npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20250922085649 → 0.3.0-alpha-20251017082202 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20250922085649 → 0.3.0-alpha-20251017082202

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -1,2625 +1,2011 @@
-"use strict";
+//#region rolldown:runtime
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
 var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+		key = keys[i];
+		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
+			get: ((k) => from[k]).bind(null, key),
+			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+		});
+	}
+	return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  AuthorizationFlow: () => AuthorizationFlow,
-  Openid4vciClient: () => Openid4vciClient,
-  Openid4vciDraftVersion: () => Openid4vciDraftVersion,
-  Openid4vciError: () => Openid4vciError,
-  Openid4vciIssuer: () => Openid4vciIssuer,
-  Openid4vciRetrieveCredentialsError: () => Openid4vciRetrieveCredentialsError,
-  Openid4vciSendNotificationError: () => Openid4vciSendNotificationError,
-  Openid4vciWalletProvider: () => Openid4vciWalletProvider,
-  createKeyAttestationJwt: () => createKeyAttestationJwt,
-  credentialsSupportedToCredentialConfigurationsSupported: () => credentialsSupportedToCredentialConfigurationsSupported,
-  determineAuthorizationServerForCredentialOffer: () => determineAuthorizationServerForCredentialOffer,
-  extractScopesForCredentialConfigurationIds: () => extractScopesForCredentialConfigurationIds,
-  getCredentialConfigurationsMatchingRequestFormat: () => getCredentialConfigurationsMatchingRequestFormat,
-  getGlobalConfig: () => import_utils22.getGlobalConfig,
-  parseKeyAttestationJwt: () => parseKeyAttestationJwt,
-  setGlobalConfig: () => import_utils22.setGlobalConfig,
-  verifyKeyAttestationJwt: () => verifyKeyAttestationJwt
-});
-module.exports = __toCommonJS(index_exports);
+//#endregion
+let __openid4vc_utils = require("@openid4vc/utils");
+__openid4vc_utils = __toESM(__openid4vc_utils);
+let __openid4vc_oauth2 = require("@openid4vc/oauth2");
+__openid4vc_oauth2 = __toESM(__openid4vc_oauth2);
+let zod = require("zod");
+zod = __toESM(zod);
-// src/credential-offer/credential-offer.ts
-var import_oauth22 = require("@openid4vc/oauth2");
-var import_utils2 = require("@openid4vc/utils");
+//#region src/version.ts
+let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
+	Openid4vciDraftVersion$1["Draft16"] = "Draft16";
+	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
+	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
+	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
+	return Openid4vciDraftVersion$1;
+}({});
-// src/version.ts
-var Openid4vciDraftVersion = /* @__PURE__ */ ((Openid4vciDraftVersion2) => {
-  Openid4vciDraftVersion2["Draft16"] = "Draft16";
-  Openid4vciDraftVersion2["Draft15"] = "Draft15";
-  Openid4vciDraftVersion2["Draft14"] = "Draft14";
-  Openid4vciDraftVersion2["Draft11"] = "Draft11";
-  return Openid4vciDraftVersion2;
-})(Openid4vciDraftVersion || {});
-// src/credential-offer/z-credential-offer.ts
-var import_oauth2 = require("@openid4vc/oauth2");
-var import_utils = require("@openid4vc/utils");
-var import_zod = __toESM(require("zod"));
-var zTxCode = import_zod.default.object({
-  input_mode: import_zod.default.union([import_zod.default.literal("numeric"), import_zod.default.literal("text")]).optional(),
-  length: import_zod.default.number().int().optional(),
-  description: import_zod.default.string().max(300).optional()
+//#endregion
+//#region src/credential-offer/z-credential-offer.ts
+const zTxCode = zod.default.object({
+	input_mode: zod.default.union([zod.default.literal("numeric"), zod.default.literal("text")]).optional(),
+	length: zod.default.number().int().optional(),
+	description: zod.default.string().max(300).optional()
 }).passthrough();
-var zCredentialOfferGrants = import_zod.default.object({
-  authorization_code: import_zod.default.object({
-    issuer_state: import_zod.default.string().optional(),
-    authorization_server: import_utils.zHttpsUrl.optional()
-  }).passthrough().optional(),
-  [import_oauth2.preAuthorizedCodeGrantIdentifier]: import_zod.default.object({
-    "pre-authorized_code": import_zod.default.string(),
-    tx_code: zTxCode.optional(),
-    authorization_server: import_utils.zHttpsUrl.optional()
-  }).passthrough().optional()
+const zCredentialOfferGrants = zod.default.object({
+	authorization_code: zod.default.object({
+		issuer_state: zod.default.string().optional(),
+		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
+	}).passthrough().optional(),
+	[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
+		"pre-authorized_code": zod.default.string(),
+		tx_code: zTxCode.optional(),
+		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
+	}).passthrough().optional()
 }).passthrough();
-var zCredentialOfferObjectDraft14 = import_zod.default.object({
-  credential_issuer: import_utils.zHttpsUrl,
-  credential_configuration_ids: import_zod.default.array(import_zod.default.string()),
-  grants: import_zod.default.optional(zCredentialOfferGrants)
+const zCredentialOfferObjectDraft14 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	credential_configuration_ids: zod.default.array(zod.default.string()),
+	grants: zod.default.optional(zCredentialOfferGrants)
 }).passthrough();
-var zCredentialOfferObjectDraft11To14 = import_zod.default.object({
-  credential_issuer: import_utils.zHttpsUrl,
-  // We don't support the inline offer objects from draft 11
-  credentials: import_zod.default.array(
-    import_zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })
-  ),
-  grants: import_zod.default.optional(
-    import_zod.default.object({
-      // Has extra param in draft 14, but doesn't matter for transform purposes
-      authorization_code: zCredentialOfferGrants.shape.authorization_code,
-      [import_oauth2.preAuthorizedCodeGrantIdentifier]: import_zod.default.object({
-        "pre-authorized_code": import_zod.default.string(),
-        user_pin_required: import_zod.default.optional(import_zod.default.boolean())
-      }).passthrough().optional()
-    })
-  )
-}).passthrough().transform(({ credentials, grants, ...rest }) => {
-  const v14 = {
-    ...rest,
-    credential_configuration_ids: credentials
-  };
-  if (grants) {
-    v14.grants = { ...grants };
-    if (grants[import_oauth2.preAuthorizedCodeGrantIdentifier]) {
-      const { user_pin_required, ...restGrants } = grants[import_oauth2.preAuthorizedCodeGrantIdentifier];
-      v14.grants[import_oauth2.preAuthorizedCodeGrantIdentifier] = {
-        ...restGrants
-      };
-      if (user_pin_required) {
-        v14.grants[import_oauth2.preAuthorizedCodeGrantIdentifier].tx_code = {
-          input_mode: "text"
-        };
-      }
-    }
-  }
-  return v14;
+const zCredentialOfferObjectDraft11To14 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	credentials: zod.default.array(zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })),
+	grants: zod.default.optional(zod.default.object({
+		authorization_code: zCredentialOfferGrants.shape.authorization_code,
+		[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
+			"pre-authorized_code": zod.default.string(),
+			user_pin_required: zod.default.optional(zod.default.boolean())
+		}).passthrough().optional()
+	}))
+}).passthrough().transform(({ credentials, grants,...rest }) => {
+	const v14 = {
+		...rest,
+		credential_configuration_ids: credentials
+	};
+	if (grants) {
+		v14.grants = { ...grants };
+		if (grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) {
+			const { user_pin_required,...restGrants } = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier];
+			v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = { ...restGrants };
+			if (user_pin_required) v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code = { input_mode: "text" };
+		}
+	}
+	return v14;
 }).pipe(zCredentialOfferObjectDraft14);
-var zCredentialOfferObject = import_zod.default.union([
-  // First prioritize draft 14 (and 13)
-  zCredentialOfferObjectDraft14,
-  // Then try parsing draft 11 and transform into draft 14
-  zCredentialOfferObjectDraft11To14
-]);
+const zCredentialOfferObject = zod.default.union([zCredentialOfferObjectDraft14, zCredentialOfferObjectDraft11To14]);
-// src/credential-offer/credential-offer.ts
+//#endregion
+//#region src/credential-offer/credential-offer.ts
+/**
+* Resolve a credential offer, optionally fetching it if the credential_offer_uri is provided.
+*/
 async function resolveCredentialOffer(credentialOffer, options) {
-  const parsedQueryParams = (0, import_utils2.getQueryParams)(credentialOffer);
-  let credentialOfferParseResult;
-  if (parsedQueryParams.credential_offer_uri) {
-    const fetchWithZod = (0, import_utils2.createZodFetcher)(options?.fetch);
-    const { response, result } = await fetchWithZod(
-      zCredentialOfferObject,
-      import_utils2.ContentType.Json,
-      parsedQueryParams.credential_offer_uri
-    );
-    if (!response.ok || !result) {
-      throw new import_oauth22.InvalidFetchResponseError(
-        `Fetching credential offer from '${parsedQueryParams.credential_offer_uri}' resulted in an unsuccessful response with status '${response.status}'`,
-        await response.clone().text(),
-        response
-      );
-    }
-    credentialOfferParseResult = result;
-  } else if (parsedQueryParams.credential_offer) {
-    let credentialOfferJson;
-    try {
-      credentialOfferJson = JSON.parse(decodeURIComponent(parsedQueryParams.credential_offer));
-    } catch (error) {
-      throw new import_oauth22.Oauth2Error(`Error parsing JSON from 'credential_offer' param in credential offer '${credentialOffer}'`);
-    }
-    credentialOfferParseResult = zCredentialOfferObject.safeParse(credentialOfferJson);
-  } else {
-    throw new import_oauth22.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
-  }
-  if (credentialOfferParseResult.error) {
-    throw new import_utils2.ValidationError(
-      `Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`,
-      credentialOfferParseResult.error
-    );
-  }
-  return credentialOfferParseResult.data;
+	const parsedQueryParams = (0, __openid4vc_utils.getQueryParams)(credentialOffer);
+	let credentialOfferParseResult;
+	if (parsedQueryParams.credential_offer_uri) {
+		const { response, result } = await (0, __openid4vc_utils.createZodFetcher)(options?.fetch)(zCredentialOfferObject, __openid4vc_utils.ContentType.Json, parsedQueryParams.credential_offer_uri);
+		if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Fetching credential offer from '${parsedQueryParams.credential_offer_uri}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
+		credentialOfferParseResult = result;
+	} else if (parsedQueryParams.credential_offer) {
+		let credentialOfferJson;
+		try {
+			credentialOfferJson = JSON.parse(decodeURIComponent(parsedQueryParams.credential_offer));
+		} catch (_error) {
+			throw new __openid4vc_oauth2.Oauth2Error(`Error parsing JSON from 'credential_offer' param in credential offer '${credentialOffer}'`);
+		}
+		credentialOfferParseResult = zCredentialOfferObject.safeParse(credentialOfferJson);
+	} else throw new __openid4vc_oauth2.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
+	if (credentialOfferParseResult.error) throw new __openid4vc_utils.ValidationError(`Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`, credentialOfferParseResult.error);
+	return credentialOfferParseResult.data;
 }
 function determineAuthorizationServerForCredentialOffer(options) {
-  const authorizationServers = options.issuerMetadata.credentialIssuer.authorization_servers;
-  let authorizationServer;
-  if (options.grantAuthorizationServer) {
-    authorizationServer = options.grantAuthorizationServer;
-    if (!authorizationServers) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not have an 'authorization_servers' property to match the value against.`
-      );
-    }
-    if (!authorizationServers.includes(authorizationServer)) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not include this authorization server. Available 'authorization_server' values are ${authorizationServers.join(", ")}.`
-      );
-    }
-  } else if (!authorizationServers) {
-    authorizationServer = options.issuerMetadata.credentialIssuer.credential_issuer;
-  } else {
-    if (authorizationServers.length === 0) {
-      throw new import_oauth22.Oauth2Error(`Credential issuer metadata has 'authorization_servers' value with length of 0`);
-    }
-    if (authorizationServers.length > 1) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential issuer metadata has 'authorization_server' with multiple entries, but the credential offer grant did not specify which authorization server to use.`
-      );
-    }
-    authorizationServer = authorizationServers[0];
-  }
-  return authorizationServer;
+	const authorizationServers = options.issuerMetadata.credentialIssuer.authorization_servers;
+	let authorizationServer;
+	if (options.grantAuthorizationServer) {
+		authorizationServer = options.grantAuthorizationServer;
+		if (!authorizationServers) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not have an 'authorization_servers' property to match the value against.`);
+		if (!authorizationServers.includes(authorizationServer)) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not include this authorization server. Available 'authorization_server' values are ${authorizationServers.join(", ")}.`);
+	} else if (!authorizationServers) authorizationServer = options.issuerMetadata.credentialIssuer.credential_issuer;
+	else {
+		if (authorizationServers.length === 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_servers' value with length of 0`);
+		if (authorizationServers.length > 1) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_server' with multiple entries, but the credential offer grant did not specify which authorization server to use.`);
+		authorizationServer = authorizationServers[0];
+	}
+	return authorizationServer;
 }
 async function createCredentialOffer(options) {
-  const {
-    [import_oauth22.preAuthorizedCodeGrantIdentifier]: preAuthorizedCodeGrant,
-    [import_oauth22.authorizationCodeGrantIdentifier]: authorizationCodeGrant,
-    ...restGrants
-  } = options.grants;
-  const grants = { ...restGrants };
-  if (authorizationCodeGrant) {
-    determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    grants[import_oauth22.authorizationCodeGrantIdentifier] = authorizationCodeGrant;
-  }
-  if (preAuthorizedCodeGrant) {
-    determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: preAuthorizedCodeGrant.authorization_server
-    });
-    grants[import_oauth22.preAuthorizedCodeGrantIdentifier] = {
-      ...preAuthorizedCodeGrant,
-      "pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, import_utils2.encodeToBase64Url)(await options.callbacks.generateRandom(32))
-    };
-    const txCode = grants[import_oauth22.preAuthorizedCodeGrantIdentifier].tx_code;
-    if (txCode && options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-      grants[import_oauth22.preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
-    }
-  }
-  const idsNotInMetadata = options.credentialConfigurationIds.filter(
-    (id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0
-  );
-  if (idsNotInMetadata.length > 0) {
-    throw new import_oauth22.Oauth2Error(
-      `Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`
-    );
-  }
-  const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
-  const credentialOfferObject = (0, import_utils2.parseWithErrorHandling)(zCredentialOfferObject, {
-    credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-    credential_configuration_ids: options.credentialConfigurationIds,
-    grants,
-    ...options.additionalPayload
-  });
-  if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-    credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
-  }
-  const url = new import_utils2.URL(credentialOfferScheme);
-  url.search = `?${new import_utils2.URLSearchParams([
-    ...url.searchParams.entries(),
-    ...(0, import_utils2.objectToQueryParams)({
-      credential_offer_uri: options.credentialOfferUri,
-      // Only add credential_offer is uri is undefined
-      credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
-    }).entries()
-  ]).toString()}`;
-  return {
-    credentialOffer: url.toString(),
-    credentialOfferObject
-  };
+	const { [__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: preAuthorizedCodeGrant, [__openid4vc_oauth2.authorizationCodeGrantIdentifier]: authorizationCodeGrant,...restGrants } = options.grants;
+	const grants = { ...restGrants };
+	if (authorizationCodeGrant) {
+		determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier] = authorizationCodeGrant;
+	}
+	if (preAuthorizedCodeGrant) {
+		determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: preAuthorizedCodeGrant.authorization_server
+		});
+		grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = {
+			...preAuthorizedCodeGrant,
+			"pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.generateRandom(32))
+		};
+		const txCode = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code;
+		if (txCode && options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
+	}
+	const idsNotInMetadata = options.credentialConfigurationIds.filter((id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0);
+	if (idsNotInMetadata.length > 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`);
+	const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
+	const credentialOfferObject = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialOfferObject, {
+		credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+		credential_configuration_ids: options.credentialConfigurationIds,
+		grants,
+		...options.additionalPayload
+	});
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
+	const url = new __openid4vc_utils.URL(credentialOfferScheme);
+	url.search = `?${new __openid4vc_utils.URLSearchParams([...url.searchParams.entries(), ...(0, __openid4vc_utils.objectToQueryParams)({
+		credential_offer_uri: options.credentialOfferUri,
+		credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
+	}).entries()]).toString()}`;
+	return {
+		credentialOffer: url.toString(),
+		credentialOfferObject
+	};
 }
-// src/index.ts
-var import_utils22 = require("@openid4vc/utils");
-// src/credential-request/credential-request-configurations.ts
-var import_utils6 = require("@openid4vc/utils");
-// src/metadata/credential-issuer/credential-issuer-metadata.ts
-var import_oauth25 = require("@openid4vc/oauth2");
-var import_utils5 = require("@openid4vc/utils");
-// src/metadata/credential-issuer/z-credential-issuer-metadata.ts
-var import_oauth24 = require("@openid4vc/oauth2");
-var import_utils4 = require("@openid4vc/utils");
-var import_zod13 = __toESM(require("zod"));
-// src/formats/credential/mso-mdoc/z-mso-mdoc.ts
-var import_zod5 = __toESM(require("zod"));
-// src/metadata/credential-issuer/z-claims-description.ts
-var import_zod2 = __toESM(require("zod"));
-var zCredentialConfigurationSupportedClaimsDraft14 = import_zod2.default.object({
-  mandatory: import_zod2.default.boolean().optional(),
-  value_type: import_zod2.default.string().optional(),
-  display: import_zod2.default.object({
-    name: import_zod2.default.string().optional(),
-    locale: import_zod2.default.string().optional()
-  }).passthrough().optional()
+//#endregion
+//#region src/metadata/credential-issuer/z-claims-description.ts
+const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zClaimsDescriptionPath = import_zod2.default.array(import_zod2.default.union([import_zod2.default.string(), import_zod2.default.number().int().nonnegative(), import_zod2.default.null()])).nonempty();
-var zMsoMdocClaimsDescriptionPath = import_zod2.default.tuple([import_zod2.default.string(), import_zod2.default.string()], {
-  message: "mso_mdoc claims description path MUST be an array with exactly two string elements, pointing to the namespace and element identifier within an mdoc credential"
-});
-var zIssuerMetadataClaimsDescription = import_zod2.default.object({
-  path: zClaimsDescriptionPath,
-  mandatory: import_zod2.default.boolean().optional(),
-  display: import_zod2.default.array(
-    import_zod2.default.object({
-      name: import_zod2.default.string().optional(),
-      locale: import_zod2.default.string().optional()
-    }).passthrough()
-  ).optional()
+const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
+const zClaimsDescriptionPath = zod.default.array(zod.default.union([
+	zod.default.string(),
+	zod.default.number().int().nonnegative(),
+	zod.default.null()
+])).nonempty();
+const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], { message: "mso_mdoc claims description path MUST be an array with exactly two string elements, pointing to the namespace and element identifier within an mdoc credential" });
+const zIssuerMetadataClaimsDescription = zod.default.object({
+	path: zClaimsDescriptionPath,
+	mandatory: zod.default.boolean().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({
-  path: zMsoMdocClaimsDescriptionPath
-});
-// src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
-var import_zod4 = __toESM(require("zod"));
+const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
-// src/key-attestation/z-key-attestation.ts
-var import_oauth23 = require("@openid4vc/oauth2");
-var import_utils3 = require("@openid4vc/utils");
-var import_zod3 = __toESM(require("zod"));
-var zKeyAttestationJwtHeader = import_zod3.default.object({
-  ...import_oauth23.zJwtHeader.shape,
-  typ: import_zod3.default.literal("keyattestation+jwt").or(
-    // Draft 16
-    import_zod3.default.literal("key-attestation+jwt")
-  )
-}).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
-  message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
-}).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
-  message: `When 'trust_chain' is provided, 'kid' is required`
-});
-var zIso18045 = import_zod3.default.enum(["iso_18045_high", "iso_18045_moderate", "iso_18045_enhanced-basic", "iso_18045_basic"]);
-var zIso18045OrStringArray = import_zod3.default.array(import_zod3.default.union([zIso18045, import_zod3.default.string()]));
-var zKeyAttestationJwtPayload = import_zod3.default.object({
-  ...import_oauth23.zJwtPayload.shape,
-  iat: import_utils3.zInteger,
-  attested_keys: import_zod3.default.array(import_oauth23.zJwk),
-  key_storage: import_zod3.default.optional(zIso18045OrStringArray),
-  user_authentication: import_zod3.default.optional(zIso18045OrStringArray),
-  certification: import_zod3.default.optional(import_zod3.default.string().url())
+//#endregion
+//#region src/key-attestation/z-key-attestation.ts
+const zKeyAttestationJwtHeader = zod.default.object({
+	...__openid4vc_oauth2.zJwtHeader.shape,
+	typ: zod.default.literal("keyattestation+jwt").or(zod.default.literal("key-attestation+jwt"))
+}).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+const zIso18045 = zod.default.enum([
+	"iso_18045_high",
+	"iso_18045_moderate",
+	"iso_18045_enhanced-basic",
+	"iso_18045_basic"
+]);
+const zIso18045OrStringArray = zod.default.array(zod.default.union([zIso18045, zod.default.string()]));
+const zKeyAttestationJwtPayload = zod.default.object({
+	...__openid4vc_oauth2.zJwtPayload.shape,
+	iat: __openid4vc_utils.zInteger,
+	attested_keys: zod.default.array(__openid4vc_oauth2.zJwk),
+	key_storage: zod.default.optional(zIso18045OrStringArray),
+	user_authentication: zod.default.optional(zIso18045OrStringArray),
+	certification: zod.default.optional(zod.default.string().url())
 }).passthrough();
-var zKeyAttestationJwtPayloadForUse = (use) => import_zod3.default.object({
-  ...zKeyAttestationJwtPayload.shape,
-  // REQUIRED when used as proof_type.attesation directly
-  nonce: use === "proof_type.attestation" ? import_zod3.default.string({
-    message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly`
-  }) : import_zod3.default.optional(import_zod3.default.string()),
-  // REQUIRED when used within header of proof_type.jwt
-  exp: use === "proof_type.jwt" ? import_utils3.zInteger : import_zod3.default.optional(import_utils3.zInteger)
+const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
+	...zKeyAttestationJwtPayload.shape,
+	nonce: use === "proof_type.attestation" ? zod.default.string({ message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly` }) : zod.default.optional(zod.default.string()),
+	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
 }).passthrough();
-// src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
-var zCredentialConfigurationSupportedDisplayEntry = import_zod4.default.object({
-  name: import_zod4.default.string(),
-  locale: import_zod4.default.string().optional(),
-  logo: import_zod4.default.object({
-    // FIXME: make required again, but need to support draft 11 first
-    uri: import_zod4.default.string().optional(),
-    alt_text: import_zod4.default.string().optional()
-  }).passthrough().optional(),
-  description: import_zod4.default.string().optional(),
-  background_color: import_zod4.default.string().optional(),
-  background_image: import_zod4.default.object({
-    // TODO: should be required, but paradym's metadata is wrong here.
