@openid4vc/openid4vci 0.3.0-alpha-20251001121503 → 0.3.0-alpha-20251017092354

package/dist/index.js

@@ -1,2642 +1,2011 @@
-"use strict";
+//#region rolldown:runtime
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
 var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+		key = keys[i];
+		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
+			get: ((k) => from[k]).bind(null, key),
+			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+		});
+	}
+	return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
 
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  AuthorizationFlow: () => AuthorizationFlow,
-  Openid4vciClient: () => Openid4vciClient,
-  Openid4vciDraftVersion: () => Openid4vciDraftVersion,
-  Openid4vciError: () => Openid4vciError,
-  Openid4vciIssuer: () => Openid4vciIssuer,
-  Openid4vciRetrieveCredentialsError: () => Openid4vciRetrieveCredentialsError,
-  Openid4vciSendNotificationError: () => Openid4vciSendNotificationError,
-  Openid4vciWalletProvider: () => Openid4vciWalletProvider,
-  createKeyAttestationJwt: () => createKeyAttestationJwt,
-  credentialsSupportedToCredentialConfigurationsSupported: () => credentialsSupportedToCredentialConfigurationsSupported,
-  determineAuthorizationServerForCredentialOffer: () => determineAuthorizationServerForCredentialOffer,
-  extractScopesForCredentialConfigurationIds: () => extractScopesForCredentialConfigurationIds,
-  getCredentialConfigurationsMatchingRequestFormat: () => getCredentialConfigurationsMatchingRequestFormat,
-  getGlobalConfig: () => import_utils22.getGlobalConfig,
-  parseKeyAttestationJwt: () => parseKeyAttestationJwt,
-  setGlobalConfig: () => import_utils22.setGlobalConfig,
-  verifyKeyAttestationJwt: () => verifyKeyAttestationJwt
-});
-module.exports = __toCommonJS(index_exports);
+//#endregion
+let __openid4vc_utils = require("@openid4vc/utils");
+__openid4vc_utils = __toESM(__openid4vc_utils);
+let __openid4vc_oauth2 = require("@openid4vc/oauth2");
+__openid4vc_oauth2 = __toESM(__openid4vc_oauth2);
+let zod = require("zod");
+zod = __toESM(zod);
 
-// src/credential-offer/credential-offer.ts
-var import_oauth22 = require("@openid4vc/oauth2");
-var import_utils2 = require("@openid4vc/utils");
+//#region src/version.ts
+let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
+	Openid4vciDraftVersion$1["Draft16"] = "Draft16";
+	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
+	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
+	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
+	return Openid4vciDraftVersion$1;
+}({});
 
-// src/version.ts
-var Openid4vciDraftVersion = /* @__PURE__ */ ((Openid4vciDraftVersion2) => {
-  Openid4vciDraftVersion2["Draft16"] = "Draft16";
-  Openid4vciDraftVersion2["Draft15"] = "Draft15";
-  Openid4vciDraftVersion2["Draft14"] = "Draft14";
-  Openid4vciDraftVersion2["Draft11"] = "Draft11";
-  return Openid4vciDraftVersion2;
-})(Openid4vciDraftVersion || {});
-
-// src/credential-offer/z-credential-offer.ts
-var import_oauth2 = require("@openid4vc/oauth2");
-var import_utils = require("@openid4vc/utils");
-var import_zod = __toESM(require("zod"));
-var zTxCode = import_zod.default.object({
-  input_mode: import_zod.default.union([import_zod.default.literal("numeric"), import_zod.default.literal("text")]).optional(),
-  length: import_zod.default.number().int().optional(),
-  description: import_zod.default.string().max(300).optional()
+//#endregion
+//#region src/credential-offer/z-credential-offer.ts
+const zTxCode = zod.default.object({
+	input_mode: zod.default.union([zod.default.literal("numeric"), zod.default.literal("text")]).optional(),
+	length: zod.default.number().int().optional(),
+	description: zod.default.string().max(300).optional()
 }).passthrough();
-var zCredentialOfferGrants = import_zod.default.object({
-  authorization_code: import_zod.default.object({
-    issuer_state: import_zod.default.string().optional(),
-    authorization_server: import_utils.zHttpsUrl.optional()
-  }).passthrough().optional(),
-  [import_oauth2.preAuthorizedCodeGrantIdentifier]: import_zod.default.object({
-    "pre-authorized_code": import_zod.default.string(),
-    tx_code: zTxCode.optional(),
