttpsUrl).optional(),
+  authorization_servers: import_zod13.default.array(import_utils4.zHttpsUrl).optional(),
   credential_endpoint: import_utils4.zHttpsUrl,
   deferred_credential_endpoint: import_utils4.zHttpsUrl.optional(),
   notification_endpoint: import_utils4.zHttpsUrl.optional(),
   // Added after draft 14, but needed for proper
   nonce_endpoint: import_utils4.zHttpsUrl.optional(),
-  credential_response_encryption: import_zod12.default.object({
-    alg_values_supported: import_zod12.default.array(import_zod12.default.string()),
-    enc_values_supported: import_zod12.default.array(import_zod12.default.string()),
-    encryption_required: import_zod12.default.boolean()
+  credential_response_encryption: import_zod13.default.object({
+    alg_values_supported: import_zod13.default.array(import_zod13.default.string()),
+    enc_values_supported: import_zod13.default.array(import_zod13.default.string()),
+    encryption_required: import_zod13.default.boolean()
   }).passthrough().optional(),
-  batch_credential_issuance: import_zod12.default.object({
-    batch_size: import_zod12.default.number().positive()
+  batch_credential_issuance: import_zod13.default.object({
+    batch_size: import_zod13.default.number().positive()
   }).passthrough().optional(),
   signed_metadata: import_oauth24.zCompactJwt.optional(),
-  display: import_zod12.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-  credential_configurations_supported: import_zod12.default.record(import_zod12.default.string(), zCredentialConfigurationSupportedWithFormats)
+  display: import_zod13.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
+  credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedWithFormats)
 }).passthrough();
-var zCredentialConfigurationSupportedDraft11To16 = import_zod12.default.object({
-  id: import_zod12.default.string().optional(),
-  format: import_zod12.default.string(),
-  cryptographic_suites_supported: import_zod12.default.array(import_zod12.default.string()).optional(),
-  display: import_zod12.default.array(
-    import_zod12.default.object({
-      logo: import_zod12.default.object({
-        url: import_zod12.default.string().url().optional()
+var zCredentialConfigurationSupportedDraft11To16 = import_zod13.default.object({
+  id: import_zod13.default.string().optional(),
+  format: import_zod13.default.string(),
+  cryptographic_suites_supported: import_zod13.default.array(import_zod13.default.string()).optional(),
+  display: import_zod13.default.array(
+    import_zod13.default.object({
+      logo: import_zod13.default.object({
+        url: import_zod13.default.string().url().optional()
       }).passthrough().optional(),
-      background_image: import_zod12.default.object({
-        url: import_zod12.default.string().url().optional()
+      background_image: import_zod13.default.object({
+        url: import_zod13.default.string().url().optional()
       }).passthrough().optional()
     }).passthrough()
   ).optional(),
-  claims: import_zod12.default.any().optional()
+  claims: import_zod13.default.any().optional()
 }).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
   ...rest,
   ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
@@ -852,7 +878,7 @@ var zCredentialConfigurationSupportedDraft11To16 = import_zod12.default.object({
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod12.default.NEVER;
+  return import_zod13.default.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
 var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSupportedWithFormats.transform(
   ({ credential_metadata, ...rest }) => ({
@@ -861,8 +887,8 @@ var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSuppo
   })
 );
 var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
-  import_zod12.default.object({
-    id: import_zod12.default.string()
+  import_zod13.default.object({
+    id: import_zod13.default.string()
   }).passthrough()
 ).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, ...rest }) => ({
   ...rest,
@@ -882,15 +908,15 @@ var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSuppo
   } : {},
   id
 })).pipe(
-  import_zod12.default.union([
+  import_zod13.default.union([
     zLdpVcCredentialIssuerMetadataDraft14To11,
     zJwtVcJsonCredentialIssuerMetadataDraft14To11,
     zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
     // To handle unrecognized formats and not error immediately we allow the common format as well
     // but they can't use any of the format identifiers that have a specific transformation. This way if a format is
     // has a transformation it NEEDS to use the format specific transformation, and otherwise we fall back to the common validation