-    uri: import_zod4.default.string().optional()
-  }).passthrough().optional(),
-  text_color: import_zod4.default.string().optional()
+//#endregion
+//#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
+const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
+	name: zod.default.string(),
+	locale: zod.default.string().optional(),
+	logo: zod.default.object({
+		uri: zod.default.string().optional(),
+		alt_text: zod.default.string().optional()
+	}).passthrough().optional(),
+	description: zod.default.string().optional(),
+	background_color: zod.default.string().optional(),
+	background_image: zod.default.object({ uri: zod.default.string().optional() }).passthrough().optional(),
+	text_color: zod.default.string().optional()
 }).passthrough();
-var zCredentialConfigurationSupportedCommonCredentialMetadata = import_zod4.default.object({
-  display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional()
-});
-var zCredentialConfigurationSupportedCommon = import_zod4.default.object({
-  format: import_zod4.default.string(),
-  scope: import_zod4.default.string().optional(),
-  cryptographic_binding_methods_supported: import_zod4.default.array(import_zod4.default.string()).optional(),
-  credential_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()).or(import_zod4.default.array(import_zod4.default.number())).optional(),
-  proof_types_supported: import_zod4.default.record(
-    import_zod4.default.union([import_zod4.default.literal("jwt"), import_zod4.default.literal("attestation"), import_zod4.default.string()]),
-    import_zod4.default.object({
-      proof_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()),
-      key_attestations_required: import_zod4.default.object({
-        key_storage: zIso18045OrStringArray.optional(),
-        user_authentication: zIso18045OrStringArray.optional()
-      }).passthrough().optional()
-    })
-  ).optional(),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
-  // For typing purposes. Can be removed once we drop support for draft <= 15.
-  claims: import_zod4.default.optional(import_zod4.default.never())
+const zCredentialConfigurationSupportedCommonCredentialMetadata = zod.default.object({ display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional() });
+const zCredentialConfigurationSupportedCommon = zod.default.object({
+	format: zod.default.string(),
+	scope: zod.default.string().optional(),
+	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
+	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).or(zod.default.array(zod.default.number())).optional(),
+	proof_types_supported: zod.default.record(zod.default.union([
+		zod.default.literal("jwt"),
+		zod.default.literal("attestation"),
+		zod.default.string()
+	]), zod.default.object({
+		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
+		key_attestations_required: zod.default.object({
+			key_storage: zIso18045OrStringArray.optional(),
+			user_authentication: zIso18045OrStringArray.optional()
+		}).passthrough().optional()
+	})).optional(),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
+	claims: zod.default.optional(zod.default.never())
 }).passthrough();
-var zCredentialConfigurationSupportedCommonDraft15 = import_zod4.default.object({
-  format: import_zod4.default.string(),
-  scope: import_zod4.default.string().optional(),
-  cryptographic_binding_methods_supported: import_zod4.default.array(import_zod4.default.string()).optional(),
-  credential_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()).or(import_zod4.default.array(import_zod4.default.number())).optional(),
-  proof_types_supported: import_zod4.default.record(
-    import_zod4.default.union([import_zod4.default.literal("jwt"), import_zod4.default.literal("attestation"), import_zod4.default.string()]),
-    import_zod4.default.object({
-      proof_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()),
-      key_attestations_required: import_zod4.default.object({
-        key_storage: zIso18045OrStringArray.optional(),
-        user_authentication: zIso18045OrStringArray.optional()
-      }).passthrough().optional()
-    })
-  ).optional(),
-  display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
-  // For typing purposes.
-  credential_metadata: import_zod4.default.optional(import_zod4.default.never())
+const zCredentialConfigurationSupportedCommonDraft15 = zod.default.object({
+	format: zod.default.string(),
+	scope: zod.default.string().optional(),
+	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
+	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).or(zod.default.array(zod.default.number())).optional(),
+	proof_types_supported: zod.default.record(zod.default.union([
+		zod.default.literal("jwt"),
+		zod.default.literal("attestation"),
+		zod.default.string()
+	]), zod.default.object({
+		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
+		key_attestations_required: zod.default.object({
+			key_storage: zIso18045OrStringArray.optional(),
+			user_authentication: zIso18045OrStringArray.optional()
+		}).passthrough().optional()
+	})).optional(),
+	display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
+	credential_metadata: zod.default.optional(zod.default.never())
 }).passthrough();
-// src/formats/credential/mso-mdoc/z-mso-mdoc.ts
-var zMsoMdocFormatIdentifier = import_zod5.default.literal("mso_mdoc");
-var zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/mso-mdoc/z-mso-mdoc.ts
+const zMsoMdocFormatIdentifier = zod.default.literal("mso_mdoc");
+const zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
+const zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
-  order: import_zod5.default.optional(import_zod5.default.array(import_zod5.default.string()))
+const zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
+	order: zod.default.optional(zod.default.array(zod.default.string()))
 });
-var zMsoMdocCredentialRequestFormatDraft14 = import_zod5.default.object({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  // Format based request is removed in Draft 15, so only old claims syntax supported.
-  claims: import_zod5.default.optional(zCredentialConfigurationSupportedClaimsDraft14)
+const zMsoMdocCredentialRequestFormatDraft14 = zod.default.object({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zCredentialConfigurationSupportedClaimsDraft14.optional()
 });
-// src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
-var import_zod6 = __toESM(require("zod"));
-var zLegacySdJwtVcFormatIdentifier = import_zod6.default.literal("vc+sd-jwt");
-var zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
-  vct: import_zod6.default.string(),
-  format: zLegacySdJwtVcFormatIdentifier,
-  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod6.default.array(zCredentialConfigurationSupportedClaimsDraft14).optional()
-  }).optional(),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
+//#endregion
+//#region src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
+const zSdJwtDcFormatIdentifier = zod.default.literal("dc+sd-jwt");
+const zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	vct: zod.default.string(),
+	format: zSdJwtDcFormatIdentifier,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  vct: import_zod6.default.string(),
-  format: zLegacySdJwtVcFormatIdentifier,
-  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
-});
-var zLegacySdJwtVcCredentialRequestFormatDraft14 = import_zod6.default.object({
-  format: zLegacySdJwtVcFormatIdentifier,
-  vct: import_zod6.default.string(),
-  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
+const zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	vct: zod.default.string(),
+	format: zSdJwtDcFormatIdentifier,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-// src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
-var import_zod7 = __toESM(require("zod"));
-var zSdJwtDcFormatIdentifier = import_zod7.default.literal("dc+sd-jwt");
-var zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  vct: import_zod7.default.string(),
-  format: zSdJwtDcFormatIdentifier,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcFormatIdentifier = zod.default.literal("vc+sd-jwt");
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+	vct: zod.default.string(),
+	format: zLegacySdJwtVcFormatIdentifier,
+	order: zod.default.optional(zod.default.array(zod.default.string())),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
+	credential_definition: zod.default.optional(zod.default.never())
 });
-var zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  vct: import_zod7.default.string(),
-  format: zSdJwtDcFormatIdentifier,
-  claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	vct: zod.default.string(),
+	format: zLegacySdJwtVcFormatIdentifier,
+	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
+	order: zod.default.optional(zod.default.array(zod.default.string())),
+	credential_definition: zod.default.optional(zod.default.never())
+});
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zLegacySdJwtVcFormatIdentifier,
+	vct: zod.default.string(),
+	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
+	credential_definition: zod.default.optional(zod.default.never())
 });
-// src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
-var import_zod9 = __toESM(require("zod"));
-// src/formats/credential/w3c-vc/z-w3c-vc-common.ts
-var import_zod8 = __toESM(require("zod"));
-var zCredentialSubjectLeafTypeDraft14 = import_zod8.default.object({
-  mandatory: import_zod8.default.boolean().optional(),
-  value_type: import_zod8.default.string().optional(),
-  display: import_zod8.default.array(
-    import_zod8.default.object({
-      name: import_zod8.default.string().optional(),
-      locale: import_zod8.default.string().optional()
-    }).passthrough()
-  ).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-vc-common.ts
+const zCredentialSubjectLeafTypeDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zClaimValueSchemaDraft14 = import_zod8.default.union([
-  import_zod8.default.array(import_zod8.default.any()),
-  import_zod8.default.record(import_zod8.default.string(), import_zod8.default.any()),
-  zCredentialSubjectLeafTypeDraft14
+const zClaimValueSchemaDraft14 = zod.default.union([
+	zod.default.array(zod.default.any()),
+	zod.default.record(zod.default.string(), zod.default.any()),
+	zCredentialSubjectLeafTypeDraft14
 ]);
-var zW3cVcCredentialSubjectDraft14 = import_zod8.default.record(import_zod8.default.string(), zClaimValueSchemaDraft14);
-var zW3cVcJsonLdCredentialDefinition = import_zod8.default.object({
-  "@context": import_zod8.default.array(import_zod8.default.string()),
-  type: import_zod8.default.array(import_zod8.default.string()).nonempty()
+const zW3cVcCredentialSubjectDraft14 = zod.default.record(zod.default.string(), zClaimValueSchemaDraft14);
+const zW3cVcJsonLdCredentialDefinition = zod.default.object({
+	"@context": zod.default.array(zod.default.string()),
+	type: zod.default.array(zod.default.string()).nonempty()
 }).passthrough();
-var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-});
+const zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
-// src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
-var zLdpVcFormatIdentifier = import_zod9.default.literal("ldp_vc");
-var zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: zIssuerMetadataClaimsDescription.optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
+const zJwtVcJsonFormatIdentifier = zod.default.literal("jwt_vc_json");
+const zJwtVcJsonCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
+const zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  claims: zIssuerMetadataClaimsDescription.optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-  order: import_zod9.default.array(import_zod9.default.string()).optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
+	order: zod.default.array(zod.default.string()).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft11 = import_zod9.default.object({
-  order: import_zod9.default.array(import_zod9.default.string()).optional(),
-  format: zLdpVcFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  "@context": import_zod9.default.array(import_zod9.default.string()),
-  types: import_zod9.default.array(import_zod9.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft11 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	order: zod.default.array(zod.default.string()).optional(),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(
-  ({ "@context": context, types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      "@context": context,
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  ...credentialDefinition,
-  types: type
-})).pipe(zLdpVcCredentialIssuerMetadataDraft11);
-var zLdpVcCredentialRequestFormatDraft14 = import_zod9.default.object({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14
+const zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(({ types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	types: type,
+	...credentialDefinition
+})).pipe(zJwtVcJsonCredentialIssuerMetadataDraft11);
+const zJwtVcJsonCredentialRequestFormatDraft14 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition
 });
-var zLdpVcCredentialRequestDraft11 = import_zod9.default.object({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: import_zod9.default.object({
-    "@context": import_zod9.default.array(import_zod9.default.string()),
-    // credential_definition was using types instead of type in v11
-    types: import_zod9.default.array(import_zod9.default.string()),
-    credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-  })
+const zJwtVcJsonCredentialRequestDraft11 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
 }).passthrough();
-var zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(
-  ({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      ...restCredentialDefinition,
-      type: types
-    }
-  })
-);
-var zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-  ...rest,
-  credential_definition: {
-    ...restCredentialDefinition,
-    types: type
-  }
-})).pipe(zLdpVcCredentialRequestDraft11);
+const zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(({ types, credentialSubject,...rest }) => {
+	return {
+		...rest,
+		credential_definition: {
+			type: types,
+			...credentialSubject ? { credentialSubject } : {}
+		}
+	};
+});
+const zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	types: type,
+	...credentialDefinition
+})).pipe(zJwtVcJsonCredentialRequestDraft11);
-// src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
-var import_zod10 = __toESM(require("zod"));
-var zJwtVcJsonLdFormatIdentifier = import_zod10.default.literal("jwt_vc_json-ld");
-var zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: zIssuerMetadataClaimsDescription.optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
+const zJwtVcJsonLdFormatIdentifier = zod.default.literal("jwt_vc_json-ld");
+const zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  claims: zIssuerMetadataClaimsDescription.optional()
+const zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-  order: import_zod10.default.optional(import_zod10.default.array(import_zod10.default.string()))
+const zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
+	order: zod.default.optional(zod.default.array(zod.default.string()))
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft11 = import_zod10.default.object({
-  order: import_zod10.default.array(import_zod10.default.string()).optional(),
-  format: zJwtVcJsonLdFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  "@context": import_zod10.default.array(import_zod10.default.string()),
-  types: import_zod10.default.array(import_zod10.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zJwtVcJsonLdCredentialIssuerMetadataDraft11 = zod.default.object({
+	order: zod.default.array(zod.default.string()).optional(),
+	format: zJwtVcJsonLdFormatIdentifier,
+	"@context": zod.default.array(zod.default.string()),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(
-  ({ "@context": context, types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      "@context": context,
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  ...credentialDefinition,
-  types: type
+const zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		"@context": context,
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	...credentialDefinition,
+	types: type
 })).pipe(zJwtVcJsonLdCredentialIssuerMetadataDraft11);
-var zJwtVcJsonLdCredentialRequestFormatDraft14 = import_zod10.default.object({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition
+const zJwtVcJsonLdCredentialRequestFormatDraft14 = zod.default.object({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition
 });
-var zJwtVcJsonLdCredentialRequestDraft11 = import_zod10.default.object({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: import_zod10.default.object({
-    "@context": import_zod10.default.array(import_zod10.default.string()),
-    // credential_definition was using types instead of type in v11
-    types: import_zod10.default.array(import_zod10.default.string()),
-    credentialSubject: import_zod10.default.optional(zW3cVcCredentialSubjectDraft14)
-  }).passthrough()
+const zJwtVcJsonLdCredentialRequestDraft11 = zod.default.object({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zod.default.object({
+		"@context": zod.default.array(zod.default.string()),
+		types: zod.default.array(zod.default.string()),
+		credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
+	}).passthrough()
 }).passthrough();
-var zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(
-  ({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      ...restCredentialDefinition,
-      type: types
-    }
-  })
-);
-var zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-  ...rest,
-  credential_definition: {
-    ...restCredentialDefinition,
-    types: type
-  }
+const zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		type: types
+	}
+}));
+const zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		types: type
+	}
 })).pipe(zJwtVcJsonLdCredentialRequestDraft11);
-// src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
-var import_zod11 = __toESM(require("zod"));
-var zJwtVcJsonFormatIdentifier = import_zod11.default.literal("jwt_vc_json");
-var zJwtVcJsonCredentialDefinition = import_zod11.default.object({
-  type: import_zod11.default.array(import_zod11.default.string()).nonempty()
-}).passthrough();
-var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-});
-var zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: zIssuerMetadataClaimsDescription.optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
+const zLdpVcFormatIdentifier = zod.default.literal("ldp_vc");
+const zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition,
-  claims: zIssuerMetadataClaimsDescription.optional()
+const zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
-  order: import_zod11.default.array(import_zod11.default.string()).optional()
+const zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
+	order: zod.default.array(zod.default.string()).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft11 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  order: import_zod11.default.array(import_zod11.default.string()).optional(),
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  types: import_zod11.default.array(import_zod11.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zLdpVcCredentialIssuerMetadataDraft11 = zod.default.object({
+	order: zod.default.array(zod.default.string()).optional(),
+	format: zLdpVcFormatIdentifier,
+	"@context": zod.default.array(zod.default.string()),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(
-  ({ types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  types: type,
-  ...credentialDefinition
-})).pipe(zJwtVcJsonCredentialIssuerMetadataDraft11);
-var zJwtVcJsonCredentialRequestFormatDraft14 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition
+const zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		"@context": context,
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	...credentialDefinition,
+	types: type
+})).pipe(zLdpVcCredentialIssuerMetadataDraft11);
+const zLdpVcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14
 });
-var zJwtVcJsonCredentialRequestDraft11 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  types: import_zod11.default.array(import_zod11.default.string()),
-  credentialSubject: import_zod11.default.optional(zW3cVcCredentialSubjectDraft14)
+const zLdpVcCredentialRequestDraft11 = zod.default.object({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zod.default.object({
+		"@context": zod.default.array(zod.default.string()),
+		types: zod.default.array(zod.default.string()),
+		credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+	})
 }).passthrough();
-var zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(
-  ({ types, credentialSubject, ...rest }) => {
-    return {
-      ...rest,
-      credential_definition: {
-        type: types,