-    authorization_server: import_utils.zHttpsUrl.optional()
-  }).passthrough().optional()
+const zCredentialOfferGrants = zod.default.object({
+	authorization_code: zod.default.object({
+		issuer_state: zod.default.string().optional(),
+		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
+	}).passthrough().optional(),
+	[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
+		"pre-authorized_code": zod.default.string(),
+		tx_code: zTxCode.optional(),
+		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
+	}).passthrough().optional()
 }).passthrough();
-var zCredentialOfferObjectDraft14 = import_zod.default.object({
-  credential_issuer: import_utils.zHttpsUrl,
-  credential_configuration_ids: import_zod.default.array(import_zod.default.string()),
-  grants: import_zod.default.optional(zCredentialOfferGrants)
+const zCredentialOfferObjectDraft14 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	credential_configuration_ids: zod.default.array(zod.default.string()),
+	grants: zod.default.optional(zCredentialOfferGrants)
 }).passthrough();
-var zCredentialOfferObjectDraft11To14 = import_zod.default.object({
-  credential_issuer: import_utils.zHttpsUrl,
-  // We don't support the inline offer objects from draft 11
-  credentials: import_zod.default.array(
-    import_zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })
-  ),
-  grants: import_zod.default.optional(
-    import_zod.default.object({
-      // Has extra param in draft 14, but doesn't matter for transform purposes
-      authorization_code: zCredentialOfferGrants.shape.authorization_code,
-      [import_oauth2.preAuthorizedCodeGrantIdentifier]: import_zod.default.object({
-        "pre-authorized_code": import_zod.default.string(),
-        user_pin_required: import_zod.default.optional(import_zod.default.boolean())
-      }).passthrough().optional()
-    })
-  )
-}).passthrough().transform(({ credentials, grants, ...rest }) => {
-  const v14 = {
-    ...rest,
-    credential_configuration_ids: credentials
-  };
-  if (grants) {
-    v14.grants = { ...grants };
-    if (grants[import_oauth2.preAuthorizedCodeGrantIdentifier]) {
-      const { user_pin_required, ...restGrants } = grants[import_oauth2.preAuthorizedCodeGrantIdentifier];
-      v14.grants[import_oauth2.preAuthorizedCodeGrantIdentifier] = {
-        ...restGrants
-      };
-      if (user_pin_required) {
-        v14.grants[import_oauth2.preAuthorizedCodeGrantIdentifier].tx_code = {
-          input_mode: "text"
-        };
-      }
-    }
-  }
-  return v14;
+const zCredentialOfferObjectDraft11To14 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	credentials: zod.default.array(zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })),
+	grants: zod.default.optional(zod.default.object({
+		authorization_code: zCredentialOfferGrants.shape.authorization_code,
+		[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
+			"pre-authorized_code": zod.default.string(),
+			user_pin_required: zod.default.optional(zod.default.boolean())
+		}).passthrough().optional()
+	}))
+}).passthrough().transform(({ credentials, grants,...rest }) => {
+	const v14 = {
+		...rest,
+		credential_configuration_ids: credentials
+	};
+	if (grants) {
+		v14.grants = { ...grants };
+		if (grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) {
+			const { user_pin_required,...restGrants } = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier];
+			v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = { ...restGrants };
+			if (user_pin_required) v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code = { input_mode: "text" };
+		}
+	}
+	return v14;
 }).pipe(zCredentialOfferObjectDraft14);
-var zCredentialOfferObject = import_zod.default.union([
-  // First prioritize draft 14 (and 13)
-  zCredentialOfferObjectDraft14,
-  // Then try parsing draft 11 and transform into draft 14
-  zCredentialOfferObjectDraft11To14
-]);
+const zCredentialOfferObject = zod.default.union([zCredentialOfferObjectDraft14, zCredentialOfferObjectDraft11To14]);
 
-// src/credential-offer/credential-offer.ts
+//#endregion
+//#region src/credential-offer/credential-offer.ts
+/**
+* Resolve a credential offer, optionally fetching it if the credential_offer_uri is provided.