-    import_zod12.default.object({
-      format: import_zod12.default.string().refine(
+    import_zod13.default.object({
+      format: import_zod13.default.string().refine(
         (input) => ![
           zLdpVcFormatIdentifier.value,
           zJwtVcJsonFormatIdentifier.value,
@@ -900,11 +926,11 @@ var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSuppo
     }).passthrough()
   ])
 );
-var zCredentialIssuerMetadataDraft11To16 = import_zod12.default.object({
-  authorization_server: import_zod12.default.string().optional(),
-  credentials_supported: import_zod12.default.array(
-    import_zod12.default.object({
-      id: import_zod12.default.string().optional()
+var zCredentialIssuerMetadataDraft11To16 = import_zod13.default.object({
+  authorization_server: import_zod13.default.string().optional(),
+  credentials_supported: import_zod13.default.array(
+    import_zod13.default.object({
+      id: import_zod13.default.string().optional()
     }).passthrough()
   )
 }).passthrough().transform(({ authorization_server, credentials_supported, ...rest }) => {
@@ -917,9 +943,9 @@ var zCredentialIssuerMetadataDraft11To16 = import_zod12.default.object({
     )
   };
 }).pipe(
-  import_zod12.default.object({
+  import_zod13.default.object({
     // Update from v11 structure to v14 structure
-    credential_configurations_supported: import_zod12.default.record(import_zod12.default.string(), zCredentialConfigurationSupportedDraft11To16)
+    credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedDraft11To16)
   }).passthrough()
 ).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
 var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
@@ -931,16 +957,16 @@ var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft
   }))
 })).pipe(
   zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
-    credentials_supported: import_zod12.default.array(zCredentialConfigurationSupportedDraft16To11)
+    credentials_supported: import_zod13.default.array(zCredentialConfigurationSupportedDraft16To11)
   })
 );
-var zCredentialIssuerMetadata = import_zod12.default.union([
+var zCredentialIssuerMetadata = import_zod13.default.union([
   // First prioritize draft 16/15/14 (and 13)
   zCredentialIssuerMetadataDraft14Draft15Draft16,
   // Then try parsing draft 11 and transform into draft 16
   zCredentialIssuerMetadataDraft11To16
 ]);
-var zCredentialIssuerMetadataWithDraftVersion = import_zod12.default.union([
+var zCredentialIssuerMetadataWithDraftVersion = import_zod13.default.union([
   zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
     const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
     const isDraft15 = credentialConfigurations.some((configuration) => {
@@ -1015,7 +1041,12 @@ function getCredentialConfigurationsMatchingRequestFormat({
         return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
       }
       if (c.format === "vc+sd-jwt" && r.format === c.format) {
-        return r.vct === c.vct;
+        if (r.vct && c.vct) {
+          return r.vct === c.vct;
+        }
+        if (c.credential_definition && r.credential_definition) {
+          return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+        }
       }
       if (c.format === "mso_mdoc" && r.format === c.format) {
         return r.doctype === c.doctype;
@@ -1159,7 +1190,7 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
     options.issuerMetadata.credentialIssuer.credential_configurations_supported,
     options.credentialConfigurationId
   );
-  if ((0, import_utils10.zIs)(zSdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, import_utils10.zIs)(zSdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
+  if ((0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
     return {
       format: credentialConfiguration.format,
       vct: credentialConfiguration.vct
@@ -1199,9 +1230,17 @@ function getCredentialRequestFormatPayloadForCredentialConfigurationId(options)
   }
   if ((0, import_utils10.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) {
     throw new Openid4vciError(
-      `Credential configuration id '${options.credentialConfigurationId}' with format ${zSdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`
+      `Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`
     );
   }
+  if ((0, import_utils10.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) {
+    return {
+      format: credentialConfiguration.format,
+      credential_definition: {
+        type: credentialConfiguration.credential_definition.type
+      }
+    };
+  }
   throw new Openid4vciError(
     `Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
   );
@@ -1213,33 +1252,33 @@ var import_utils12 = require("@openid4vc/utils");
 