-        // Prevent weird typing issue with optional vs undefined
-        ...credentialSubject ? { credentialSubject } : {}
-      }
-    };
-  }
-);
-var zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  types: type,
-  ...credentialDefinition
-})).pipe(zJwtVcJsonCredentialRequestDraft11);
+const zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		type: types
+	}
+}));
+const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		types: type
+	}
+})).pipe(zLdpVcCredentialRequestDraft11);
-// src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
-var import_zod12 = __toESM(require("zod"));
-var zSdJwtW3VcFormatIdentifier = import_zod12.default.literal("vc+sd-jwt");
-var zSdJwtW3VcCredentialDefinition = import_zod12.default.object({
-  type: import_zod12.default.array(import_zod12.default.string()).nonempty()
-}).passthrough();
-var zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zSdJwtW3VcFormatIdentifier,
-  credential_definition: zSdJwtW3VcCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: zIssuerMetadataClaimsDescription.optional()
-  }).optional(),
-  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
-  vct: import_zod12.default.optional(import_zod12.default.never())
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
+const zSdJwtW3VcFormatIdentifier = zod.default.literal("vc+sd-jwt");
+const zSdJwtW3VcCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
+	vct: zod.default.optional(zod.default.never())
+});
+const zSdJwtW3VcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional(),
+	vct: zod.default.optional(zod.default.never())
 });
-var zSdJwtW3VcCredentialRequestFormatDraft14 = import_zod12.default.object({
-  format: zSdJwtW3VcFormatIdentifier,
-  credential_definition: zSdJwtW3VcCredentialDefinition,
-  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
-  vct: import_zod12.default.optional(import_zod12.default.never())
+const zSdJwtW3VcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	vct: zod.default.optional(zod.default.never())
 });
-// src/metadata/credential-issuer/z-credential-issuer-metadata.ts
-var allCredentialIssuerMetadataFormats = [
-  zSdJwtDcCredentialIssuerMetadata,
-  zMsoMdocCredentialIssuerMetadata,
-  zJwtVcJsonLdCredentialIssuerMetadata,
-  zLdpVcCredentialIssuerMetadata,
-  zJwtVcJsonCredentialIssuerMetadata,
-  zSdJwtW3VcCredentialIssuerMetadata,
-  zLegacySdJwtVcCredentialIssuerMetadataDraft16,
-  zSdJwtDcCredentialIssuerMetadataDraft15,
-  zMsoMdocCredentialIssuerMetadataDraft15,
-  zJwtVcJsonLdCredentialIssuerMetadataDraft15,
-  zLdpVcCredentialIssuerMetadataDraft15,
-  zJwtVcJsonCredentialIssuerMetadataDraft15,
-  zMsoMdocCredentialIssuerMetadataDraft14,
-  zLegacySdJwtVcCredentialIssuerMetadataDraft14,
-  zJwtVcJsonLdCredentialIssuerMetadataDraft14,
-  zLdpVcCredentialIssuerMetadataDraft14,
-  zJwtVcJsonCredentialIssuerMetadataDraft14
+//#endregion
+//#region src/metadata/credential-issuer/z-credential-issuer-metadata.ts
+const allCredentialIssuerMetadataFormats = [
+	zSdJwtDcCredentialIssuerMetadata,
+	zMsoMdocCredentialIssuerMetadata,
+	zJwtVcJsonLdCredentialIssuerMetadata,
+	zLdpVcCredentialIssuerMetadata,
+	zJwtVcJsonCredentialIssuerMetadata,
+	zSdJwtW3VcCredentialIssuerMetadata,
+	zSdJwtW3VcCredentialIssuerMetadataDraft15,
+	zLegacySdJwtVcCredentialIssuerMetadataDraft16,
+	zSdJwtDcCredentialIssuerMetadataDraft15,
+	zMsoMdocCredentialIssuerMetadataDraft15,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
+	zLdpVcCredentialIssuerMetadataDraft15,
+	zJwtVcJsonCredentialIssuerMetadataDraft15,
+	zMsoMdocCredentialIssuerMetadataDraft14,
+	zLegacySdJwtVcCredentialIssuerMetadataDraft14,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft14,
+	zLdpVcCredentialIssuerMetadataDraft14,
+	zJwtVcJsonCredentialIssuerMetadataDraft14
 ];
-var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
-  (format) => format.shape.format.value
-);
-var zCredentialConfigurationSupportedWithFormats = import_zod13.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
-  if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
-  const validators = allCredentialIssuerMetadataFormats.filter(
-    (formatValidator) => formatValidator.shape.format.value === data.format
-  );
-  const result = import_zod13.default.object({}).passthrough().and(
-    validators.length > 1 ? import_zod13.default.union(
-      validators
-    ) : validators[0]
-  ).safeParse(data);
-  if (result.success) {
-    return result.data;
-  }
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod13.default.NEVER;
+const allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map((format) => format.shape.format.value);
+const zCredentialConfigurationSupportedWithFormats = zod.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
+	if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
+	const validators = allCredentialIssuerMetadataFormats.filter((formatValidator) => formatValidator.shape.format.value === data.format);
+	const result = zod.default.object({}).passthrough().and(validators.length > 1 ? zod.default.union(validators) : validators[0]).safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialIssuerMetadataDisplayEntry = import_zod13.default.object({
-  name: import_zod13.default.string().optional(),
-  locale: import_zod13.default.string().optional(),
-  logo: import_zod13.default.object({
-    // FIXME: make required again, but need to support draft 11 first
-    uri: import_zod13.default.string().optional(),
-    alt_text: import_zod13.default.string().optional()
-  }).passthrough().optional()
+const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
+	name: zod.default.string().optional(),
+	locale: zod.default.string().optional(),
+	logo: zod.default.object({
+		uri: zod.default.string().optional(),
+		alt_text: zod.default.string().optional()
+	}).passthrough().optional()
 }).passthrough();
-var zCredentialIssuerMetadataDraft14Draft15Draft16 = import_zod13.default.object({
-  credential_issuer: import_utils4.zHttpsUrl,
-  authorization_servers: import_zod13.default.array(import_utils4.zHttpsUrl).optional(),
-  credential_endpoint: import_utils4.zHttpsUrl,
-  deferred_credential_endpoint: import_utils4.zHttpsUrl.optional(),
-  notification_endpoint: import_utils4.zHttpsUrl.optional(),
-  // Added after draft 14, but needed for proper
-  nonce_endpoint: import_utils4.zHttpsUrl.optional(),
-  credential_response_encryption: import_zod13.default.object({
-    alg_values_supported: import_zod13.default.array(import_zod13.default.string()),
-    enc_values_supported: import_zod13.default.array(import_zod13.default.string()),
-    encryption_required: import_zod13.default.boolean()
-  }).passthrough().optional(),
-  batch_credential_issuance: import_zod13.default.object({
-    batch_size: import_zod13.default.number().positive()
-  }).passthrough().optional(),
-  signed_metadata: import_oauth24.zCompactJwt.optional(),
-  display: import_zod13.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-  credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedWithFormats)
+const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	authorization_servers: zod.default.array(__openid4vc_utils.zHttpsUrl).optional(),
+	credential_endpoint: __openid4vc_utils.zHttpsUrl,
+	deferred_credential_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	notification_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	nonce_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	credential_response_encryption: zod.default.object({
+		alg_values_supported: zod.default.array(zod.default.string()),
+		enc_values_supported: zod.default.array(zod.default.string()),
+		encryption_required: zod.default.boolean()
+	}).passthrough().optional(),
+	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).passthrough().optional(),
+	signed_metadata: __openid4vc_oauth2.zCompactJwt.optional(),
+	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
+	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
 }).passthrough();
-var zCredentialConfigurationSupportedDraft11To16 = import_zod13.default.object({
-  id: import_zod13.default.string().optional(),
-  format: import_zod13.default.string(),
-  cryptographic_suites_supported: import_zod13.default.array(import_zod13.default.string()).optional(),
-  display: import_zod13.default.array(
-    import_zod13.default.object({
-      logo: import_zod13.default.object({
-        url: import_zod13.default.string().url().optional()
-      }).passthrough().optional(),
-      background_image: import_zod13.default.object({
-        url: import_zod13.default.string().url().optional()
-      }).passthrough().optional()
-    }).passthrough()
-  ).optional(),
-  claims: import_zod13.default.any().optional()
-}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
-  ...rest,
-  ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
-  ...claims || display ? {
-    credential_metadata: {
-      ...claims ? { claims } : {},
-      ...display ? {
-        display: display.map(({ logo, background_image, ...displayRest }) => ({
-          ...displayRest,
-          // url became uri and also required
-          // so if there's no url in the logo, we remove the whole logo object
-          ...logo?.url ? {
-            // TODO: we should add the other params from logo as well
-            logo: {
-              uri: logo.url
-            }
-          } : {},
-          // TODO: we should add the other params from background_image as well
-          // url became uri and also required
-          // so if there's no url in the background_image, we remove the whole logo object
-          ...background_image?.url ? {
-            background_image: {
-              uri: background_image.url
-            }
-          } : {}
-        }))
-      } : {}
-    }
-  } : {}
+const zCredentialConfigurationSupportedDraft11To16 = zod.default.object({
+	id: zod.default.string().optional(),
+	format: zod.default.string(),
+	cryptographic_suites_supported: zod.default.array(zod.default.string()).optional(),
+	display: zod.default.array(zod.default.object({
+		logo: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional(),
+		background_image: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional()
+	}).passthrough()).optional(),
+	claims: zod.default.any().optional()
+}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id,...rest }) => ({
+	...rest,
+	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
+	...claims || display ? { credential_metadata: {
+		...claims ? { claims } : {},
+		...display ? { display: display.map(({ logo, background_image,...displayRest }) => ({
+			...displayRest,
+			...logo?.url ? { logo: { uri: logo.url } } : {},
+			...background_image?.url ? { background_image: { uri: background_image.url } } : {}
+		})) } : {}
+	} } : {}
 })).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialIssuerMetadataDraft11To14,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialIssuerMetadataDraft11To14,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialIssuerMetadataDraft11To14
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod13.default.NEVER;
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialIssuerMetadataDraft11To14,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialIssuerMetadataDraft11To14,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialIssuerMetadataDraft11To14
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
-var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSupportedWithFormats.transform(
-  ({ credential_metadata, ...rest }) => ({
-    ...credential_metadata,
-    ...rest
-  })
-);
-var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
-  import_zod13.default.object({
-    id: import_zod13.default.string()
-  }).passthrough()
-).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, ...rest }) => ({
-  ...rest,
-  ...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
-  ...display ? {
-    display: display.map(({ logo, background_image, ...displayRest }) => {
-      const { uri: logoUri, ...logoRest } = logo ?? {};
-      const { uri: backgroundImageUri, ...backgroundImageRest } = background_image ?? {};
-      return {
-        ...displayRest,
-        // draft 11 uses url, draft 13/14 uses uri
-        ...logoUri ? { logo: { url: logoUri, ...logoRest } } : {},
-        // draft 11 uses url, draft 13/14 uses uri
-        ...backgroundImageUri ? { logo: { url: backgroundImageUri, ...backgroundImageRest } } : {}
-      };
-    })
-  } : {},
-  id
-})).pipe(
-  import_zod13.default.union([
-    zLdpVcCredentialIssuerMetadataDraft14To11,
-    zJwtVcJsonCredentialIssuerMetadataDraft14To11,
-    zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
-    // To handle unrecognized formats and not error immediately we allow the common format as well
-    // but they can't use any of the format identifiers that have a specific transformation. This way if a format is
-    // has a transformation it NEEDS to use the format specific transformation, and otherwise we fall back to the common validation
-    import_zod13.default.object({
-      format: import_zod13.default.string().refine(
-        (input) => ![
-          zLdpVcFormatIdentifier.value,
-          zJwtVcJsonFormatIdentifier.value,
-          zJwtVcJsonLdFormatIdentifier.value
-        ].includes(input)
-      )
-    }).passthrough()
-  ])
-);
-var zCredentialIssuerMetadataDraft11To16 = import_zod13.default.object({
-  authorization_server: import_zod13.default.string().optional(),
-  credentials_supported: import_zod13.default.array(
-    import_zod13.default.object({
-      id: import_zod13.default.string().optional()
-    }).passthrough()
-  )
-}).passthrough().transform(({ authorization_server, credentials_supported, ...rest }) => {
-  return {
-    ...rest,
-    ...authorization_server ? { authorization_servers: [authorization_server] } : {},
-    // Go from array to map but keep v11 structure
-    credential_configurations_supported: Object.fromEntries(
-      credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0)
-    )
-  };
-}).pipe(
-  import_zod13.default.object({
-    // Update from v11 structure to v14 structure
-    credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedDraft11To16)
-  }).passthrough()
-).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
-var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
-  ...issuerMetadata,
-  ...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
-  credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
-    ...value,
-    id
-  }))
-})).pipe(
-  zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
-    credentials_supported: import_zod13.default.array(zCredentialConfigurationSupportedDraft16To11)
-  })
-);
-var zCredentialIssuerMetadata = import_zod13.default.union([
-  // First prioritize draft 16/15/14 (and 13)
-  zCredentialIssuerMetadataDraft14Draft15Draft16,
-  // Then try parsing draft 11 and transform into draft 16
-  zCredentialIssuerMetadataDraft11To16
-]);
-var zCredentialIssuerMetadataWithDraftVersion = import_zod13.default.union([
-  zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
-    const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
-    const isDraft15 = credentialConfigurations.some((configuration) => {
-      const knownConfiguration = configuration;
-      if (knownConfiguration.format === zSdJwtDcFormatIdentifier.value) return true;
-      if (Array.isArray(knownConfiguration.claims)) return true;
-      if (Object.values(knownConfiguration.proof_types_supported ?? {}).some(
-        (proofType) => proofType.key_attestations_required !== void 0
-      ))
-        return true;
-      return false;
-    });
-    const isDraft16 = credentialConfigurations.some((configuration) => {
-      return configuration.credential_metadata;
-    });
-    return {
-      credentialIssuerMetadata,
-      originalDraftVersion: isDraft16 ? "Draft16" /* Draft16 */ : isDraft15 ? "Draft15" /* Draft15 */ : "Draft14" /* Draft14 */
-    };
-  }),
-  // Then try parsing draft 11 and transform into draft 14
-  zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
-    credentialIssuerMetadata,
-    originalDraftVersion: "Draft11" /* Draft11 */
-  }))
-]);
+const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
+	...credential_metadata,
+	...rest
+})).and(zod.default.object({ id: zod.default.string() }).passthrough()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
+	...rest,
+	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
+	...display ? { display: display.map(({ logo, background_image,...displayRest }) => {
+		const { uri: logoUri,...logoRest } = logo ?? {};
+		const { uri: backgroundImageUri,...backgroundImageRest } = background_image ?? {};
+		return {
+			...displayRest,
+			...logoUri ? { logo: {
+				url: logoUri,
+				...logoRest
+			} } : {},
+			...backgroundImageUri ? { logo: {
+				url: backgroundImageUri,
+				...backgroundImageRest
+			} } : {}
+		};
+	}) } : {},
+	id
+})).pipe(zod.default.union([
+	zLdpVcCredentialIssuerMetadataDraft14To11,
+	zJwtVcJsonCredentialIssuerMetadataDraft14To11,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
+	zod.default.object({ format: zod.default.string().refine((input) => ![
+		zLdpVcFormatIdentifier.value,
+		zJwtVcJsonFormatIdentifier.value,
+		zJwtVcJsonLdFormatIdentifier.value
+	].includes(input)) }).passthrough()
+]));
+const zCredentialIssuerMetadataDraft11To16 = zod.default.object({
+	authorization_server: zod.default.string().optional(),
+	credentials_supported: zod.default.array(zod.default.object({ id: zod.default.string().optional() }).passthrough())
+}).passthrough().transform(({ authorization_server, credentials_supported,...rest }) => {
+	return {
+		...rest,
+		...authorization_server ? { authorization_servers: [authorization_server] } : {},
+		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
+	};
+}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).passthrough()).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
+const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
+	...issuerMetadata,
+	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
+	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
+		...value,
+		id
+	}))
+})).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedDraft16To11) }));
+const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
+	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
+	const isDraft15 = credentialConfigurations.some((configuration) => {
+		const knownConfiguration = configuration;
+		if (knownConfiguration.format === zSdJwtDcFormatIdentifier.value) return true;
+		if (Array.isArray(knownConfiguration.claims)) return true;
+		if (Object.values(knownConfiguration.proof_types_supported ?? {}).some((proofType) => proofType.key_attestations_required !== void 0)) return true;
+		return false;
+	});
+	return {
+		credentialIssuerMetadata,
+		originalDraftVersion: credentialConfigurations.some((configuration) => {
+			return configuration.credential_metadata;
+		}) ? Openid4vciDraftVersion.Draft16 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+	};
+}), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
+	credentialIssuerMetadata,
+	originalDraftVersion: Openid4vciDraftVersion.Draft11
+}))]);
-// src/metadata/credential-issuer/credential-issuer-metadata.ts
-var wellKnownCredentialIssuerSuffix = ".well-known/openid-credential-issuer";
+//#endregion
+//#region src/metadata/credential-issuer/credential-issuer-metadata.ts
+const wellKnownCredentialIssuerSuffix = ".well-known/openid-credential-issuer";
+/**
+* @inheritdoc {@link fetchWellKnownMetadata}
+*/
 async function fetchCredentialIssuerMetadata(credentialIssuer, fetch) {
-  const wellKnownMetadataUrl = (0, import_utils5.joinUriParts)(credentialIssuer, [wellKnownCredentialIssuerSuffix]);
-  const result = await (0, import_oauth25.fetchWellKnownMetadata)(wellKnownMetadataUrl, zCredentialIssuerMetadataWithDraftVersion, fetch);
-  if (result && result.credentialIssuerMetadata.credential_issuer !== credentialIssuer) {
-    throw new import_oauth25.Oauth2Error(
-      `The 'credential_issuer' parameter '${result.credentialIssuerMetadata.credential_issuer}' in the well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`
-    );
-  }
-  return result;
+	const wellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(credentialIssuer, [wellKnownCredentialIssuerSuffix]);
+	const result = await (0, __openid4vc_oauth2.fetchWellKnownMetadata)(wellKnownMetadataUrl, zCredentialIssuerMetadataWithDraftVersion, fetch);
+	if (result && result.credentialIssuerMetadata.credential_issuer !== credentialIssuer) throw new __openid4vc_oauth2.Oauth2Error(`The 'credential_issuer' parameter '${result.credentialIssuerMetadata.credential_issuer}' in the well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`);
+	return result;
 }
+/**
+* Extract credential configuration supported entries where the `format` is known to this
+* library. Should be ran only after verifying the credential issuer metadata structure, so
+* we can be certain that if the `format` matches the other format specific requirements are also met.