+*/
 async function resolveCredentialOffer(credentialOffer, options) {
-  const parsedQueryParams = (0, import_utils2.getQueryParams)(credentialOffer);
-  let credentialOfferParseResult;
-  if (parsedQueryParams.credential_offer_uri) {
-    const fetchWithZod = (0, import_utils2.createZodFetcher)(options?.fetch);
-    const { response, result } = await fetchWithZod(
-      zCredentialOfferObject,
-      import_utils2.ContentType.Json,
-      parsedQueryParams.credential_offer_uri
-    );
-    if (!response.ok || !result) {
-      throw new import_oauth22.InvalidFetchResponseError(
-        `Fetching credential offer from '${parsedQueryParams.credential_offer_uri}' resulted in an unsuccessful response with status '${response.status}'`,
-        await response.clone().text(),
-        response
-      );
-    }
-    credentialOfferParseResult = result;
-  } else if (parsedQueryParams.credential_offer) {
-    let credentialOfferJson;
-    try {
-      credentialOfferJson = JSON.parse(decodeURIComponent(parsedQueryParams.credential_offer));
-    } catch (error) {
-      throw new import_oauth22.Oauth2Error(`Error parsing JSON from 'credential_offer' param in credential offer '${credentialOffer}'`);
-    }
-    credentialOfferParseResult = zCredentialOfferObject.safeParse(credentialOfferJson);
-  } else {
-    throw new import_oauth22.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
-  }
-  if (credentialOfferParseResult.error) {
-    throw new import_utils2.ValidationError(
-      `Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`,
-      credentialOfferParseResult.error
-    );
-  }
-  return credentialOfferParseResult.data;
+	const parsedQueryParams = (0, __openid4vc_utils.getQueryParams)(credentialOffer);
+	let credentialOfferParseResult;
+	if (parsedQueryParams.credential_offer_uri) {
+		const { response, result } = await (0, __openid4vc_utils.createZodFetcher)(options?.fetch)(zCredentialOfferObject, __openid4vc_utils.ContentType.Json, parsedQueryParams.credential_offer_uri);
+		if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Fetching credential offer from '${parsedQueryParams.credential_offer_uri}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
+		credentialOfferParseResult = result;
+	} else if (parsedQueryParams.credential_offer) {
+		let credentialOfferJson;
+		try {
+			credentialOfferJson = JSON.parse(decodeURIComponent(parsedQueryParams.credential_offer));
+		} catch (_error) {
+			throw new __openid4vc_oauth2.Oauth2Error(`Error parsing JSON from 'credential_offer' param in credential offer '${credentialOffer}'`);
+		}
+		credentialOfferParseResult = zCredentialOfferObject.safeParse(credentialOfferJson);
+	} else throw new __openid4vc_oauth2.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
+	if (credentialOfferParseResult.error) throw new __openid4vc_utils.ValidationError(`Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`, credentialOfferParseResult.error);
+	return credentialOfferParseResult.data;
 }
 function determineAuthorizationServerForCredentialOffer(options) {
-  const authorizationServers = options.issuerMetadata.credentialIssuer.authorization_servers;
-  let authorizationServer;
-  if (options.grantAuthorizationServer) {
-    authorizationServer = options.grantAuthorizationServer;
-    if (!authorizationServers) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not have an 'authorization_servers' property to match the value against.`
-      );
-    }
-    if (!authorizationServers.includes(authorizationServer)) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not include this authorization server. Available 'authorization_server' values are ${authorizationServers.join(", ")}.`
-      );
-    }
-  } else if (!authorizationServers) {
-    authorizationServer = options.issuerMetadata.credentialIssuer.credential_issuer;
-  } else {
-    if (authorizationServers.length === 0) {
-      throw new import_oauth22.Oauth2Error(`Credential issuer metadata has 'authorization_servers' value with length of 0`);
-    }
-    if (authorizationServers.length > 1) {
-      throw new import_oauth22.Oauth2Error(
-        `Credential issuer metadata has 'authorization_server' with multiple entries, but the credential offer grant did not specify which authorization server to use.`
-      );
-    }
-    authorizationServer = authorizationServers[0];
-  }
-  return authorizationServer;
+	const authorizationServers = options.issuerMetadata.credentialIssuer.authorization_servers;
+	let authorizationServer;
+	if (options.grantAuthorizationServer) {
+		authorizationServer = options.grantAuthorizationServer;
+		if (!authorizationServers) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not have an 'authorization_servers' property to match the value against.`);