 // src/credential-request/z-credential-request.ts
 var import_oauth212 = require("@openid4vc/oauth2");
-var import_zod16 = __toESM(require("zod"));
+var import_zod17 = __toESM(require("zod"));
 
 // src/credential-request/z-credential-request-common.ts
 var import_oauth211 = require("@openid4vc/oauth2");
-var import_zod15 = __toESM(require("zod"));
+var import_zod16 = __toESM(require("zod"));
 
 // src/formats/proof-type/jwt/z-jwt-proof-type.ts
 var import_oauth29 = require("@openid4vc/oauth2");
 var import_utils11 = require("@openid4vc/utils");
-var import_zod13 = __toESM(require("zod"));
-var zJwtProofTypeIdentifier = import_zod13.default.literal("jwt");
+var import_zod14 = __toESM(require("zod"));
+var zJwtProofTypeIdentifier = import_zod14.default.literal("jwt");
 var jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
-var zCredentialRequestProofJwt = import_zod13.default.object({
+var zCredentialRequestProofJwt = import_zod14.default.object({
   proof_type: zJwtProofTypeIdentifier,
   jwt: import_oauth29.zCompactJwt
 });
 var zCredentialRequestJwtProofTypeHeader = import_oauth29.zJwtHeader.merge(
-  import_zod13.default.object({
-    key_attestation: import_zod13.default.optional(import_oauth29.zCompactJwt),
-    typ: import_zod13.default.literal("openid4vci-proof+jwt")
+  import_zod14.default.object({
+    key_attestation: import_zod14.default.optional(import_oauth29.zCompactJwt),
+    typ: import_zod14.default.literal("openid4vci-proof+jwt")
   })
 ).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
   message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
 }).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
   message: `When 'trust_chain' is provided, 'kid' is required`
 });
-var zCredentialRequestJwtProofTypePayload = import_zod13.default.object({
+var zCredentialRequestJwtProofTypePayload = import_zod14.default.object({
   ...import_oauth29.zJwtPayload.shape,
   aud: import_utils11.zHttpsUrl,
   iat: import_utils11.zInteger
@@ -1247,40 +1286,40 @@ var zCredentialRequestJwtProofTypePayload = import_zod13.default.object({
 
 // src/formats/proof-type/attestation/z-attestation-proof-type.ts
 var import_oauth210 = require("@openid4vc/oauth2");
-var import_zod14 = __toESM(require("zod"));
-var zAttestationProofTypeIdentifier = import_zod14.default.literal("attestation");
+var import_zod15 = __toESM(require("zod"));
+var zAttestationProofTypeIdentifier = import_zod15.default.literal("attestation");
 var attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
-var zCredentialRequestProofAttestation = import_zod14.default.object({
+var zCredentialRequestProofAttestation = import_zod15.default.object({
   proof_type: zAttestationProofTypeIdentifier,
   attestation: import_oauth210.zCompactJwt
 });
 var zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
 
 // src/credential-request/z-credential-request-common.ts
-var zCredentialRequestProofCommon = import_zod15.default.object({
-  proof_type: import_zod15.default.string()
+var zCredentialRequestProofCommon = import_zod16.default.object({
+  proof_type: import_zod16.default.string()
 }).passthrough();
 var allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
-var zCredentialRequestProof = import_zod15.default.union([
+var zCredentialRequestProof = import_zod16.default.union([
   zCredentialRequestProofCommon,
-  import_zod15.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
+  import_zod16.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
 ]);
-var zCredentialRequestProofsCommon = import_zod15.default.record(import_zod15.default.string(), import_zod15.default.array(import_zod15.default.unknown()));
-var zCredentialRequestProofs = import_zod15.default.object({
-  [zJwtProofTypeIdentifier.value]: import_zod15.default.optional(import_zod15.default.array(zCredentialRequestProofJwt.shape.jwt)),
-  [zAttestationProofTypeIdentifier.value]: import_zod15.default.optional(import_zod15.default.array(zCredentialRequestProofAttestation.shape.attestation))
+var zCredentialRequestProofsCommon = import_zod16.default.record(import_zod16.default.string(), import_zod16.default.array(import_zod16.default.unknown()));
+var zCredentialRequestProofs = import_zod16.default.object({
+  [zJwtProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofJwt.shape.jwt)),
+  [zAttestationProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofAttestation.shape.attestation))
 });
-var zCredentialRequestCommon = import_zod15.default.object({
+var zCredentialRequestCommon = import_zod16.default.object({
   proof: zCredentialRequestProof.optional(),
-  proofs: import_zod15.default.optional(
-    import_zod15.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
+  proofs: import_zod16.default.optional(
+    import_zod16.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
       message: `The 'proofs' object in a credential request should contain exactly one attribute`
     })
   ),
-  credential_response_encryption: import_zod15.default.object({
+  credential_response_encryption: import_zod16.default.object({
     jwk: import_oauth211.zJwk,
-    alg: import_zod15.default.string(),
-    enc: import_zod15.default.string()
+    alg: import_zod16.default.string(),
+    enc: import_zod16.default.string()
   }).passthrough().optional()
 }).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), {
   message: `Both 'proof' and 'proofs' are defined. Only one is allowed`
@@ -1288,50 +1327,51 @@ var zCredentialRequestCommon = import_zod15.default.object({
 