+*
+* Validation is done when resolving issuer metadata, or when calling `createIssuerMetadata`.
+*/
 function extractKnownCredentialConfigurationSupportedFormats(credentialConfigurationsSupported) {
-  return Object.fromEntries(
-    Object.entries(credentialConfigurationsSupported).filter(
-      (entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)
-    )
-  );
+	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)));
 }
 function getCredentialConfigurationSupportedById(credentialConfigurations, credentialConfigurationId) {
-  const configuration = credentialConfigurations[credentialConfigurationId];
-  if (!configuration) {
-    throw new import_oauth25.Oauth2Error(
-      `Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`
-    );
-  }
-  return configuration;
+	const configuration = credentialConfigurations[credentialConfigurationId];
+	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
+	return configuration;
 }
-// src/credential-request/credential-request-configurations.ts
-function getCredentialConfigurationsMatchingRequestFormat({
-  requestFormat,
-  credentialConfigurations
-}) {
-  const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
-  return Object.fromEntries(
-    Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
-      if (credentialConfiguration.format !== requestFormat.format) return false;
-      const r = requestFormat;
-      const c = credentialConfiguration;
-      if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) {
-        return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
-      }
-      if (c.format === "jwt_vc_json" && r.format === c.format) {
-        return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-      }
-      if (c.format === "vc+sd-jwt" && r.format === c.format) {
-        if (r.vct && c.vct) {
-          return r.vct === c.vct;
-        }
-        if (c.credential_definition && r.credential_definition) {
-          return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-        }
-      }
-      if (c.format === "mso_mdoc" && r.format === c.format) {
-        return r.doctype === c.doctype;
-      }
-      return false;
-    })
-  );
+//#endregion
+//#region src/credential-request/credential-request-configurations.ts
+function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, credentialConfigurations }) {
+	const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
+	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
+		if (credentialConfiguration.format !== requestFormat.format) return false;
+		const r = requestFormat;
+		const c = credentialConfiguration;
+		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
+		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		if (c.format === "vc+sd-jwt" && r.format === c.format) {
+			if (r.vct && c.vct) return r.vct === c.vct;
+			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		}
+		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
+		return false;
+	}));
 }
-// src/error/Openid4vciError.ts
+//#endregion
+//#region src/error/Openid4vciError.ts
 var Openid4vciError = class extends Error {
-  constructor(message, options) {
-    const errorMessage = message ?? "Unknown error occured.";
-    const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
-    super(`${errorMessage}${causeMessage}`);
-    this.cause = options?.cause;
-  }
+	constructor(message, options) {
+		const errorMessage = message ?? "Unknown error occured.";
+		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
+		super(`${errorMessage}${causeMessage}`);
+		this.cause = options?.cause;
+	}
 };
-// src/error/Openid4vciRetrieveCredentialsError.ts
-var import_utils7 = require("@openid4vc/utils");
+//#endregion
+//#region src/error/Openid4vciRetrieveCredentialsError.ts
 var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
-  constructor(message, response, responseText) {
-    const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, import_utils7.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
-    super(`${message}
-${JSON.stringify(errorData, null, 2)}`);
-    this.response = response;
-  }
+	constructor(message, response, responseText) {
+		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
+		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
+		this.response = response;
+	}
 };
-// src/error/Openid4vciSendNotificationError.ts
+//#endregion
+//#region src/error/Openid4vciSendNotificationError.ts
 var Openid4vciSendNotificationError = class extends Openid4vciError {
-  constructor(message, response) {
-    super(message);
-    this.response = response;
-  }
+	constructor(message, response) {
+		super(message);
+		this.response = response;
+	}
 };
-// src/key-attestation/key-attestation.ts
-var import_oauth26 = require("@openid4vc/oauth2");
-var import_oauth27 = require("@openid4vc/oauth2");
-var import_utils8 = require("@openid4vc/utils");
+//#endregion
+//#region src/key-attestation/key-attestation.ts
 async function createKeyAttestationJwt(options) {
-  const header = (0, import_utils8.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
-    ...(0, import_oauth26.jwtHeaderFromJwtSigner)(options.signer),
-    typ: "keyattestation+jwt"
-  });
-  const payload = (0, import_utils8.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
-    iat: (0, import_utils8.dateToSeconds)(options.issuedAt),
-    exp: options.expiresAt ? (0, import_utils8.dateToSeconds)(options.expiresAt) : void 0,
-    nonce: options.nonce,
-    attested_keys: options.attestedKeys,
-    user_authentication: options.userAuthentication,
-    key_storage: options.keyStorage,
-    certification: options.certification,
-    ...options.additionalPayload
-  });
-  const { jwt } = await options.callbacks.signJwt(options.signer, { header, payload });
-  return jwt;
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		typ: "keyattestation+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
+		nonce: options.nonce,
+		attested_keys: options.attestedKeys,
+		user_authentication: options.userAuthentication,
+		key_storage: options.keyStorage,
+		certification: options.certification,
+		...options.additionalPayload
+	});
+	const { jwt } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	return jwt;
 }
 function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
-  return (0, import_oauth26.decodeJwt)({
-    jwt: keyAttestationJwt,
-    headerSchema: zKeyAttestationJwtHeader,
-    payloadSchema: zKeyAttestationJwtPayloadForUse(use)
-  });
+	return (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: keyAttestationJwt,
+		headerSchema: zKeyAttestationJwtHeader,
+		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
+	});
 }
 async function verifyKeyAttestationJwt(options) {
-  const { header, payload } = parseKeyAttestationJwt({ keyAttestationJwt: options.keyAttestationJwt, use: options.use });
-  const now = options.now?.getTime() ?? Date.now();
-  if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) {
-    throw new Openid4vciError("Nonce used for key attestation jwt expired");
-  }
-  const { signer } = await (0, import_oauth27.verifyJwt)({
-    compact: options.keyAttestationJwt,
-    header,
-    payload,
-    signer: (0, import_oauth27.jwtSignerFromJwt)({ header, payload }),
-    verifyJwtCallback: options.callbacks.verifyJwt,
-    errorMessage: "Error verifiying key attestation jwt",
-    expectedNonce: options.expectedNonce,
-    now: options.now
-  });
-  return {
-    header,
-    payload,
-    signer
-  };
+	const { header, payload } = parseKeyAttestationJwt({
+		keyAttestationJwt: options.keyAttestationJwt,
+		use: options.use
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.keyAttestationJwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying key attestation jwt",
+		expectedNonce: options.expectedNonce,
+		now: options.now
+	});
+	return {
+		header,
+		payload,
+		signer
+	};
 }
-// src/metadata/credential-issuer/credential-configurations.ts
-var import_oauth28 = require("@openid4vc/oauth2");
-var import_utils9 = require("@openid4vc/utils");
+//#endregion
+//#region src/metadata/credential-issuer/credential-configurations.ts
 function extractScopesForCredentialConfigurationIds(options) {
-  const scopes = /* @__PURE__ */ new Set();
-  for (const credentialConfigurationId of options.credentialConfigurationIds) {
-    const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-    if (!credentialConfiguration) {
-      throw new import_oauth28.Oauth2Error(
-        `Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-      );
-    }
-    const scope = credentialConfiguration.scope;
-    if (scope) scopes.add(scope);
-    else if (!scope && options.throwOnConfigurationWithoutScope) {
-      throw new import_oauth28.Oauth2Error(
-        `Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`
-      );
-    }
-  }
-  return scopes.size > 0 ? Array.from(scopes) : void 0;
+	const scopes = /* @__PURE__ */ new Set();
+	for (const credentialConfigurationId of options.credentialConfigurationIds) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		const scope = credentialConfiguration.scope;
+		if (scope) scopes.add(scope);
+		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
+	}
+	return scopes.size > 0 ? Array.from(scopes) : void 0;
 }
+/**
+* Transforms draft 11 credentials supported syntax to credential configurations supported
+*
+* @throws if a credentials supported entry without id is passed
+* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+*/
 function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
-  const credentialConfigurationsSupported = {};
-  for (let index = 0; index < credentialsSupported.length; index++) {
-    const credentialSupported = credentialsSupported[index];
-    if (!credentialSupported.id) {
-      throw new Openid4vciError(
-        `Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`
-      );
-    }
-    const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
-    if (!parseResult.success) {
-      throw new import_utils9.ValidationError(
-        `Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`,
-        parseResult.error
-      );
-    }
-    credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
-  }
-  return credentialConfigurationsSupported;
+	const credentialConfigurationsSupported = {};
+	for (let index = 0; index < credentialsSupported.length; index++) {
+		const credentialSupported = credentialsSupported[index];
+		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
+		const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
+		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
+		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
+	}
+	return credentialConfigurationsSupported;
 }
-// src/Openid4vciClient.ts
-var import_oauth219 = require("@openid4vc/oauth2");
-// src/credential-request/format-payload.ts
-var import_utils10 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
-  const credentialConfiguration = getCredentialConfigurationSupportedById(
-    options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-    options.credentialConfigurationId
-  );
-  if ((0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      vct: credentialConfiguration.vct
-    };
-  }
-  if ((0, import_utils10.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      doctype: credentialConfiguration.doctype
-    };
-  }
-  if ((0, import_utils10.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zLdpVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        "@context": credentialConfiguration.credential_definition["@context"],
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zJwtVcJsonLdCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        "@context": credentialConfiguration.credential_definition["@context"],
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zJwtVcJsonCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) {
-    throw new Openid4vciError(
-      `Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`
-    );
-  }
-  if ((0, import_utils10.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  throw new Openid4vciError(
-    `Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-  );
+	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		vct: credentialConfiguration.vct
+	};
+	if ((0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		doctype: credentialConfiguration.doctype
+	};
+	if ((0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: {
+			"@context": credentialConfiguration.credential_definition["@context"],
+			type: credentialConfiguration.credential_definition.type
+		}
+	};
+	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: {
+			"@context": credentialConfiguration.credential_definition["@context"],
+			type: credentialConfiguration.credential_definition.type
+		}
+	};
+	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: { type: credentialConfiguration.credential_definition.type }
+	};
+	if ((0, __openid4vc_utils.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) throw new Openid4vciError(`Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`);
+	if ((0, __openid4vc_utils.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: { type: credentialConfiguration.credential_definition.type }
+	};
+	throw new Openid4vciError(`Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
 }
-// src/credential-request/retrieve-credentials.ts
-var import_oauth213 = require("@openid4vc/oauth2");
-var import_utils12 = require("@openid4vc/utils");
-// src/credential-request/z-credential-request.ts
-var import_oauth212 = require("@openid4vc/oauth2");
-var import_zod17 = __toESM(require("zod"));
-// src/credential-request/z-credential-request-common.ts
-var import_oauth211 = require("@openid4vc/oauth2");
-var import_zod16 = __toESM(require("zod"));
-// src/formats/proof-type/jwt/z-jwt-proof-type.ts
-var import_oauth29 = require("@openid4vc/oauth2");
-var import_utils11 = require("@openid4vc/utils");
-var import_zod14 = __toESM(require("zod"));
-var zJwtProofTypeIdentifier = import_zod14.default.literal("jwt");
-var jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
-var zCredentialRequestProofJwt = import_zod14.default.object({
-  proof_type: zJwtProofTypeIdentifier,
-  jwt: import_oauth29.zCompactJwt
-});
-var zCredentialRequestJwtProofTypeHeader = import_oauth29.zJwtHeader.merge(
-  import_zod14.default.object({
-    key_attestation: import_zod14.default.optional(import_oauth29.zCompactJwt),
-    typ: import_zod14.default.literal("openid4vci-proof+jwt")
-  })
-).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
-  message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
-}).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
-  message: `When 'trust_chain' is provided, 'kid' is required`
+//#endregion
+//#region src/formats/proof-type/attestation/z-attestation-proof-type.ts
+const zAttestationProofTypeIdentifier = zod.default.literal("attestation");
+const attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
+const zCredentialRequestProofAttestation = zod.default.object({
+	proof_type: zAttestationProofTypeIdentifier,
+	attestation: __openid4vc_oauth2.zCompactJwt
 });
-var zCredentialRequestJwtProofTypePayload = import_zod14.default.object({
-  ...import_oauth29.zJwtPayload.shape,
-  aud: import_utils11.zHttpsUrl,
-  iat: import_utils11.zInteger
-}).passthrough();
+const zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
-// src/formats/proof-type/attestation/z-attestation-proof-type.ts
-var import_oauth210 = require("@openid4vc/oauth2");
-var import_zod15 = __toESM(require("zod"));
-var zAttestationProofTypeIdentifier = import_zod15.default.literal("attestation");
-var attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
-var zCredentialRequestProofAttestation = import_zod15.default.object({
-  proof_type: zAttestationProofTypeIdentifier,
-  attestation: import_oauth210.zCompactJwt
+//#endregion
+//#region src/formats/proof-type/jwt/z-jwt-proof-type.ts
+const zJwtProofTypeIdentifier = zod.default.literal("jwt");
+const jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
+const zCredentialRequestProofJwt = zod.default.object({
+	proof_type: zJwtProofTypeIdentifier,
+	jwt: __openid4vc_oauth2.zCompactJwt
 });
-var zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
-// src/credential-request/z-credential-request-common.ts
-var zCredentialRequestProofCommon = import_zod16.default.object({
-  proof_type: import_zod16.default.string()
+const zCredentialRequestJwtProofTypeHeader = __openid4vc_oauth2.zJwtHeader.merge(zod.default.object({
+	key_attestation: zod.default.optional(__openid4vc_oauth2.zCompactJwt),
+	typ: zod.default.literal("openid4vci-proof+jwt")
+})).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+const zCredentialRequestJwtProofTypePayload = zod.default.object({
+	...__openid4vc_oauth2.zJwtPayload.shape,
+	aud: __openid4vc_utils.zHttpsUrl,
+	iat: __openid4vc_utils.zInteger
 }).passthrough();
-var allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
-var zCredentialRequestProof = import_zod16.default.union([
-  zCredentialRequestProofCommon,
-  import_zod16.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
-]);
-var zCredentialRequestProofsCommon = import_zod16.default.record(import_zod16.default.string(), import_zod16.default.array(import_zod16.default.unknown()));
-var zCredentialRequestProofs = import_zod16.default.object({
-  [zJwtProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofJwt.shape.jwt)),
-  [zAttestationProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofAttestation.shape.attestation))
-});
-var zCredentialRequestCommon = import_zod16.default.object({
-  proof: zCredentialRequestProof.optional(),
-  proofs: import_zod16.default.optional(
-    import_zod16.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
-      message: `The 'proofs' object in a credential request should contain exactly one attribute`
-    })
-  ),
-  credential_response_encryption: import_zod16.default.object({
-    jwk: import_oauth211.zJwk,
-    alg: import_zod16.default.string(),
-    enc: import_zod16.default.string()
-  }).passthrough().optional()
-}).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), {
-  message: `Both 'proof' and 'proofs' are defined. Only one is allowed`
+//#endregion
+//#region src/credential-request/z-credential-request-common.ts
+const zCredentialRequestProofCommon = zod.default.object({ proof_type: zod.default.string() }).passthrough();
+const allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