+		if (!authorizationServers.includes(authorizationServer)) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not include this authorization server. Available 'authorization_server' values are ${authorizationServers.join(", ")}.`);
+	} else if (!authorizationServers) authorizationServer = options.issuerMetadata.credentialIssuer.credential_issuer;
+	else {
+		if (authorizationServers.length === 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_servers' value with length of 0`);
+		if (authorizationServers.length > 1) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_server' with multiple entries, but the credential offer grant did not specify which authorization server to use.`);
+		authorizationServer = authorizationServers[0];
+	}
+	return authorizationServer;
 }
 async function createCredentialOffer(options) {
-  const {
-    [import_oauth22.preAuthorizedCodeGrantIdentifier]: preAuthorizedCodeGrant,
-    [import_oauth22.authorizationCodeGrantIdentifier]: authorizationCodeGrant,
-    ...restGrants
-  } = options.grants;
-  const grants = { ...restGrants };
-  if (authorizationCodeGrant) {
-    determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    grants[import_oauth22.authorizationCodeGrantIdentifier] = authorizationCodeGrant;
-  }
-  if (preAuthorizedCodeGrant) {
-    determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: preAuthorizedCodeGrant.authorization_server
-    });
-    grants[import_oauth22.preAuthorizedCodeGrantIdentifier] = {
-      ...preAuthorizedCodeGrant,
-      "pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, import_utils2.encodeToBase64Url)(await options.callbacks.generateRandom(32))
-    };
-    const txCode = grants[import_oauth22.preAuthorizedCodeGrantIdentifier].tx_code;
-    if (txCode && options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-      grants[import_oauth22.preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
-    }
-  }
-  const idsNotInMetadata = options.credentialConfigurationIds.filter(
-    (id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0
-  );
-  if (idsNotInMetadata.length > 0) {
-    throw new import_oauth22.Oauth2Error(
-      `Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`
-    );
-  }
-  const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
-  const credentialOfferObject = (0, import_utils2.parseWithErrorHandling)(zCredentialOfferObject, {
-    credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-    credential_configuration_ids: options.credentialConfigurationIds,
-    grants,
-    ...options.additionalPayload
-  });
-  if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-    credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
-  }
-  const url = new import_utils2.URL(credentialOfferScheme);
-  url.search = `?${new import_utils2.URLSearchParams([
-    ...url.searchParams.entries(),
-    ...(0, import_utils2.objectToQueryParams)({
-      credential_offer_uri: options.credentialOfferUri,
-      // Only add credential_offer is uri is undefined
-      credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
-    }).entries()
-  ]).toString()}`;
-  return {
-    credentialOffer: url.toString(),
-    credentialOfferObject
-  };
+	const { [__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: preAuthorizedCodeGrant, [__openid4vc_oauth2.authorizationCodeGrantIdentifier]: authorizationCodeGrant,...restGrants } = options.grants;
+	const grants = { ...restGrants };
+	if (authorizationCodeGrant) {
+		determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier] = authorizationCodeGrant;
+	}
+	if (preAuthorizedCodeGrant) {
+		determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: preAuthorizedCodeGrant.authorization_server
+		});
+		grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = {
+			...preAuthorizedCodeGrant,
+			"pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.generateRandom(32))
+		};
+		const txCode = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code;
+		if (txCode && options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
+	}
+	const idsNotInMetadata = options.credentialConfigurationIds.filter((id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0);
+	if (idsNotInMetadata.length > 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`);
+	const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
+	const credentialOfferObject = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialOfferObject, {
+		credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+		credential_configuration_ids: options.credentialConfigurationIds,
+		grants,
+		...options.additionalPayload
+	});
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
+	const url = new __openid4vc_utils.URL(credentialOfferScheme);
+	url.search = `?${new __openid4vc_utils.URLSearchParams([...url.searchParams.entries(), ...(0, __openid4vc_utils.objectToQueryParams)({