 // src/credential-request/z-credential-request.ts
 var allCredentialRequestFormats = [
-  zSdJwtVcCredentialRequestFormatDraft14,
+  zSdJwtW3VcCredentialRequestFormatDraft14,
   zMsoMdocCredentialRequestFormatDraft14,
   zLdpVcCredentialRequestFormatDraft14,
   zJwtVcJsonLdCredentialRequestFormatDraft14,
-  zJwtVcJsonCredentialRequestFormatDraft14
+  zJwtVcJsonCredentialRequestFormatDraft14,
+  zLegacySdJwtVcCredentialRequestFormatDraft14
 ];
 var allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map(
   (format) => format.shape.format.value
 );
-var zCredentialRequestCredentialConfigurationId = import_zod16.default.object({
-  credential_configuration_id: import_zod16.default.string(),
-  format: import_zod16.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
-  credential_identifier: import_zod16.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
+var zCredentialRequestCredentialConfigurationId = import_zod17.default.object({
+  credential_configuration_id: import_zod17.default.string(),
+  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
+  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
 });
-var zAuthorizationDetailsCredentialRequest = import_zod16.default.object({
-  credential_identifier: import_zod16.default.string(),
-  credential_configuration_id: import_zod16.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
+var zAuthorizationDetailsCredentialRequest = import_zod17.default.object({
+  credential_identifier: import_zod17.default.string(),
+  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
   // Cannot be present if credential identifier is present
-  format: import_zod16.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
+  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
 });
-var zCredentialRequestFormat = import_zod16.default.object({
-  format: import_zod16.default.string(),
-  credential_identifier: import_zod16.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
-  credential_configuration_id: import_zod16.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
+var zCredentialRequestFormat = import_zod17.default.object({
+  format: import_zod17.default.string(),
+  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
+  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
 }).passthrough();
 var zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
   if (!allCredentialRequestFormatIdentifiers.includes(
     data.format
   ))
     return data;
-  const result = import_zod16.default.object({}).passthrough().and(import_zod16.default.discriminatedUnion("format", allCredentialRequestFormats)).safeParse(data);
+  const result = import_zod17.default.object({}).passthrough().and(import_zod17.default.union(allCredentialRequestFormats)).safeParse(data);
   if (result.success) {
     return result.data;
   }
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod16.default.NEVER;
+  return import_zod17.default.NEVER;
 });
-var zCredentialRequestDraft15 = import_zod16.default.union([
+var zCredentialRequestDraft15 = import_zod17.default.union([
   zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest),
   zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)
 ]);
-var zCredentialRequestDraft14 = import_zod16.default.union([
+var zCredentialRequestDraft14 = import_zod17.default.union([
   zCredentialRequestDraft14WithFormat,
   zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)
 ]);
@@ -1348,7 +1388,7 @@ var zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequ
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod16.default.NEVER;
+  return import_zod17.default.NEVER;
 }).pipe(zCredentialRequestDraft14);
 var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
   (data) => data.credential_identifier === void 0,
@@ -1366,27 +1406,27 @@ var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
   for (const issue of result.error.issues) {
     ctx.addIssue(issue);
   }
-  return import_zod16.default.NEVER;
+  return import_zod17.default.NEVER;
 });
-var zCredentialRequest = import_zod16.default.union([
+var zCredentialRequest = import_zod17.default.union([
   zCredentialRequestDraft15,
   zCredentialRequestDraft14,
   zCredentialRequestDraft11To14
 ]);
-var zDeferredCredentialRequest = import_zod16.default.object({
-  transaction_id: import_zod16.default.string().nonempty(),
-  credential_response_encryption: import_zod16.default.object({
+var zDeferredCredentialRequest = import_zod17.default.object({
+  transaction_id: import_zod17.default.string().nonempty(),
+  credential_response_encryption: import_zod17.default.object({
     jwk: import_oauth212.zJwk,
-    alg: import_zod16.default.string(),
-    enc: import_zod16.default.string()
+    alg: import_zod17.default.string(),
+    enc: import_zod17.default.string()
   }).passthrough().optional()
 });
 