+const zCredentialRequestProof = zod.default.union([zCredentialRequestProofCommon, zod.default.discriminatedUnion("proof_type", allCredentialRequestProofs)]);
+const zCredentialRequestProofsCommon = zod.default.record(zod.default.string(), zod.default.array(zod.default.unknown()));
+const zCredentialRequestProofs = zod.default.object({
+	[zJwtProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofJwt.shape.jwt)),
+	[zAttestationProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofAttestation.shape.attestation))
 });
+const zCredentialRequestCommon = zod.default.object({
+	proof: zCredentialRequestProof.optional(),
+	proofs: zod.default.optional(zod.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, { message: `The 'proofs' object in a credential request should contain exactly one attribute` })),
+	credential_response_encryption: zod.default.object({
+		jwk: __openid4vc_oauth2.zJwk,
+		alg: zod.default.string(),
+		enc: zod.default.string()
+	}).passthrough().optional()
+}).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), { message: `Both 'proof' and 'proofs' are defined. Only one is allowed` });
-// src/credential-request/z-credential-request.ts
-var allCredentialRequestFormats = [
-  zSdJwtW3VcCredentialRequestFormatDraft14,
-  zMsoMdocCredentialRequestFormatDraft14,
-  zLdpVcCredentialRequestFormatDraft14,
-  zJwtVcJsonLdCredentialRequestFormatDraft14,
-  zJwtVcJsonCredentialRequestFormatDraft14,
-  zLegacySdJwtVcCredentialRequestFormatDraft14
+//#endregion
+//#region src/credential-request/z-credential-request.ts
+const allCredentialRequestFormats = [
+	zSdJwtW3VcCredentialRequestFormatDraft14,
+	zMsoMdocCredentialRequestFormatDraft14,
+	zLdpVcCredentialRequestFormatDraft14,
+	zJwtVcJsonLdCredentialRequestFormatDraft14,
+	zJwtVcJsonCredentialRequestFormatDraft14,
+	zLegacySdJwtVcCredentialRequestFormatDraft14
 ];
-var allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map(
-  (format) => format.shape.format.value
-);
-var zCredentialRequestCredentialConfigurationId = import_zod17.default.object({
-  credential_configuration_id: import_zod17.default.string(),
-  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
-  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
+const allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map((format) => format.shape.format.value);
+const zCredentialRequestCredentialConfigurationId = zod.default.object({
+	credential_configuration_id: zod.default.string(),
+	format: zod.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
+	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
 });
-var zAuthorizationDetailsCredentialRequest = import_zod17.default.object({
-  credential_identifier: import_zod17.default.string(),
-  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
-  // Cannot be present if credential identifier is present
-  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
+const zAuthorizationDetailsCredentialRequest = zod.default.object({
+	credential_identifier: zod.default.string(),
+	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
+	format: zod.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
 });
-var zCredentialRequestFormat = import_zod17.default.object({
-  format: import_zod17.default.string(),
-  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
-  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
+const zCredentialRequestFormat = zod.default.object({
+	format: zod.default.string(),
+	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
+	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
 }).passthrough();
-var zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-  if (!allCredentialRequestFormatIdentifiers.includes(
-    data.format
-  ))
-    return data;
-  const result = import_zod17.default.object({}).passthrough().and(import_zod17.default.union(allCredentialRequestFormats)).safeParse(data);
-  if (result.success) {
-    return result.data;
-  }
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
+	if (!allCredentialRequestFormatIdentifiers.includes(data.format)) return data;
+	const result = zod.default.object({}).passthrough().and(zod.default.union(allCredentialRequestFormats)).safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialRequestDraft15 = import_zod17.default.union([
-  zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest),
-  zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)
-]);
-var zCredentialRequestDraft14 = import_zod17.default.union([
-  zCredentialRequestDraft14WithFormat,
-  zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)
-]);
-var zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft11To14,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft11To14,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft11To14
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft15 = zod.default.union([zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest), zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)]);
+const zCredentialRequestDraft14 = zod.default.union([zCredentialRequestDraft14WithFormat, zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)]);
+const zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft11To14,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft11To14,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft11To14
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 }).pipe(zCredentialRequestDraft14);
-var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
-  (data) => data.credential_identifier === void 0,
-  `'credential_identifier' is not supported in OpenID4VCI draft 11`
-).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft14To11
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine((data) => data.credential_identifier === void 0, `'credential_identifier' is not supported in OpenID4VCI draft 11`).transform((data, ctx) => {
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft14To11
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialRequest = import_zod17.default.union([
-  zCredentialRequestDraft15,
-  zCredentialRequestDraft14,
-  zCredentialRequestDraft11To14
+const zCredentialRequest = zod.default.union([
+	zCredentialRequestDraft15,
+	zCredentialRequestDraft14,
+	zCredentialRequestDraft11To14
 ]);
-var zDeferredCredentialRequest = import_zod17.default.object({
-  transaction_id: import_zod17.default.string().nonempty(),
-  credential_response_encryption: import_zod17.default.object({
-    jwk: import_oauth212.zJwk,
-    alg: import_zod17.default.string(),
-    enc: import_zod17.default.string()
-  }).passthrough().optional()
+const zDeferredCredentialRequest = zod.default.object({
+	transaction_id: zod.default.string().nonempty(),
+	credential_response_encryption: zod.default.object({
+		jwk: __openid4vc_oauth2.zJwk,
+		alg: zod.default.string(),
+		enc: zod.default.string()
+	}).passthrough().optional()
 });
-// src/credential-request/z-credential-response.ts
-var import_zod19 = __toESM(require("zod"));
-// ../oauth2/src/common/z-oauth2-error.ts
-var import_zod18 = __toESM(require("zod"));
-var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
-  Oauth2ErrorCodes4["ServerError"] = "server_error";
-  Oauth2ErrorCodes4["InvalidTarget"] = "invalid_target";
-  Oauth2ErrorCodes4["InvalidRequest"] = "invalid_request";
-  Oauth2ErrorCodes4["InvalidToken"] = "invalid_token";
-  Oauth2ErrorCodes4["InsufficientScope"] = "insufficient_scope";
-  Oauth2ErrorCodes4["InvalidGrant"] = "invalid_grant";
-  Oauth2ErrorCodes4["InvalidClient"] = "invalid_client";
-  Oauth2ErrorCodes4["UnauthorizedClient"] = "unauthorized_client";
-  Oauth2ErrorCodes4["UnsupportedGrantType"] = "unsupported_grant_type";
-  Oauth2ErrorCodes4["InvalidScope"] = "invalid_scope";
-  Oauth2ErrorCodes4["InvalidDpopProof"] = "invalid_dpop_proof";
-  Oauth2ErrorCodes4["UseDpopNonce"] = "use_dpop_nonce";
-  Oauth2ErrorCodes4["RedirectToWeb"] = "redirect_to_web";
-  Oauth2ErrorCodes4["InvalidSession"] = "invalid_session";
-  Oauth2ErrorCodes4["InsufficientAuthorization"] = "insufficient_authorization";
-  Oauth2ErrorCodes4["InvalidCredentialRequest"] = "invalid_credential_request";
-  Oauth2ErrorCodes4["CredentialRequestDenied"] = "credential_request_denied";
-  Oauth2ErrorCodes4["InvalidProof"] = "invalid_proof";
-  Oauth2ErrorCodes4["InvalidNonce"] = "invalid_nonce";
-  Oauth2ErrorCodes4["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
-  Oauth2ErrorCodes4["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
-  Oauth2ErrorCodes4["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
-  Oauth2ErrorCodes4["InvalidTransactionId"] = "invalid_transaction_id";
-  Oauth2ErrorCodes4["UnsupportedCredentialType"] = "unsupported_credential_type";
-  Oauth2ErrorCodes4["UnsupportedCredentialFormat"] = "unsupported_credential_format";
-  Oauth2ErrorCodes4["InvalidRequestUri"] = "invalid_request_uri";
-  Oauth2ErrorCodes4["InvalidRequestObject"] = "invalid_request_object";
-  Oauth2ErrorCodes4["RequestNotSupported"] = "request_not_supported";
-  Oauth2ErrorCodes4["RequestUriNotSupported"] = "request_uri_not_supported";
-  Oauth2ErrorCodes4["VpFormatsNotSupported"] = "vp_formats_not_supported";
-  Oauth2ErrorCodes4["AccessDenied"] = "access_denied";
-  Oauth2ErrorCodes4["InvalidPresentationDefinitionUri"] = "invalid_presentation_definition_uri";
-  Oauth2ErrorCodes4["InvalidPresentationDefinitionReference"] = "invalid_presentation_definition_reference";
-  Oauth2ErrorCodes4["InvalidRequestUriMethod"] = "invalid_request_uri_method";
-  Oauth2ErrorCodes4["InvalidTransactionData"] = "invalid_transaction_data";
-  Oauth2ErrorCodes4["WalletUnavailable"] = "wallet_unavailable";
-  return Oauth2ErrorCodes4;
-})(Oauth2ErrorCodes || {});
-var zOauth2ErrorResponse = import_zod18.default.object({
-  error: import_zod18.default.union([import_zod18.default.nativeEnum(Oauth2ErrorCodes), import_zod18.default.string()]),
-  error_description: import_zod18.default.string().optional(),
-  error_uri: import_zod18.default.string().optional()
+//#endregion
+//#region ../oauth2/src/common/z-oauth2-error.ts
+let Oauth2ErrorCodes$2 = /* @__PURE__ */ function(Oauth2ErrorCodes$3) {
+	Oauth2ErrorCodes$3["ServerError"] = "server_error";
+	Oauth2ErrorCodes$3["InvalidTarget"] = "invalid_target";
+	Oauth2ErrorCodes$3["InvalidRequest"] = "invalid_request";
+	Oauth2ErrorCodes$3["InvalidToken"] = "invalid_token";
+	Oauth2ErrorCodes$3["InsufficientScope"] = "insufficient_scope";
+	Oauth2ErrorCodes$3["InvalidGrant"] = "invalid_grant";
+	Oauth2ErrorCodes$3["InvalidClient"] = "invalid_client";
+	Oauth2ErrorCodes$3["UnauthorizedClient"] = "unauthorized_client";
+	Oauth2ErrorCodes$3["UnsupportedGrantType"] = "unsupported_grant_type";
+	Oauth2ErrorCodes$3["InvalidScope"] = "invalid_scope";
+	Oauth2ErrorCodes$3["InvalidDpopProof"] = "invalid_dpop_proof";
+	Oauth2ErrorCodes$3["UseDpopNonce"] = "use_dpop_nonce";
+	Oauth2ErrorCodes$3["RedirectToWeb"] = "redirect_to_web";
+	Oauth2ErrorCodes$3["InvalidSession"] = "invalid_session";
+	Oauth2ErrorCodes$3["InsufficientAuthorization"] = "insufficient_authorization";
+	Oauth2ErrorCodes$3["InvalidCredentialRequest"] = "invalid_credential_request";
+	Oauth2ErrorCodes$3["CredentialRequestDenied"] = "credential_request_denied";
+	Oauth2ErrorCodes$3["InvalidProof"] = "invalid_proof";
+	Oauth2ErrorCodes$3["InvalidNonce"] = "invalid_nonce";
+	Oauth2ErrorCodes$3["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
+	Oauth2ErrorCodes$3["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
+	Oauth2ErrorCodes$3["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
+	Oauth2ErrorCodes$3["InvalidTransactionId"] = "invalid_transaction_id";
+	Oauth2ErrorCodes$3["UnsupportedCredentialType"] = "unsupported_credential_type";
+	Oauth2ErrorCodes$3["UnsupportedCredentialFormat"] = "unsupported_credential_format";
+	Oauth2ErrorCodes$3["InvalidRequestUri"] = "invalid_request_uri";
+	Oauth2ErrorCodes$3["InvalidRequestObject"] = "invalid_request_object";
+	Oauth2ErrorCodes$3["RequestNotSupported"] = "request_not_supported";
+	Oauth2ErrorCodes$3["RequestUriNotSupported"] = "request_uri_not_supported";
+	Oauth2ErrorCodes$3["VpFormatsNotSupported"] = "vp_formats_not_supported";
+	Oauth2ErrorCodes$3["AccessDenied"] = "access_denied";
+	Oauth2ErrorCodes$3["InvalidPresentationDefinitionUri"] = "invalid_presentation_definition_uri";
+	Oauth2ErrorCodes$3["InvalidPresentationDefinitionReference"] = "invalid_presentation_definition_reference";
+	Oauth2ErrorCodes$3["InvalidRequestUriMethod"] = "invalid_request_uri_method";
+	Oauth2ErrorCodes$3["InvalidTransactionData"] = "invalid_transaction_data";
+	Oauth2ErrorCodes$3["WalletUnavailable"] = "wallet_unavailable";
+	return Oauth2ErrorCodes$3;
+}({});
+const zOauth2ErrorResponse = zod.default.object({
+	error: zod.default.union([zod.default.nativeEnum(Oauth2ErrorCodes$2), zod.default.string()]),
+	error_description: zod.default.string().optional(),
+	error_uri: zod.default.string().optional()
 }).passthrough();
-// src/credential-request/z-credential-response.ts
-var zCredentialEncoding = import_zod19.default.union([import_zod19.default.string(), import_zod19.default.record(import_zod19.default.string(), import_zod19.default.any())]);
-var zBaseCredentialResponse = import_zod19.default.object({
-  credentials: import_zod19.default.union([
-    // Draft >= 15
-    import_zod19.default.array(import_zod19.default.object({ credential: zCredentialEncoding })),
-    // Draft < 15
-    import_zod19.default.array(zCredentialEncoding)
-  ]).optional(),
-  interval: import_zod19.default.number().int().positive().optional(),
-  notification_id: import_zod19.default.string().optional()
+//#endregion
+//#region src/credential-request/z-credential-response.ts
+const zCredentialEncoding = zod.default.union([zod.default.string(), zod.default.record(zod.default.string(), zod.default.any())]);
+const zBaseCredentialResponse = zod.default.object({
+	credentials: zod.default.union([zod.default.array(zod.default.object({ credential: zCredentialEncoding })), zod.default.array(zCredentialEncoding)]).optional(),
+	interval: zod.default.number().int().positive().optional(),
+	notification_id: zod.default.string().optional()
 }).passthrough();
-var zCredentialResponse = zBaseCredentialResponse.extend({
-  credential: import_zod19.default.optional(zCredentialEncoding),
-  transaction_id: import_zod19.default.string().optional(),
-  c_nonce: import_zod19.default.string().optional(),
-  c_nonce_expires_in: import_zod19.default.number().int().optional()
+const zCredentialResponse = zBaseCredentialResponse.extend({
+	credential: zod.default.optional(zCredentialEncoding),
+	transaction_id: zod.default.string().optional(),
+	c_nonce: zod.default.string().optional(),
+	c_nonce_expires_in: zod.default.number().int().optional()
 }).passthrough().superRefine((value, ctx) => {
-  const { credential, credentials, transaction_id, interval, notification_id } = value;
-  if ([credential, credentials, transaction_id].filter((i) => i !== void 0).length !== 1) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
-    });
-  }
-  if (transaction_id && !interval) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `'interval' MUST be defined when 'transaction_id' is defined.`
-    });
-  }
-  if (notification_id && !(credentials || credential)) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
-    });
-  }
+	const { credential, credentials, transaction_id, interval, notification_id } = value;
+	if ([
+		credential,
+		credentials,
+		transaction_id
+	].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
+	});
+	if (transaction_id && !interval) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `'interval' MUST be defined when 'transaction_id' is defined.`
+	});
+	if (notification_id && !(credentials || credential)) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
+	});
 });
-var zCredentialErrorResponse = import_zod19.default.object({
-  ...zOauth2ErrorResponse.shape,
-  c_nonce: import_zod19.default.string().optional(),
-  c_nonce_expires_in: import_zod19.default.number().int().optional()
+const zCredentialErrorResponse = zod.default.object({
+	...zOauth2ErrorResponse.shape,
+	c_nonce: zod.default.string().optional(),
+	c_nonce_expires_in: zod.default.number().int().optional()
 }).passthrough();
-var zDeferredCredentialResponse = zBaseCredentialResponse.refine(
-  (value) => {
-    const { credentials, interval } = value;
-    return [credentials, interval].filter((i) => i !== void 0).length === 1;
-  },
-  {
-    message: `Exactly one of 'credentials' or 'interval' MUST be defined.`
-  }
-);
+const zDeferredCredentialResponse = zBaseCredentialResponse.refine((value) => {
+	const { credentials, interval } = value;
+	return [credentials, interval].filter((i) => i !== void 0).length === 1;
+}, { message: `Exactly one of 'credentials' or 'interval' MUST be defined.` });
-// src/credential-request/retrieve-credentials.ts
+//#endregion
+//#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
-  if (options.issuerMetadata.originalDraftVersion !== "Draft15" /* Draft15 */ && options.issuerMetadata.originalDraftVersion !== "Draft16" /* Draft16 */) {
-    throw new Openid4vciError(
-      "Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request."
-    );
-  }
-  getCredentialConfigurationSupportedById(
-    options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-    options.credentialConfigurationId
-  );
-  const credentialRequest = {
-    ...options.additionalRequestPayload,
-    credential_configuration_id: options.credentialConfigurationId,
-    proof: options.proof,
-    proofs: options.proofs
-  };
-  return retrieveCredentials({
-    callbacks: options.callbacks,
-    credentialRequest,
-    issuerMetadata: options.issuerMetadata,
-    accessToken: options.accessToken,
-    dpop: options.dpop
-  });
+	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
+	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	const credentialRequest = {
+		...options.additionalRequestPayload,
+		credential_configuration_id: options.credentialConfigurationId,
+		proof: options.proof,
+		proofs: options.proofs
+	};
+	return retrieveCredentials({
+		callbacks: options.callbacks,
+		credentialRequest,
+		issuerMetadata: options.issuerMetadata,
+		accessToken: options.accessToken,
+		dpop: options.dpop
+	});
 }
 async function retrieveCredentialsWithFormat(options) {
-  if (options.issuerMetadata.originalDraftVersion === "Draft15" /* Draft15 */ || options.issuerMetadata.originalDraftVersion === "Draft16" /* Draft16 */) {
-    throw new Openid4vciError(
-      "Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request."