+		credential_offer_uri: options.credentialOfferUri,
+		credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
+	}).entries()]).toString()}`;
+	return {
+		credentialOffer: url.toString(),
+		credentialOfferObject
+	};
 }
 
-// src/index.ts
-var import_utils22 = require("@openid4vc/utils");
-
-// src/credential-request/credential-request-configurations.ts
-var import_utils6 = require("@openid4vc/utils");
-
-// src/metadata/credential-issuer/credential-issuer-metadata.ts
-var import_oauth25 = require("@openid4vc/oauth2");
-var import_utils5 = require("@openid4vc/utils");
-
-// src/metadata/credential-issuer/z-credential-issuer-metadata.ts
-var import_oauth24 = require("@openid4vc/oauth2");
-var import_utils4 = require("@openid4vc/utils");
-var import_zod13 = __toESM(require("zod"));
-
-// src/formats/credential/mso-mdoc/z-mso-mdoc.ts
-var import_zod5 = __toESM(require("zod"));
-
-// src/metadata/credential-issuer/z-claims-description.ts
-var import_zod2 = __toESM(require("zod"));
-var zCredentialConfigurationSupportedClaimsDescriptionDraft14 = import_zod2.default.object({
-  mandatory: import_zod2.default.boolean().optional(),
-  value_type: import_zod2.default.string().optional(),
-  display: import_zod2.default.array(
-    import_zod2.default.object({
-      name: import_zod2.default.string().optional(),
-      locale: import_zod2.default.string().optional()
-    }).passthrough()
-  ).optional()
+//#endregion
+//#region src/metadata/credential-issuer/z-claims-description.ts
+const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zCredentialConfigurationSupportedClaimsDraft14 = import_zod2.default.record(
-  import_zod2.default.string(),
-  import_zod2.default.union([
-    zCredentialConfigurationSupportedClaimsDescriptionDraft14,
-    import_zod2.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)
-  ])
-);
-var zClaimsDescriptionPath = import_zod2.default.array(import_zod2.default.union([import_zod2.default.string(), import_zod2.default.number().int().nonnegative(), import_zod2.default.null()])).nonempty();
-var zMsoMdocClaimsDescriptionPath = import_zod2.default.tuple([import_zod2.default.string(), import_zod2.default.string()], {
-  message: "mso_mdoc claims description path MUST be an array with exactly two string elements, pointing to the namespace and element identifier within an mdoc credential"
-});
-var zIssuerMetadataClaimsDescription = import_zod2.default.object({
-  path: zClaimsDescriptionPath,
-  mandatory: import_zod2.default.boolean().optional(),
-  display: import_zod2.default.array(
-    import_zod2.default.object({
-      name: import_zod2.default.string().optional(),
-      locale: import_zod2.default.string().optional()
-    }).passthrough()
-  ).optional()
+const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
+const zClaimsDescriptionPath = zod.default.array(zod.default.union([
+	zod.default.string(),
+	zod.default.number().int().nonnegative(),
+	zod.default.null()
+])).nonempty();
+const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], { message: "mso_mdoc claims description path MUST be an array with exactly two string elements, pointing to the namespace and element identifier within an mdoc credential" });
+const zIssuerMetadataClaimsDescription = zod.default.object({
+	path: zClaimsDescriptionPath,
+	mandatory: zod.default.boolean().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({
-  path: zMsoMdocClaimsDescriptionPath
-});
-
-// src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
-var import_zod4 = __toESM(require("zod"));
+const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
 
-// src/key-attestation/z-key-attestation.ts
-var import_oauth23 = require("@openid4vc/oauth2");
-var import_utils3 = require("@openid4vc/utils");
-var import_zod3 = __toESM(require("zod"));
-var zKeyAttestationJwtHeader = import_zod3.default.object({
-  ...import_oauth23.zJwtHeader.shape,
-  typ: import_zod3.default.literal("keyattestation+jwt").or(
-    // Draft 16
-    import_zod3.default.literal("key-attestation+jwt")
-  )
-}).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
-  message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
-}).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
-  message: `When 'trust_chain' is provided, 'kid' is required`
-});
-var zIso18045 = import_zod3.default.enum(["iso_18045_high", "iso_18045_moderate", "iso_18045_enhanced-basic", "iso_18045_basic"]);
-var zIso18045OrStringArray = import_zod3.default.array(import_zod3.default.union([zIso18045, import_zod3.default.string()]));
-var zKeyAttestationJwtPayload = import_zod3.default.object({
-  ...import_oauth23.zJwtPayload.shape,
-  iat: import_utils3.zInteger,
-  attested_keys: import_zod3.default.array(import_oauth23.zJwk),
-  key_storage: import_zod3.default.optional(zIso18045OrStringArray),