 // src/credential-request/z-credential-response.ts
-var import_zod18 = __toESM(require("zod"));
+var import_zod19 = __toESM(require("zod"));
 
 // ../oauth2/src/common/z-oauth2-error.ts
-var import_zod17 = __toESM(require("zod"));
+var import_zod18 = __toESM(require("zod"));
 var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
   Oauth2ErrorCodes4["ServerError"] = "server_error";
   Oauth2ErrorCodes4["InvalidTarget"] = "invalid_target";
@@ -1426,49 +1466,49 @@ var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
   Oauth2ErrorCodes4["WalletUnavailable"] = "wallet_unavailable";
   return Oauth2ErrorCodes4;
 })(Oauth2ErrorCodes || {});
-var zOauth2ErrorResponse = import_zod17.default.object({
-  error: import_zod17.default.union([import_zod17.default.nativeEnum(Oauth2ErrorCodes), import_zod17.default.string()]),
-  error_description: import_zod17.default.string().optional(),
-  error_uri: import_zod17.default.string().optional()
+var zOauth2ErrorResponse = import_zod18.default.object({
+  error: import_zod18.default.union([import_zod18.default.nativeEnum(Oauth2ErrorCodes), import_zod18.default.string()]),
+  error_description: import_zod18.default.string().optional(),
+  error_uri: import_zod18.default.string().optional()
 }).passthrough();
 
 // src/credential-request/z-credential-response.ts
-var zCredentialEncoding = import_zod18.default.union([import_zod18.default.string(), import_zod18.default.record(import_zod18.default.string(), import_zod18.default.any())]);
-var zBaseCredentialResponse = import_zod18.default.object({
-  credentials: import_zod18.default.optional(import_zod18.default.array(zCredentialEncoding)),
-  interval: import_zod18.default.number().int().positive().optional(),
-  notification_id: import_zod18.default.string().optional()
+var zCredentialEncoding = import_zod19.default.union([import_zod19.default.string(), import_zod19.default.record(import_zod19.default.string(), import_zod19.default.any())]);
+var zBaseCredentialResponse = import_zod19.default.object({
+  credentials: import_zod19.default.optional(import_zod19.default.array(zCredentialEncoding)),
+  interval: import_zod19.default.number().int().positive().optional(),
+  notification_id: import_zod19.default.string().optional()
 }).passthrough();
 var zCredentialResponse = zBaseCredentialResponse.extend({
-  credential: import_zod18.default.optional(zCredentialEncoding),
-  transaction_id: import_zod18.default.string().optional(),
-  c_nonce: import_zod18.default.string().optional(),
-  c_nonce_expires_in: import_zod18.default.number().int().optional()
+  credential: import_zod19.default.optional(zCredentialEncoding),
+  transaction_id: import_zod19.default.string().optional(),
+  c_nonce: import_zod19.default.string().optional(),
+  c_nonce_expires_in: import_zod19.default.number().int().optional()
 }).passthrough().superRefine((value, ctx) => {
   const { credential, credentials, transaction_id, interval, notification_id } = value;
   if ([credential, credentials, transaction_id].filter((i) => i !== void 0).length !== 1) {
     ctx.addIssue({
-      code: import_zod18.default.ZodIssueCode.custom,
+      code: import_zod19.default.ZodIssueCode.custom,
       message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
     });
   }
   if (transaction_id && !interval) {
     ctx.addIssue({
-      code: import_zod18.default.ZodIssueCode.custom,
+      code: import_zod19.default.ZodIssueCode.custom,
       message: `'interval' MUST be defined when 'transaction_id' is defined.`
     });
   }
   if (notification_id && !(credentials || credential)) {
     ctx.addIssue({
-      code: import_zod18.default.ZodIssueCode.custom,
+      code: import_zod19.default.ZodIssueCode.custom,
       message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
     });
   }
 });
-var zCredentialErrorResponse = import_zod18.default.object({
+var zCredentialErrorResponse = import_zod19.default.object({
   ...zOauth2ErrorResponse.shape,
-  c_nonce: import_zod18.default.string().optional(),
-  c_nonce_expires_in: import_zod18.default.number().int().optional()
+  c_nonce: import_zod19.default.string().optional(),
+  c_nonce_expires_in: import_zod19.default.number().int().optional()
 }).passthrough();
 var zDeferredCredentialResponse = zBaseCredentialResponse.refine(
   (value) => {
@@ -1621,7 +1661,7 @@ async function retrieveDeferredCredentials(options) {
       deferredCredentialErrorResponseResult
     };
   }
-  const deferredCredentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+  const deferredCredentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
   if (!deferredCredentialResponseResult?.success) {
     return {
       ...resourceResponse,
@@ -1766,10 +1806,10 @@ var import_utils16 = require("@openid4vc/utils");
 