-    );
-  }
-  const credentialRequest = {
-    ...options.formatPayload,
-    ...options.additionalRequestPayload,
-    proof: options.proof,
-    proofs: options.proofs
-  };
-  return retrieveCredentials({
-    callbacks: options.callbacks,
-    credentialRequest,
-    issuerMetadata: options.issuerMetadata,
-    accessToken: options.accessToken,
-    dpop: options.dpop
-  });
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request.");
+	const credentialRequest = {
+		...options.formatPayload,
+		...options.additionalRequestPayload,
+		proof: options.proof,
+		proofs: options.proofs
+	};
+	return retrieveCredentials({
+		callbacks: options.callbacks,
+		credentialRequest,
+		issuerMetadata: options.issuerMetadata,
+		accessToken: options.accessToken,
+		dpop: options.dpop
+	});
 }
+/**
+* internal method
+*/
 async function retrieveCredentials(options) {
-  const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
-  let credentialRequest = (0, import_utils12.parseWithErrorHandling)(
-    zCredentialRequest,
-    options.credentialRequest,
-    "Error validating credential request"
-  );
-  if (credentialRequest.proofs) {
-    const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
-    if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-      throw new import_oauth213.Oauth2Error(
-        `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`
-      );
-    }
-    const proofs = Object.values(credentialRequest.proofs)[0];
-    if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) {
-      throw new import_oauth213.Oauth2Error(
-        `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`
-      );
-    }
-  }
-  if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-    credentialRequest = (0, import_utils12.parseWithErrorHandling)(
-      zCredentialRequestDraft14To11,
-      credentialRequest,
-      `Error transforming credential request from ${"Draft14" /* Draft14 */} to ${"Draft11" /* Draft11 */}`
-    );
-  }
-  const resourceResponse = await (0, import_oauth213.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: credentialEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils12.ContentType.Json
-      },
-      body: JSON.stringify(credentialRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const credentialErrorResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      credentialErrorResponseResult
-    };
-  }
-  const credentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-  if (!credentialResponseResult?.success) {
-    return {
-      ...resourceResponse,
-      ok: false,
-      credentialResponseResult
-    };
-  }
-  return {
-    ...resourceResponse,
-    credentialResponse: credentialResponseResult.data
-  };
+	const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
+	let credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
+	if (credentialRequest.proofs) {
+		const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
+		if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`);
+		const proofs = Object.values(credentialRequest.proofs)[0];
+		if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`);
+	}
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestDraft14To11, credentialRequest, `Error transforming credential request from ${Openid4vciDraftVersion.Draft14} to ${Openid4vciDraftVersion.Draft11}`);
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: credentialEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(credentialRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const credentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			credentialErrorResponseResult
+		};
+	}
+	const credentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	if (!credentialResponseResult?.success) return {
+		...resourceResponse,
+		ok: false,
+		credentialResponseResult
+	};
+	return {
+		...resourceResponse,
+		credentialResponse: credentialResponseResult.data
+	};
 }
 async function retrieveDeferredCredentials(options) {
-  const credentialEndpoint = options.issuerMetadata.credentialIssuer.deferred_credential_endpoint;
-  if (!credentialEndpoint) {
-    throw new Openid4vciError(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support deferred credential retrieval.`
-    );
-  }
-  const deferredCredentialRequest = (0, import_utils12.parseWithErrorHandling)(
-    zDeferredCredentialRequest,
-    {
-      transaction_id: options.transactionId,
-      ...options.additionalRequestPayload
-    },
-    "Error validating deferred credential request"
-  );
-  const resourceResponse = await (0, import_oauth213.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: credentialEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils12.ContentType.Json
-      },
-      body: JSON.stringify(deferredCredentialRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const deferredCredentialErrorResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      deferredCredentialErrorResponseResult
-    };
-  }
-  const deferredCredentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-  if (!deferredCredentialResponseResult?.success) {
-    return {
-      ...resourceResponse,
-      ok: false,
-      deferredCredentialResponseResult
-    };
-  }
-  return {
-    ...resourceResponse,
-    deferredCredentialResponse: deferredCredentialResponseResult.data
-  };
+	const credentialEndpoint = options.issuerMetadata.credentialIssuer.deferred_credential_endpoint;
+	if (!credentialEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support deferred credential retrieval.`);
+	const deferredCredentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, {
+		transaction_id: options.transactionId,
+		...options.additionalRequestPayload
+	}, "Error validating deferred credential request");
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: credentialEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(deferredCredentialRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const deferredCredentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			deferredCredentialErrorResponseResult
+		};
+	}
+	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	if (!deferredCredentialResponseResult?.success) return {
+		...resourceResponse,
+		ok: false,
+		deferredCredentialResponseResult
+	};
+	return {
+		...resourceResponse,
+		deferredCredentialResponse: deferredCredentialResponseResult.data
+	};
 }
-// src/formats/proof-type/jwt/jwt-proof-type.ts
-var import_oauth214 = require("@openid4vc/oauth2");
-var import_oauth215 = require("@openid4vc/oauth2");
-var import_utils13 = require("@openid4vc/utils");
+//#endregion
+//#region src/formats/proof-type/jwt/jwt-proof-type.ts
 async function createCredentialRequestJwtProof(options) {
-  const header = (0, import_utils13.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
-    ...(0, import_oauth214.jwtHeaderFromJwtSigner)(options.signer),
-    key_attestation: options.keyAttestationJwt,
-    typ: "openid4vci-proof+jwt"
-  });
-  const payload = (0, import_utils13.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
-    nonce: options.nonce,
-    aud: options.credentialIssuer,
-    iat: (0, import_utils13.dateToSeconds)(options.issuedAt),
-    iss: options.clientId
-  });
-  const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, { header, payload });
-  if (options.keyAttestationJwt) {
-    const decodedKeyAttestation = (0, import_oauth214.decodeJwt)({
-      jwt: options.keyAttestationJwt,
-      headerSchema: zKeyAttestationJwtHeader,
-      payloadSchema: zKeyAttestationJwtPayload
-    });
-    const isSigedWithAttestedKey = await (0, import_oauth214.isJwkInSet)({
-      jwk: signerJwk,
-      jwks: decodedKeyAttestation.payload.attested_keys,
-      callbacks: options.callbacks
-    });
-    if (!isSigedWithAttestedKey) {
-      throw new Openid4vciError(
-        `Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`
-      );
-    }
-  }
-  return jwt;
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		key_attestation: options.keyAttestationJwt,
+		typ: "openid4vci-proof+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
+		nonce: options.nonce,
+		aud: options.credentialIssuer,
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		iss: options.clientId
+	});
+	const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	if (options.keyAttestationJwt) {
+		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
+			jwk: signerJwk,
+			jwks: (0, __openid4vc_oauth2.decodeJwt)({
+				jwt: options.keyAttestationJwt,
+				headerSchema: zKeyAttestationJwtHeader,
+				payloadSchema: zKeyAttestationJwtPayload
+			}).payload.attested_keys,
+			callbacks: options.callbacks
+		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
+	}
+	return jwt;
 }
 async function verifyCredentialRequestJwtProof(options) {
-  const { header, payload } = (0, import_oauth214.decodeJwt)({
-    jwt: options.jwt,
-    headerSchema: zCredentialRequestJwtProofTypeHeader,
-    payloadSchema: zCredentialRequestJwtProofTypePayload
-  });
-  const now = options.now?.getTime() ?? Date.now();
-  if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) {
-    throw new Openid4vciError("Nonce used for credential request proof expired");
-  }
-  const { signer } = await (0, import_oauth215.verifyJwt)({
-    compact: options.jwt,
-    header,
-    payload,
-    signer: (0, import_oauth215.jwtSignerFromJwt)({ header, payload }),
-    verifyJwtCallback: options.callbacks.verifyJwt,
-    errorMessage: "Error verifiying credential request proof jwt.",
-    expectedNonce: options.expectedNonce,
-    expectedAudience: options.credentialIssuer,
-    expectedIssuer: options.clientId,
-    now: options.now
-  });
-  let keyAttestationResult = void 0;
-  if (header.key_attestation) {
-    keyAttestationResult = await verifyKeyAttestationJwt({
-      callbacks: options.callbacks,
-      keyAttestationJwt: header.key_attestation,
-      use: "proof_type.jwt"
-    });
-    const isSigedWithAttestedKey = await (0, import_oauth214.isJwkInSet)({
-      jwk: signer.publicJwk,
-      jwks: keyAttestationResult.payload.attested_keys,
-      callbacks: options.callbacks
-    });
-    if (!isSigedWithAttestedKey) {
-      throw new Openid4vciError(
-        `Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`
-      );
-    }
-  }
-  return {
-    header,
-    payload,
-    signer,
-    keyAttestation: keyAttestationResult
-  };
+	const { header, payload } = (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: options.jwt,
+		headerSchema: zCredentialRequestJwtProofTypeHeader,
+		payloadSchema: zCredentialRequestJwtProofTypePayload
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for credential request proof expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.jwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying credential request proof jwt.",
+		expectedNonce: options.expectedNonce,
+		expectedAudience: options.credentialIssuer,
+		expectedIssuer: options.clientId,
+		now: options.now
+	});
+	let keyAttestationResult;
+	if (header.key_attestation) {
+		keyAttestationResult = await verifyKeyAttestationJwt({
+			callbacks: options.callbacks,
+			keyAttestationJwt: header.key_attestation,
+			use: "proof_type.jwt"
+		});
+		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
+			jwk: signer.publicJwk,
+			jwks: keyAttestationResult.payload.attested_keys,
+			callbacks: options.callbacks
+		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
+	}
+	return {
+		header,
+		payload,
+		signer,
+		keyAttestation: keyAttestationResult
+	};
 }
-// src/metadata/fetch-issuer-metadata.ts
-var import_oauth216 = require("@openid4vc/oauth2");
-var import_utils14 = require("@openid4vc/utils");
+//#endregion
+//#region src/metadata/fetch-issuer-metadata.ts
 async function resolveIssuerMetadata(credentialIssuer, options) {
-  const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
-  const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, options?.fetch);
-  if (!credentialIssuerMetadataWithDraftVersion) {
-    throw new import_oauth216.Oauth2Error(`Well known credential issuer metadata for issuer '${credentialIssuer}' not found.`);
-  }
-  const { credentialIssuerMetadata, originalDraftVersion } = credentialIssuerMetadataWithDraftVersion;
-  const authorizationServers = credentialIssuerMetadata.authorization_servers ?? [credentialIssuer];
-  const authoriationServersMetadata = [];
-  for (const authorizationServer of authorizationServers) {
-    if (options?.restrictToAuthorizationServers && !options.restrictToAuthorizationServers.includes(authorizationServer)) {
-      continue;
-    }
-    let authorizationServerMetadata = await (0, import_oauth216.fetchAuthorizationServerMetadata)(authorizationServer, options?.fetch);
-    if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) {
-      authorizationServerMetadata = (0, import_utils14.parseWithErrorHandling)(
-        import_oauth216.zAuthorizationServerMetadata,
-        {
-          token_endpoint: credentialIssuerMetadata.token_endpoint,
-          issuer: credentialIssuer
-        },
-        `Well known authorization server metadata for authorization server '${authorizationServer}' not found, and could also not extract required values from the credential issuer metadata as a fallback.`
-      );
-    }
-    if (!authorizationServerMetadata) {
-      throw new import_oauth216.Oauth2Error(
-        `Well known openid configuration or authorization server metadata for authorization server '${authorizationServer}' not found.`
-      );
-    }
-    authoriationServersMetadata.push(authorizationServerMetadata);
-  }
-  return {
-    originalDraftVersion,
-    credentialIssuer: credentialIssuerMetadata,
-    authorizationServers: authoriationServersMetadata
-  };
+	const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
+	const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, options?.fetch);
+	if (!credentialIssuerMetadataWithDraftVersion) throw new __openid4vc_oauth2.Oauth2Error(`Well known credential issuer metadata for issuer '${credentialIssuer}' not found.`);
+	const { credentialIssuerMetadata, originalDraftVersion } = credentialIssuerMetadataWithDraftVersion;
+	const authorizationServers = credentialIssuerMetadata.authorization_servers ?? [credentialIssuer];
+	const authoriationServersMetadata = [];
+	for (const authorizationServer of authorizationServers) {
+		if (options?.restrictToAuthorizationServers && !options.restrictToAuthorizationServers.includes(authorizationServer)) continue;
+		let authorizationServerMetadata = await (0, __openid4vc_oauth2.fetchAuthorizationServerMetadata)(authorizationServer, options?.fetch);
+		if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) authorizationServerMetadata = (0, __openid4vc_utils.parseWithErrorHandling)(__openid4vc_oauth2.zAuthorizationServerMetadata, {
+			token_endpoint: credentialIssuerMetadata.token_endpoint,
+			issuer: credentialIssuer
+		}, `Well known authorization server metadata for authorization server '${authorizationServer}' not found, and could also not extract required values from the credential issuer metadata as a fallback.`);
+		if (!authorizationServerMetadata) throw new __openid4vc_oauth2.Oauth2Error(`Well known openid configuration or authorization server metadata for authorization server '${authorizationServer}' not found.`);
+		authoriationServersMetadata.push(authorizationServerMetadata);
+	}
+	return {
+		originalDraftVersion,
+		credentialIssuer: credentialIssuerMetadata,
+		authorizationServers: authoriationServersMetadata
+	};
 }
-// src/nonce/nonce-request.ts
-var import_oauth217 = require("@openid4vc/oauth2");
-var import_utils16 = require("@openid4vc/utils");
-// src/nonce/z-nonce.ts
-var import_utils15 = require("@openid4vc/utils");
-var import_zod20 = __toESM(require("zod"));
-var zNonceResponse = import_zod20.default.object({
-  c_nonce: import_zod20.default.string(),
-  c_nonce_expires_in: import_zod20.default.optional(import_utils15.zInteger)
+//#endregion
+//#region src/nonce/z-nonce.ts
+const zNonceResponse = zod.default.object({
+	c_nonce: zod.default.string(),
+	c_nonce_expires_in: zod.default.optional(__openid4vc_utils.zInteger)
 }).passthrough();
-// src/nonce/nonce-request.ts
+//#endregion
+//#region src/nonce/nonce-request.ts
+/**
+* Request a nonce from the `nonce_endpoint`
+*
+* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
+* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
+* @throws ValidationError - if validating the nonce response failed
+*/
 async function requestNonce(options) {
-  const fetchWithZod = (0, import_utils16.createZodFetcher)(options?.fetch);
-  const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
-  if (!nonceEndpoint) {
-    throw new Openid4vciError(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`
-    );
-  }
-  const { response, result } = await fetchWithZod(zNonceResponse, import_utils16.ContentType.Json, nonceEndpoint, {
-    method: "POST"
-  });
-  if (!response.ok || !result) {
-    throw new import_oauth217.InvalidFetchResponseError(
-      `Requesting nonce from '${nonceEndpoint}' resulted in an unsuccessful response with status '${response.status}'`,
-      await response.clone().text(),
-      response
-    );
-  }
-  if (!result.success) {
-    throw new import_utils16.ValidationError("Error parsing nonce response", result.error);
-  }
-  return result.data;
+	const fetchWithZod = (0, __openid4vc_utils.createZodFetcher)(options?.fetch);
+	const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
+	if (!nonceEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`);
+	const { response, result } = await fetchWithZod(zNonceResponse, __openid4vc_utils.ContentType.Json, nonceEndpoint, { method: "POST" });
+	if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Requesting nonce from '${nonceEndpoint}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
+	if (!result.success) throw new __openid4vc_utils.ValidationError("Error parsing nonce response", result.error);
+	return result.data;
 }
 function createNonceResponse(options) {
-  return (0, import_utils16.parseWithErrorHandling)(zNonceResponse, {
-    c_nonce: options.cNonce,
-    c_nonce_expires_in: options.cNonceExpiresIn,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zNonceResponse, {
+		c_nonce: options.cNonce,
+		c_nonce_expires_in: options.cNonceExpiresIn,
+		...options.additionalPayload
+	});
 }
-// src/notification/notification.ts
-var import_oauth218 = require("@openid4vc/oauth2");
-var import_utils17 = require("@openid4vc/utils");
-// src/notification/z-notification.ts
-var import_zod21 = __toESM(require("zod"));
-var zNotificationEvent = import_zod21.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
-var zNotificationRequest = import_zod21.default.object({
-  notification_id: import_zod21.default.string(),
-  event: zNotificationEvent,
-  event_description: import_zod21.default.optional(import_zod21.default.string())
-}).passthrough();
-var zNotificationErrorResponse = import_zod21.default.object({
-  error: import_zod21.default.enum(["invalid_notification_id", "invalid_notification_request"])
+//#endregion
+//#region src/notification/z-notification.ts
+const zNotificationEvent = zod.default.enum([
+	"credential_accepted",
+	"credential_failure",
+	"credential_deleted"
+]);
+const zNotificationRequest = zod.default.object({
+	notification_id: zod.default.string(),
+	event: zNotificationEvent,
+	event_description: zod.default.optional(zod.default.string())
 }).passthrough();
+const zNotificationErrorResponse = zod.default.object({ error: zod.default.enum(["invalid_notification_id", "invalid_notification_request"]) }).passthrough();
-// src/notification/notification.ts
+//#endregion
+//#region src/notification/notification.ts
 async function sendNotification(options) {
-  const notificationEndpoint = options.issuerMetadata.credentialIssuer.notification_endpoint;
-  if (!notificationEndpoint) {
-    throw new import_oauth218.Oauth2Error(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`
-    );
-  }
-  const notificationRequest = (0, import_utils17.parseWithErrorHandling)(
-    zNotificationRequest,
-    {
-      event: options.notification.event,
-      notification_id: options.notification.notificationId,
-      event_description: options.notification.eventDescription
-    },
-    "Error validating notification request"
-  );
-  const resourceResponse = await (0, import_oauth218.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: notificationEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils17.ContentType.Json
-      },
-      body: JSON.stringify(notificationRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const notificationErrorResponseResult = (0, import_utils17.isResponseContentType)(import_utils17.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      notificationErrorResponseResult
-    };
-  }
-  return resourceResponse;
+	const notificationEndpoint = options.issuerMetadata.credentialIssuer.notification_endpoint;
+	if (!notificationEndpoint) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`);
+	const notificationRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zNotificationRequest, {
+		event: options.notification.event,
+		notification_id: options.notification.notificationId,
+		event_description: options.notification.eventDescription
+	}, "Error validating notification request");
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: notificationEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(notificationRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const notificationErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			notificationErrorResponseResult
+		};
+	}
+	return resourceResponse;
 }
-// src/Openid4vciClient.ts
-var AuthorizationFlow = /* @__PURE__ */ ((AuthorizationFlow2) => {
-  AuthorizationFlow2["Oauth2Redirect"] = "Oauth2Redirect";
-  AuthorizationFlow2["PresentationDuringIssuance"] = "PresentationDuringIssuance";
-  return AuthorizationFlow2;
-})(AuthorizationFlow || {});
+//#endregion
+//#region src/Openid4vciClient.ts
+let AuthorizationFlow = /* @__PURE__ */ function(AuthorizationFlow$1) {
+	AuthorizationFlow$1["Oauth2Redirect"] = "Oauth2Redirect";
+	AuthorizationFlow$1["PresentationDuringIssuance"] = "PresentationDuringIssuance";
+	return AuthorizationFlow$1;
+}({});
 var Openid4vciClient = class {
-  constructor(options) {
-    this.options = options;
-    this.oauth2Client = new import_oauth219.Oauth2Client({
-      callbacks: this.options.callbacks
-    });
-  }
-  getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-    return extractKnownCredentialConfigurationSupportedFormats(
-      credentialIssuerMetadata.credential_configurations_supported
-    );
-  }
-  /**
-   * Resolve a credential offer into a credential offer object, handling both
-   * 'credential_offer' and 'credential_offer_uri' params.