-  user_authentication: import_zod3.default.optional(zIso18045OrStringArray),
-  certification: import_zod3.default.optional(import_zod3.default.string().url())
+//#endregion
+//#region src/key-attestation/z-key-attestation.ts
+const zKeyAttestationJwtHeader = zod.default.object({
+	...__openid4vc_oauth2.zJwtHeader.shape,
+	typ: zod.default.literal("keyattestation+jwt").or(zod.default.literal("key-attestation+jwt"))
+}).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+const zIso18045 = zod.default.enum([
+	"iso_18045_high",
+	"iso_18045_moderate",
+	"iso_18045_enhanced-basic",
+	"iso_18045_basic"
+]);
+const zIso18045OrStringArray = zod.default.array(zod.default.union([zIso18045, zod.default.string()]));
+const zKeyAttestationJwtPayload = zod.default.object({
+	...__openid4vc_oauth2.zJwtPayload.shape,
+	iat: __openid4vc_utils.zInteger,
+	attested_keys: zod.default.array(__openid4vc_oauth2.zJwk),
+	key_storage: zod.default.optional(zIso18045OrStringArray),
+	user_authentication: zod.default.optional(zIso18045OrStringArray),
+	certification: zod.default.optional(zod.default.string().url())
 }).passthrough();
-var zKeyAttestationJwtPayloadForUse = (use) => import_zod3.default.object({
-  ...zKeyAttestationJwtPayload.shape,
-  // REQUIRED when used as proof_type.attesation directly
-  nonce: use === "proof_type.attestation" ? import_zod3.default.string({
-    message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly`
-  }) : import_zod3.default.optional(import_zod3.default.string()),
-  // REQUIRED when used within header of proof_type.jwt
-  exp: use === "proof_type.jwt" ? import_utils3.zInteger : import_zod3.default.optional(import_utils3.zInteger)
+const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
+	...zKeyAttestationJwtPayload.shape,
+	nonce: use === "proof_type.attestation" ? zod.default.string({ message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly` }) : zod.default.optional(zod.default.string()),
+	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
 }).passthrough();
 
-// src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
-var zCredentialConfigurationSupportedDisplayEntry = import_zod4.default.object({
-  name: import_zod4.default.string(),
-  locale: import_zod4.default.string().optional(),
-  logo: import_zod4.default.object({
-    // FIXME: make required again, but need to support draft 11 first
-    uri: import_zod4.default.string().optional(),
-    alt_text: import_zod4.default.string().optional()
-  }).passthrough().optional(),
-  description: import_zod4.default.string().optional(),
-  background_color: import_zod4.default.string().optional(),
-  background_image: import_zod4.default.object({
-    // TODO: should be required, but paradym's metadata is wrong here.
-    uri: import_zod4.default.string().optional()
-  }).passthrough().optional(),
-  text_color: import_zod4.default.string().optional()
+//#endregion
+//#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
+const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
+	name: zod.default.string(),
+	locale: zod.default.string().optional(),
+	logo: zod.default.object({
+		uri: zod.default.string().optional(),
+		alt_text: zod.default.string().optional()
+	}).passthrough().optional(),
+	description: zod.default.string().optional(),
+	background_color: zod.default.string().optional(),
+	background_image: zod.default.object({ uri: zod.default.string().optional() }).passthrough().optional(),
+	text_color: zod.default.string().optional()
 }).passthrough();
-var zCredentialConfigurationSupportedCommonCredentialMetadata = import_zod4.default.object({
-  display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional()
-});
-var zCredentialConfigurationSupportedCommon = import_zod4.default.object({
-  format: import_zod4.default.string(),
-  scope: import_zod4.default.string().optional(),
-  cryptographic_binding_methods_supported: import_zod4.default.array(import_zod4.default.string()).optional(),
-  credential_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()).or(import_zod4.default.array(import_zod4.default.number())).optional(),
-  proof_types_supported: import_zod4.default.record(
-    import_zod4.default.union([import_zod4.default.literal("jwt"), import_zod4.default.literal("attestation"), import_zod4.default.string()]),
-    import_zod4.default.object({
-      proof_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()),
-      key_attestations_required: import_zod4.default.object({
-        key_storage: zIso18045OrStringArray.optional(),
-        user_authentication: zIso18045OrStringArray.optional()
-      }).passthrough().optional()
-    })
-  ).optional(),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
-  // For typing purposes. Can be removed once we drop support for draft <= 15.