 // src/nonce/z-nonce.ts
 var import_utils15 = require("@openid4vc/utils");
-var import_zod19 = __toESM(require("zod"));
-var zNonceResponse = import_zod19.default.object({
-  c_nonce: import_zod19.default.string(),
-  c_nonce_expires_in: import_zod19.default.optional(import_utils15.zInteger)
+var import_zod20 = __toESM(require("zod"));
+var zNonceResponse = import_zod20.default.object({
+  c_nonce: import_zod20.default.string(),
+  c_nonce_expires_in: import_zod20.default.optional(import_utils15.zInteger)
 }).passthrough();
 
 // src/nonce/nonce-request.ts
@@ -1809,15 +1849,15 @@ var import_oauth218 = require("@openid4vc/oauth2");
 var import_utils17 = require("@openid4vc/utils");
 
 // src/notification/z-notification.ts
-var import_zod20 = __toESM(require("zod"));
-var zNotificationEvent = import_zod20.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
-var zNotificationRequest = import_zod20.default.object({
-  notification_id: import_zod20.default.string(),
+var import_zod21 = __toESM(require("zod"));
+var zNotificationEvent = import_zod21.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
+var zNotificationRequest = import_zod21.default.object({
+  notification_id: import_zod21.default.string(),
   event: zNotificationEvent,
-  event_description: import_zod20.default.optional(import_zod20.default.string())
+  event_description: import_zod21.default.optional(import_zod21.default.string())
 }).passthrough();
-var zNotificationErrorResponse = import_zod20.default.object({
-  error: import_zod20.default.enum(["invalid_notification_id", "invalid_notification_request"])
+var zNotificationErrorResponse = import_zod21.default.object({
+  error: import_zod21.default.enum(["invalid_notification_id", "invalid_notification_request"])
 }).passthrough();
 
 // src/notification/notification.ts
@@ -2287,7 +2327,7 @@ function createDeferredCredentialResponse(options) {
 
 // src/credential-request/parse-credential-request.ts
 var import_utils19 = require("@openid4vc/utils");
-var import_zod21 = __toESM(require("zod"));
+var import_zod22 = __toESM(require("zod"));
 function parseCredentialRequest(options) {
   const credentialRequest = (0, import_utils19.parseWithErrorHandling)(
     zCredentialRequest,
@@ -2299,7 +2339,7 @@ function parseCredentialRequest(options) {
   if (knownProofs.success) {
     proofs = knownProofs.data;
   }
-  const knownProof = import_zod21.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
+  const knownProof = import_zod22.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
   if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) {
     proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
   } else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) {
@@ -2333,7 +2373,7 @@ function parseCredentialRequest(options) {
     return {
       // Removes all claims that are not specific to this format
       format: (0, import_utils19.parseWithErrorHandling)(
-        import_zod21.default.union(allCredentialRequestFormats),
+        import_zod22.default.union(allCredentialRequestFormats),
         credentialRequest,
         "Unable to validate format specific properties from credential request"
       ),