-   */
-  async resolveCredentialOffer(credentialOffer) {
-    return resolveCredentialOffer(credentialOffer, {
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  async resolveIssuerMetadata(credentialIssuer) {
-    return resolveIssuerMetadata(credentialIssuer, {
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  /**
-   * Retrieve an authorization code for a presentation during issuance session
-   *
-   * This can only be called if an authorization challenge was performed before and returned a
-   * `presentation` parameter along with an `auth_session`. If the presentation response included
-   * an `presentation_during_issuance_session` parameter it MUST be included in this request as well.
-   */
-  async retrieveAuthorizationCodeUsingPresentation(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const oauth2Client = new import_oauth219.Oauth2Client({ callbacks: this.options.callbacks });
-    const { authorizationChallengeResponse, dpop } = await oauth2Client.sendAuthorizationChallengeRequest({
-      authorizationServerMetadata,
-      authSession: options.authSession,
-      presentationDuringIssuanceSession: options.presentationDuringIssuanceSession,
-      dpop: options.dpop
-    });
-    return { authorizationChallengeResponse, dpop };
-  }
-  /**
-   * Initiates authorization for credential issuance. It handles the following cases:
-   * - Authorization Challenge
-   * - Pushed Authorization Request
-   * - Regular Authorization url
-   *
-   * In case the authorization challenge request returns an error with `insufficient_authorization`
-   * with a `presentation` field it means the authorization server expects presentation of credentials
-   * before issuance of credentials. If this is the case, the value in `presentation` should be treated
-   * as an openid4vp authorization request and submitted to the verifier. Once the presentation response
-   * has been submitted, the RP will respond with a `presentation_during_issuance_session` parameter.
-   * Together with the `auth_session` parameter returned in this call you can retrieve an `authorization_code`
-   * using
-   */
-  async initiateAuthorization(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const oauth2Client = new import_oauth219.Oauth2Client({ callbacks: this.options.callbacks });
-    try {
-      const result = await oauth2Client.initiateAuthorization({
-        clientId: options.clientId,
-        pkceCodeVerifier: options.pkceCodeVerifier,
-        redirectUri: options.redirectUri,
-        scope: options.scope,
-        additionalRequestPayload: {
-          ...options.additionalRequestPayload,
-          issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-        },
-        dpop: options.dpop,
-        resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-        authorizationServerMetadata
-      });
-      return {
-        ...result,
-        authorizationFlow: "Oauth2Redirect" /* Oauth2Redirect */,
-        authorizationServer: authorizationServerMetadata.issuer
-      };
-    } catch (error) {
-      if (error instanceof import_oauth219.Oauth2ClientAuthorizationChallengeError && error.errorResponse.error === import_oauth219.Oauth2ErrorCodes.InsufficientAuthorization && error.errorResponse.presentation) {
-        if (!error.errorResponse.auth_session) {
-          throw new Openid4vciError(
-            `Expected 'auth_session' to be defined with authorization challenge response error '${error.errorResponse.error}' and 'presentation' parameter`
-          );
-        }
-        return {
-          authorizationFlow: "PresentationDuringIssuance" /* PresentationDuringIssuance */,
-          openid4vpRequestUrl: error.errorResponse.presentation,
-          authSession: error.errorResponse.auth_session,
-          authorizationServer: authorizationServerMetadata.issuer
-        };
-      }
-      throw error;
-    }
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.createAuthorizationRequestUrl}
-   * but specifically focused on a credential offer
-   */
-  async createAuthorizationRequestUrlFromOffer(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const { authorizationRequestUrl, pkce, dpop } = await this.oauth2Client.createAuthorizationRequestUrl({
-      authorizationServerMetadata,
-      clientId: options.clientId,
-      additionalRequestPayload: {
-        ...options.additionalRequestPayload,
-        issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-      },
-      resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-      redirectUri: options.redirectUri,
-      scope: options.scope,
-      pkceCodeVerifier: options.pkceCodeVerifier,
-      dpop: options.dpop
-    });
-    return {
-      authorizationRequestUrl,
-      pkce,
-      dpop,
-      authorizationServer: authorizationServerMetadata.issuer
-    };
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.retrievePreAuthorizedCodeAccessToken}
-   * but specifically focused on a credential offer
-   */
-  async retrievePreAuthorizedCodeAccessTokenFromOffer({
-    credentialOffer,
-    issuerMetadata,
-    additionalRequestPayload,
-    txCode,
-    dpop
-  }) {
-    if (!credentialOffer.grants?.[import_oauth219.preAuthorizedCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`The credential offer does not contain the '${import_oauth219.preAuthorizedCodeGrantIdentifier}' grant.`);
-    }
-    if (credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier].tx_code && !txCode) {
-      throw new import_oauth219.Oauth2Error(
-        `Retrieving access token requires a 'tx_code' in the request, but the 'txCode' parameter was not provided.`
-      );
-    }
-    const preAuthorizedCode = credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier]["pre-authorized_code"];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      grantAuthorizationServer: credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier].authorization_server,
-      issuerMetadata
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const result = await this.oauth2Client.retrievePreAuthorizedCodeAccessToken({
-      authorizationServerMetadata,
-      preAuthorizedCode,
-      txCode,
-      resource: issuerMetadata.credentialIssuer.credential_issuer,
-      additionalRequestPayload,
-      dpop
-    });
-    return {
-      ...result,
-      authorizationServer
-    };
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessTokenFrom}
-   * but specifically focused on a credential offer
-   */
-  async retrieveAuthorizationCodeAccessTokenFromOffer({
-    issuerMetadata,
-    additionalRequestPayload,
-    credentialOffer,
-    authorizationCode,
-    pkceCodeVerifier,
-    redirectUri,
-    dpop
-  }) {
-    if (!credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`The credential offer does not contain the '${import_oauth219.authorizationCodeGrantIdentifier}' grant.`);
-    }
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      grantAuthorizationServer: credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier].authorization_server,
-      issuerMetadata
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const result = await this.oauth2Client.retrieveAuthorizationCodeAccessToken({
-      authorizationServerMetadata,
-      authorizationCode,
-      pkceCodeVerifier,
-      additionalRequestPayload,
-      dpop,
-      redirectUri,
-      resource: issuerMetadata.credentialIssuer.credential_issuer
-    });
-    return {
-      ...result,
-      authorizationServer
-    };
-  }
-  /**
-   * Request a nonce to be used in credential request proofs from the `nonce_endpoint`
-   *
-   * @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
-   * @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
-   * @throws ValidationError - if validating the nonce response failed
-   */
-  async requestNonce(options) {
-    return requestNonce({
-      ...options,
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  /**
-   * Creates the jwt proof payload and header to be included in a credential request.
-   */
-  async createCredentialRequestJwtProof(options) {
-    const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
-    if (!credentialConfiguration) {
-      throw new Openid4vciError(
-        `Credential configuration with '${options.credentialConfigurationId}' not found in 'credential_configurations_supported' from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-      );
-    }
-    if (credentialConfiguration.proof_types_supported) {
-      if (!credentialConfiguration.proof_types_supported.jwt) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' does not support the 'jwt' proof type.`
-        );
-      }
-      if (!credentialConfiguration.proof_types_supported.jwt.proof_signing_alg_values_supported.includes(
-        options.signer.alg
-      )) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' does not support the '${options.signer.alg}' alg for 'jwt' proof type.`
-        );
-      }
-      if (credentialConfiguration.proof_types_supported.jwt.key_attestations_required && !options.keyAttestationJwt) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' requires key attestations for 'jwt' proof type but no 'keyAttestationJwt' was provided`
-        );
-      }
-    }
-    const jwt = await createCredentialRequestJwtProof({
-      credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-      signer: options.signer,
-      clientId: options.clientId,
-      issuedAt: options.issuedAt,
-      nonce: options.nonce,
-      keyAttestationJwt: options.keyAttestationJwt,
-      callbacks: this.options.callbacks
-    });
-    return {
-      jwt
-    };
-  }
-  /**
-   * @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-   * @throws ValidationError - if validation of the credential request failed
-   * @throws Openid4vciError - if the `credentialConfigurationId` couldn't be found, or if the the format specific request couldn't be constructed
-   */
-  async retrieveCredentials({
-    issuerMetadata,
-    proof,
-    proofs,
-    credentialConfigurationId,
-    additionalRequestPayload,
-    accessToken,
-    dpop
-  }) {
-    let credentialResponse;
-    if (issuerMetadata.originalDraftVersion === "Draft15" /* Draft15 */ || issuerMetadata.originalDraftVersion === "Draft16" /* Draft16 */) {
-      credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
-        accessToken,
-        credentialConfigurationId,
-        issuerMetadata,
-        additionalRequestPayload,
-        proof,
-        proofs,
-        callbacks: this.options.callbacks,
-        dpop
-      });
-    } else {
-      const formatPayload = getCredentialRequestFormatPayloadForCredentialConfigurationId({
-        credentialConfigurationId,
-        issuerMetadata
-      });
-      credentialResponse = await retrieveCredentialsWithFormat({
-        accessToken,
-        formatPayload,
-        issuerMetadata,
-        additionalRequestPayload,
-        proof,
-        proofs,
-        callbacks: this.options.callbacks,
-        dpop
-      });
-    }
-    if (!credentialResponse.ok) {
-      throw new Openid4vciRetrieveCredentialsError(
-        `Error retrieving credentials from '${issuerMetadata.credentialIssuer.credential_issuer}'`,
-        credentialResponse,
-        await credentialResponse.response.clone().text()
-      );
-    }
-    return credentialResponse;
-  }
-  /**
-   * @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-   * @throws ValidationError - if validation of the credential request failed
-   */
-  async retrieveDeferredCredentials(options) {
-    const credentialResponse = await retrieveDeferredCredentials({
-      ...options,
-      callbacks: this.options.callbacks
-    });
-    if (!credentialResponse.ok) {
-      throw new Openid4vciRetrieveCredentialsError(
-        `Error retrieving deferred credentials from '${options.issuerMetadata.credentialIssuer.credential_issuer}'`,
-        credentialResponse,
-        await credentialResponse.response.clone().text()
-      );
-    }
-    return credentialResponse;
-  }
-  /**
-   * @throws Openid4vciSendNotificationError - if an unsuccessful response
-   * @throws ValidationError - if validation of the notification request failed
-   */
-  async sendNotification({
-    issuerMetadata,
-    notification,
-    additionalRequestPayload,
-    accessToken,
-    dpop
-  }) {
-    const notificationResponse = await sendNotification({
-      accessToken,
-      issuerMetadata,
-      additionalRequestPayload,
-      callbacks: this.options.callbacks,
-      dpop,
-      notification
-    });
-    if (!notificationResponse.ok) {
-      throw new Openid4vciSendNotificationError(
-        `Error sending notification to '${issuerMetadata.credentialIssuer.credential_issuer}'`,
-        notificationResponse
-      );
-    }
-    return notificationResponse;
-  }
+	constructor(options) {
+		this.options = options;
+		this.oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
+	}
+	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
+		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
+	}
+	/**
+	* Resolve a credential offer into a credential offer object, handling both
+	* 'credential_offer' and 'credential_offer_uri' params.
+	*/
+	async resolveCredentialOffer(credentialOffer) {
+		return resolveCredentialOffer(credentialOffer, { fetch: this.options.callbacks.fetch });
+	}
+	async resolveIssuerMetadata(credentialIssuer) {
+		return resolveIssuerMetadata(credentialIssuer, { fetch: this.options.callbacks.fetch });
+	}
+	/**
+	* Retrieve an authorization code for a presentation during issuance session
+	*
+	* This can only be called if an authorization challenge was performed before and returned a
+	* `presentation` parameter along with an `auth_session`. If the presentation response included
+	* an `presentation_during_issuance_session` parameter it MUST be included in this request as well.
+	*/
+	async retrieveAuthorizationCodeUsingPresentation(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const { authorizationChallengeResponse, dpop } = await new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks }).sendAuthorizationChallengeRequest({
+			authorizationServerMetadata,
+			authSession: options.authSession,
+			presentationDuringIssuanceSession: options.presentationDuringIssuanceSession,
+			dpop: options.dpop
+		});
+		return {
+			authorizationChallengeResponse,
+			dpop
+		};
+	}
+	/**
+	* Initiates authorization for credential issuance. It handles the following cases:
+	* - Authorization Challenge
+	* - Pushed Authorization Request
+	* - Regular Authorization url
+	*
+	* In case the authorization challenge request returns an error with `insufficient_authorization`
+	* with a `presentation` field it means the authorization server expects presentation of credentials
+	* before issuance of credentials. If this is the case, the value in `presentation` should be treated
+	* as an openid4vp authorization request and submitted to the verifier. Once the presentation response
+	* has been submitted, the RP will respond with a `presentation_during_issuance_session` parameter.
+	* Together with the `auth_session` parameter returned in this call you can retrieve an `authorization_code`
+	* using
+	*/
+	async initiateAuthorization(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
+		try {
+			return {
+				...await oauth2Client.initiateAuthorization({
+					clientId: options.clientId,
+					pkceCodeVerifier: options.pkceCodeVerifier,
+					redirectUri: options.redirectUri,
+					scope: options.scope,
+					additionalRequestPayload: {
+						...options.additionalRequestPayload,
+						issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
+					},
+					dpop: options.dpop,
+					resource: options.issuerMetadata.credentialIssuer.credential_issuer,
+					authorizationServerMetadata
+				}),
+				authorizationFlow: AuthorizationFlow.Oauth2Redirect,
+				authorizationServer: authorizationServerMetadata.issuer
+			};
+		} catch (error) {
+			if (error instanceof __openid4vc_oauth2.Oauth2ClientAuthorizationChallengeError && error.errorResponse.error === __openid4vc_oauth2.Oauth2ErrorCodes.InsufficientAuthorization && error.errorResponse.presentation) {
+				if (!error.errorResponse.auth_session) throw new Openid4vciError(`Expected 'auth_session' to be defined with authorization challenge response error '${error.errorResponse.error}' and 'presentation' parameter`);
+				return {
+					authorizationFlow: AuthorizationFlow.PresentationDuringIssuance,
+					openid4vpRequestUrl: error.errorResponse.presentation,
+					authSession: error.errorResponse.auth_session,
+					authorizationServer: authorizationServerMetadata.issuer
+				};
+			}
+			throw error;
+		}
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.createAuthorizationRequestUrl}
+	* but specifically focused on a credential offer
+	*/
+	async createAuthorizationRequestUrlFromOffer(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const { authorizationRequestUrl, pkce, dpop } = await this.oauth2Client.createAuthorizationRequestUrl({
+			authorizationServerMetadata,
+			clientId: options.clientId,
+			additionalRequestPayload: {
+				...options.additionalRequestPayload,
+				issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
+			},
+			resource: options.issuerMetadata.credentialIssuer.credential_issuer,
+			redirectUri: options.redirectUri,
+			scope: options.scope,
+			pkceCodeVerifier: options.pkceCodeVerifier,
+			dpop: options.dpop
+		});
+		return {
+			authorizationRequestUrl,
+			pkce,
+			dpop,
+			authorizationServer: authorizationServerMetadata.issuer
+		};
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.retrievePreAuthorizedCodeAccessToken}
+	* but specifically focused on a credential offer
+	*/
+	async retrievePreAuthorizedCodeAccessTokenFromOffer({ credentialOffer, issuerMetadata, additionalRequestPayload, txCode, dpop }) {
+		if (!credentialOffer.grants?.[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier}' grant.`);
+		if (credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code && !txCode) throw new __openid4vc_oauth2.Oauth2Error(`Retrieving access token requires a 'tx_code' in the request, but the 'txCode' parameter was not provided.`);
+		const preAuthorizedCode = credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]["pre-authorized_code"];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].authorization_server,
+			issuerMetadata
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
+		return {
+			...await this.oauth2Client.retrievePreAuthorizedCodeAccessToken({
+				authorizationServerMetadata,
+				preAuthorizedCode,
+				txCode,
+				resource: issuerMetadata.credentialIssuer.credential_issuer,
+				additionalRequestPayload,
+				dpop
+			}),
+			authorizationServer
+		};
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessTokenFrom}
+	* but specifically focused on a credential offer
+	*/
+	async retrieveAuthorizationCodeAccessTokenFromOffer({ issuerMetadata, additionalRequestPayload, credentialOffer, authorizationCode, pkceCodeVerifier, redirectUri, dpop }) {
+		if (!credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.authorizationCodeGrantIdentifier}' grant.`);
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier].authorization_server,
+			issuerMetadata
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
+		return {
+			...await this.oauth2Client.retrieveAuthorizationCodeAccessToken({
+				authorizationServerMetadata,
+				authorizationCode,
+				pkceCodeVerifier,
+				additionalRequestPayload,
+				dpop,
+				redirectUri,
+				resource: issuerMetadata.credentialIssuer.credential_issuer
+			}),
+			authorizationServer
+		};
+	}
+	/**
+	* Request a nonce to be used in credential request proofs from the `nonce_endpoint`
+	*
+	* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
+	* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
+	* @throws ValidationError - if validating the nonce response failed
+	*/
+	async requestNonce(options) {
+		return requestNonce({
+			...options,
+			fetch: this.options.callbacks.fetch
+		});
+	}
+	/**
+	* Creates the jwt proof payload and header to be included in a credential request.
+	*/
+	async createCredentialRequestJwtProof(options) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
+		if (!credentialConfiguration) throw new Openid4vciError(`Credential configuration with '${options.credentialConfigurationId}' not found in 'credential_configurations_supported' from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		if (credentialConfiguration.proof_types_supported) {
+			if (!credentialConfiguration.proof_types_supported.jwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the 'jwt' proof type.`);
+			if (!credentialConfiguration.proof_types_supported.jwt.proof_signing_alg_values_supported.includes(options.signer.alg)) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the '${options.signer.alg}' alg for 'jwt' proof type.`);
+			if (credentialConfiguration.proof_types_supported.jwt.key_attestations_required && !options.keyAttestationJwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' requires key attestations for 'jwt' proof type but no 'keyAttestationJwt' was provided`);
+		}
+		return { jwt: await createCredentialRequestJwtProof({
+			credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+			signer: options.signer,
+			clientId: options.clientId,
+			issuedAt: options.issuedAt,
+			nonce: options.nonce,
+			keyAttestationJwt: options.keyAttestationJwt,
+			callbacks: this.options.callbacks
+		}) };
+	}
+	/**
+	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
+	* @throws ValidationError - if validation of the credential request failed
+	* @throws Openid4vciError - if the `credentialConfigurationId` couldn't be found, or if the the format specific request couldn't be constructed
+	*/
+	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
+		let credentialResponse;
+		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
+			accessToken,
+			credentialConfigurationId,
+			issuerMetadata,
+			additionalRequestPayload,
+			proof,
+			proofs,
+			callbacks: this.options.callbacks,
+			dpop
+		});
+		else credentialResponse = await retrieveCredentialsWithFormat({
+			accessToken,
+			formatPayload: getCredentialRequestFormatPayloadForCredentialConfigurationId({
+				credentialConfigurationId,
+				issuerMetadata
+			}),
+			issuerMetadata,
+			additionalRequestPayload,
+			proof,
+			proofs,
+			callbacks: this.options.callbacks,
+			dpop
+		});
+		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving credentials from '${issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
+		return credentialResponse;
+	}
+	/**
+	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
+	* @throws ValidationError - if validation of the credential request failed
+	*/
+	async retrieveDeferredCredentials(options) {
+		const credentialResponse = await retrieveDeferredCredentials({
+			...options,
+			callbacks: this.options.callbacks
+		});
+		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving deferred credentials from '${options.issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
+		return credentialResponse;
+	}
+	/**
+	* @throws Openid4vciSendNotificationError - if an unsuccessful response
+	* @throws ValidationError - if validation of the notification request failed
+	*/
+	async sendNotification({ issuerMetadata, notification, additionalRequestPayload, accessToken, dpop }) {
+		const notificationResponse = await sendNotification({
+			accessToken,
+			issuerMetadata,
+			additionalRequestPayload,
+			callbacks: this.options.callbacks,
+			dpop,
+			notification
+		});
+		if (!notificationResponse.ok) throw new Openid4vciSendNotificationError(`Error sending notification to '${issuerMetadata.credentialIssuer.credential_issuer}'`, notificationResponse);
+		return notificationResponse;
+	}
 };
-// src/Openid4vciIssuer.ts
-var import_oauth220 = require("@openid4vc/oauth2");
-var import_utils21 = require("@openid4vc/utils");
-// src/credential-request/credential-response.ts
-var import_utils18 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/credential-response.ts
 function createCredentialResponse(options) {
-  return (0, import_utils18.parseWithErrorHandling)(zCredentialResponse, {
-    c_nonce: options.cNonce,
-    c_nonce_expires_in: options.cNonceExpiresInSeconds,
-    credential: options.credential,
-    credentials: options.credentials,
-    notification_id: options.notificationId,
-    transaction_id: options.transactionId,
-    interval: options.interval,
-    // NOTE `format` is removed in draft 13. For now if a format was requested
-    // we just always return it in the response as well.
-    format: options.credentialRequest.format?.format,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialResponse, {
+		c_nonce: options.cNonce,
+		c_nonce_expires_in: options.cNonceExpiresInSeconds,
+		credential: options.credential,
+		credentials: options.credentials,
+		notification_id: options.notificationId,
+		transaction_id: options.transactionId,
+		interval: options.interval,
+		format: options.credentialRequest.format?.format,
+		...options.additionalPayload
+	});
 }
 function createDeferredCredentialResponse(options) {
-  return (0, import_utils18.parseWithErrorHandling)(zDeferredCredentialResponse, {
-    credentials: options.credentials,
-    notification_id: options.notificationId,
-    interval: options.interval,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialResponse, {
+		credentials: options.credentials,
+		notification_id: options.notificationId,
+		interval: options.interval,
+		...options.additionalPayload
+	});
 }
-// src/credential-request/parse-credential-request.ts
-var import_utils19 = require("@openid4vc/utils");
-var import_zod22 = __toESM(require("zod"));
+//#endregion
+//#region src/credential-request/parse-credential-request.ts
 function parseCredentialRequest(options) {
-  const credentialRequest = (0, import_utils19.parseWithErrorHandling)(
-    zCredentialRequest,
-    options.credentialRequest,
-    "Error validating credential request"
-  );
-  let proofs = void 0;
-  const knownProofs = zCredentialRequestProofs.strict().safeParse(credentialRequest.proofs);
-  if (knownProofs.success) {
-    proofs = knownProofs.data;
-  }
-  const knownProof = import_zod22.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
-  if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) {
-    proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
-  } else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) {
-    proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
-  }
-  if (credentialRequest.credential_configuration_id) {
-    getCredentialConfigurationSupportedById(
-      options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-      credentialRequest.credential_configuration_id
-    );
-    const credentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(
-      options.issuerMetadata.credentialIssuer.credential_configurations_supported
-    );
-    return {
-      credentialConfiguration: credentialConfigurations[credentialRequest.credential_configuration_id],
-      credentialConfigurationId: credentialRequest.credential_configuration_id,
-      credentialRequest,
-      proofs
-    };
-  }
-  if (credentialRequest.credential_identifier) {
-    return {
-      credentialIdentifier: credentialRequest.credential_identifier,
-      credentialRequest,
-      proofs
-    };
-  }
-  if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(
-    credentialRequest.format
-  )) {
-    return {
-      // Removes all claims that are not specific to this format
-      format: (0, import_utils19.parseWithErrorHandling)(
-        import_zod22.default.union(allCredentialRequestFormats),
-        credentialRequest,
-        "Unable to validate format specific properties from credential request"
-      ),
-      credentialRequest,
-      proofs
-    };
-  }
-  return {
-    credentialRequest,
-    proofs
-  };
+	const credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
+	let proofs;
+	const knownProofs = zCredentialRequestProofs.strict().safeParse(credentialRequest.proofs);
+	if (knownProofs.success) proofs = knownProofs.data;
+	const knownProof = zod.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
+	if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
+	else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
+	if (credentialRequest.credential_configuration_id) {
+		getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, credentialRequest.credential_configuration_id);
+		return {
+			credentialConfiguration: extractKnownCredentialConfigurationSupportedFormats(options.issuerMetadata.credentialIssuer.credential_configurations_supported)[credentialRequest.credential_configuration_id],
+			credentialConfigurationId: credentialRequest.credential_configuration_id,
+			credentialRequest,
+			proofs
+		};
+	}
+	if (credentialRequest.credential_identifier) return {
+		credentialIdentifier: credentialRequest.credential_identifier,
+		credentialRequest,
+		proofs
+	};
+	if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(credentialRequest.format)) return {
+		format: (0, __openid4vc_utils.parseWithErrorHandling)(zod.default.union(allCredentialRequestFormats), credentialRequest, "Unable to validate format specific properties from credential request"),
+		credentialRequest,
+		proofs
+	};
+	return {
+		credentialRequest,
+		proofs
+	};
 }
-// src/credential-request/parse-deferred-credential-request.ts
-var import_utils20 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/parse-deferred-credential-request.ts
 function parseDeferredCredentialRequest(options) {
-  const deferredCredentialRequest = (0, import_utils20.parseWithErrorHandling)(
-    zDeferredCredentialRequest,
-    options.deferredCredentialRequest,
-    "Error validating credential request"
-  );
-  return {
-    deferredCredentialRequest
-  };
+	return { deferredCredentialRequest: (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, options.deferredCredentialRequest, "Error validating credential request") };
 }
-// src/formats/proof-type/attestation/attestation-proof-type.ts
+//#endregion
+//#region src/formats/proof-type/attestation/attestation-proof-type.ts
 async function verifyCredentialRequestAttestationProof(options) {
-  const verificationResult = await verifyKeyAttestationJwt({
-    ...options,
-    use: "proof_type.attestation"
-  });
-  return verificationResult;
+	return await verifyKeyAttestationJwt({
+		...options,
+		use: "proof_type.attestation"
+	});
 }
-// src/Openid4vciIssuer.ts
+//#endregion
+//#region src/Openid4vciIssuer.ts
 var Openid4vciIssuer = class {
-  constructor(options) {
-    this.options = options;
-  }
-  getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
-    return (0, import_utils21.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
-  }
-  getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-    return extractKnownCredentialConfigurationSupportedFormats(
-      credentialIssuerMetadata.credential_configurations_supported
-    );
-  }
-  /**
-   * Create issuer metadata and validates the structure is correct
-   */
-  createCredentialIssuerMetadata(credentialIssuerMetadata) {
-    return (0, import_utils21.parseWithErrorHandling)(
-      zCredentialIssuerMetadata,
-      credentialIssuerMetadata,
-      "Error validating credential issuer metadata"
-    );
-  }
-  async createCredentialOffer(options) {
-    return createCredentialOffer({
-      callbacks: this.options.callbacks,
-      credentialConfigurationIds: options.credentialConfigurationIds,
-      grants: options.grants,
-      issuerMetadata: options.issuerMetadata,
-      additionalPayload: options.additionalPayload,
-      credentialOfferScheme: options.credentialOfferScheme,
-      credentialOfferUri: options.credentialOfferUri
-    });
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - if verification of the jwt failed. You can extract
-   *  the credential error response from this.
-   */
-  async verifyCredentialRequestJwtProof(options) {
-    try {
-      return await verifyCredentialRequestJwtProof({
-        callbacks: this.options.callbacks,
-        credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-        expectedNonce: options.expectedNonce,
-        nonceExpiresAt: options.nonceExpiresAt,
-        jwt: options.jwt,
-        clientId: options.clientId,
-        now: options.now
-      });
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidProof,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_oauth220.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof jwt",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - if verification of the key attestation failed. You can extract
-   *  the credential error response from this.
-   */
-  async verifyCredentialRequestAttestationProof(options) {
-    try {
-      return await verifyCredentialRequestAttestationProof({
-        callbacks: this.options.callbacks,
-        expectedNonce: options.expectedNonce,
-        keyAttestationJwt: options.keyAttestationJwt,
-        nonceExpiresAt: options.nonceExpiresAt,
-        now: options.now
-      });
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidProof,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_oauth220.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof attestation",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
-   *  You can extract the credential error response from this.
-   */
-  parseCredentialRequest(options) {
-    try {
-      return parseCredentialRequest(options);
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidCredentialRequest,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_utils21.ValidationError ? error.message : "Invalid request"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof jwt",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - when validation of the deferred credential request fails
-   */
-  parseDeferredCredentialRequest(options) {
-    try {
-      return parseDeferredCredentialRequest(options);
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidCredentialRequest,
-          error_description: error instanceof import_utils21.ValidationError ? error.message : "Invalid request"
-        },
-        {
-          internalMessage: "Error parsing deferred credential request",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws ValidationError - when validation of the credential response fails
-   */
-  createCredentialResponse(options) {
-    return createCredentialResponse(options);
-  }
-  /**
-   * @throws ValidationError - when validation of the credential response fails
-   */
-  createDeferredCredentialResponse(options) {
-    return createDeferredCredentialResponse(options);
-  }
-  /**
-   * @throws ValidationError - when validation of the nonce response fails
-   */
-  createNonceResponse(options) {
-    return createNonceResponse(options);
-  }
-  async verifyWalletAttestation(options) {
-    return new import_oauth220.Oauth2AuthorizationServer({
-      callbacks: this.options.callbacks
-    }).verifyClientAttestation(options);
-  }
+	constructor(options) {
+		this.options = options;
+	}
+	getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
+		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
+	}
+	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
+		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
+	}
+	/**
+	* Create issuer metadata and validates the structure is correct
+	*/
+	createCredentialIssuerMetadata(credentialIssuerMetadata) {
+		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadata, credentialIssuerMetadata, "Error validating credential issuer metadata");
+	}
+	async createCredentialOffer(options) {
+		return createCredentialOffer({
+			callbacks: this.options.callbacks,
+			credentialConfigurationIds: options.credentialConfigurationIds,
+			grants: options.grants,
+			issuerMetadata: options.issuerMetadata,
+			additionalPayload: options.additionalPayload,
+			credentialOfferScheme: options.credentialOfferScheme,
+			credentialOfferUri: options.credentialOfferUri
+		});
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - if verification of the jwt failed. You can extract
+	*  the credential error response from this.
+	*/
+	async verifyCredentialRequestJwtProof(options) {
+		try {
+			return await verifyCredentialRequestJwtProof({
+				callbacks: this.options.callbacks,
+				credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+				expectedNonce: options.expectedNonce,
+				nonceExpiresAt: options.nonceExpiresAt,
+				jwt: options.jwt,
+				clientId: options.clientId,
+				now: options.now
+			});
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
+				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
+			}, {
+				internalMessage: "Error verifying credential request proof jwt",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - if verification of the key attestation failed. You can extract
+	*  the credential error response from this.
+	*/
+	async verifyCredentialRequestAttestationProof(options) {
+		try {
+			return await verifyCredentialRequestAttestationProof({
+				callbacks: this.options.callbacks,
+				expectedNonce: options.expectedNonce,
+				keyAttestationJwt: options.keyAttestationJwt,
+				nonceExpiresAt: options.nonceExpiresAt,
+				now: options.now
+			});
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
+				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
+			}, {
+				internalMessage: "Error verifying credential request proof attestation",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
+	*  You can extract the credential error response from this.
+	*/
+	parseCredentialRequest(options) {
+		try {
+			return parseCredentialRequest(options);
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
+				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
+			}, {
+				internalMessage: "Error verifying credential request proof jwt",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - when validation of the deferred credential request fails
+	*/
+	parseDeferredCredentialRequest(options) {
+		try {
+			return parseDeferredCredentialRequest(options);
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
+				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
+			}, {
+				internalMessage: "Error parsing deferred credential request",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws ValidationError - when validation of the credential response fails
+	*/
+	createCredentialResponse(options) {
+		return createCredentialResponse(options);
+	}
+	/**
+	* @throws ValidationError - when validation of the credential response fails
+	*/
+	createDeferredCredentialResponse(options) {
+		return createDeferredCredentialResponse(options);
+	}
+	/**
+	* @throws ValidationError - when validation of the nonce response fails
+	*/
+	createNonceResponse(options) {
+		return createNonceResponse(options);
+	}
+	async verifyWalletAttestation(options) {
+		return new __openid4vc_oauth2.Oauth2AuthorizationServer({ callbacks: this.options.callbacks }).verifyClientAttestation(options);
+	}
 };
-// src/Openid4vciWalletProvider.ts
-var import_oauth221 = require("@openid4vc/oauth2");
+//#endregion
+//#region src/Openid4vciWalletProvider.ts
 var Openid4vciWalletProvider = class {
-  constructor(options) {
-    this.options = options;
-  }
-  async createWalletAttestationJwt(options) {
-    const additionalPayload = options.additionalPayload ? {
-      wallet_name: options.walletName,
-      wallet_link: options.walletLink,
-      ...options.additionalPayload
-    } : {
-      wallet_name: options.walletName,
-      wallet_link: options.walletLink
-    };
-    return await (0, import_oauth221.createClientAttestationJwt)({
-      ...options,
-      callbacks: this.options.callbacks,
-      additionalPayload
-    });
+	constructor(options) {
+		this.options = options;
+	}
+	async createWalletAttestationJwt(options) {
+		const additionalPayload = options.additionalPayload ? {
+			wallet_name: options.walletName,
+			wallet_link: options.walletLink,
+			...options.additionalPayload
+		} : {
+			wallet_name: options.walletName,
+			wallet_link: options.walletLink
+		};
+		return await (0, __openid4vc_oauth2.createClientAttestationJwt)({
+			...options,
+			callbacks: this.options.callbacks,
+			additionalPayload
+		});
+	}
+	async createKeyAttestationJwt(options) {
+		return await createKeyAttestationJwt({
+			callbacks: this.options.callbacks,
+			...options
+		});
+	}
+};
+//#endregion
+exports.AuthorizationFlow = AuthorizationFlow;
+exports.Openid4vciClient = Openid4vciClient;
+exports.Openid4vciDraftVersion = Openid4vciDraftVersion;
+exports.Openid4vciError = Openid4vciError;
+exports.Openid4vciIssuer = Openid4vciIssuer;
+exports.Openid4vciRetrieveCredentialsError = Openid4vciRetrieveCredentialsError;
+exports.Openid4vciSendNotificationError = Openid4vciSendNotificationError;
+exports.Openid4vciWalletProvider = Openid4vciWalletProvider;
+exports.createKeyAttestationJwt = createKeyAttestationJwt;
+exports.credentialsSupportedToCredentialConfigurationsSupported = credentialsSupportedToCredentialConfigurationsSupported;
+exports.determineAuthorizationServerForCredentialOffer = determineAuthorizationServerForCredentialOffer;
+exports.extractScopesForCredentialConfigurationIds = extractScopesForCredentialConfigurationIds;
+exports.getCredentialConfigurationsMatchingRequestFormat = getCredentialConfigurationsMatchingRequestFormat;
+Object.defineProperty(exports, 'getGlobalConfig', {
+  enumerable: true,
+  get: function () {
+    return __openid4vc_utils.getGlobalConfig;
   }
-  async createKeyAttestationJwt(options) {
-    return await createKeyAttestationJwt({
-      callbacks: this.options.callbacks,
-      ...options
-    });
+});
+exports.parseKeyAttestationJwt = parseKeyAttestationJwt;
+Object.defineProperty(exports, 'setGlobalConfig', {
+  enumerable: true,
+  get: function () {
+    return __openid4vc_utils.setGlobalConfig;
   }
-};
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  AuthorizationFlow,
-  Openid4vciClient,
-  Openid4vciDraftVersion,
-  Openid4vciError,
-  Openid4vciIssuer,
-  Openid4vciRetrieveCredentialsError,
-  Openid4vciSendNotificationError,
-  Openid4vciWalletProvider,
-  createKeyAttestationJwt,
-  credentialsSupportedToCredentialConfigurationsSupported,
-  determineAuthorizationServerForCredentialOffer,
-  extractScopesForCredentialConfigurationIds,
-  getCredentialConfigurationsMatchingRequestFormat,
-  getGlobalConfig,
-  parseKeyAttestationJwt,
-  setGlobalConfig,
-  verifyKeyAttestationJwt
 });
+exports.verifyKeyAttestationJwt = verifyKeyAttestationJwt;
 //# sourceMappingURL=index.js.map