-  claims: import_zod4.default.optional(import_zod4.default.never())
+const zCredentialConfigurationSupportedCommonCredentialMetadata = zod.default.object({ display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional() });
+const zCredentialConfigurationSupportedCommon = zod.default.object({
+	format: zod.default.string(),
+	scope: zod.default.string().optional(),
+	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
+	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).or(zod.default.array(zod.default.number())).optional(),
+	proof_types_supported: zod.default.record(zod.default.union([
+		zod.default.literal("jwt"),
+		zod.default.literal("attestation"),
+		zod.default.string()
+	]), zod.default.object({
+		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
+		key_attestations_required: zod.default.object({
+			key_storage: zIso18045OrStringArray.optional(),
+			user_authentication: zIso18045OrStringArray.optional()
+		}).passthrough().optional()
+	})).optional(),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
+	claims: zod.default.optional(zod.default.never())
 }).passthrough();
-var zCredentialConfigurationSupportedCommonDraft15 = import_zod4.default.object({
-  format: import_zod4.default.string(),
-  scope: import_zod4.default.string().optional(),
-  cryptographic_binding_methods_supported: import_zod4.default.array(import_zod4.default.string()).optional(),
-  credential_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()).or(import_zod4.default.array(import_zod4.default.number())).optional(),
-  proof_types_supported: import_zod4.default.record(
-    import_zod4.default.union([import_zod4.default.literal("jwt"), import_zod4.default.literal("attestation"), import_zod4.default.string()]),
-    import_zod4.default.object({
-      proof_signing_alg_values_supported: import_zod4.default.array(import_zod4.default.string()),
-      key_attestations_required: import_zod4.default.object({
-        key_storage: zIso18045OrStringArray.optional(),
-        user_authentication: zIso18045OrStringArray.optional()
-      }).passthrough().optional()
-    })
-  ).optional(),
-  display: import_zod4.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
-  // For typing purposes.
-  credential_metadata: import_zod4.default.optional(import_zod4.default.never())
+const zCredentialConfigurationSupportedCommonDraft15 = zod.default.object({
+	format: zod.default.string(),
+	scope: zod.default.string().optional(),
+	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
+	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).or(zod.default.array(zod.default.number())).optional(),
+	proof_types_supported: zod.default.record(zod.default.union([
+		zod.default.literal("jwt"),
+		zod.default.literal("attestation"),
+		zod.default.string()
+	]), zod.default.object({
+		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
+		key_attestations_required: zod.default.object({
+			key_storage: zIso18045OrStringArray.optional(),
+			user_authentication: zIso18045OrStringArray.optional()
+		}).passthrough().optional()
+	})).optional(),
+	display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
+	credential_metadata: zod.default.optional(zod.default.never())
 }).passthrough();
 
-// src/formats/credential/mso-mdoc/z-mso-mdoc.ts
-var zMsoMdocFormatIdentifier = import_zod5.default.literal("mso_mdoc");
-var zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/mso-mdoc/z-mso-mdoc.ts
+const zMsoMdocFormatIdentifier = zod.default.literal("mso_mdoc");
+const zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  claims: import_zod5.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
+const zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
 });
-var zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
-  order: import_zod5.default.optional(import_zod5.default.array(import_zod5.default.string()))
+const zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
+	order: zod.default.optional(zod.default.array(zod.default.string()))
 });
-var zMsoMdocCredentialRequestFormatDraft14 = import_zod5.default.object({
-  format: zMsoMdocFormatIdentifier,
-  doctype: import_zod5.default.string(),
-  // Format based request is removed in Draft 15, so only old claims syntax supported.
-  claims: zCredentialConfigurationSupportedClaimsDraft14.optional()
+const zMsoMdocCredentialRequestFormatDraft14 = zod.default.object({
+	format: zMsoMdocFormatIdentifier,
+	doctype: zod.default.string(),
+	claims: zCredentialConfigurationSupportedClaimsDraft14.optional()
 });
 
-// src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
-var import_zod6 = __toESM(require("zod"));
-var zLegacySdJwtVcFormatIdentifier = import_zod6.default.literal("vc+sd-jwt");
-var zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
-  vct: import_zod6.default.string(),
-  format: zLegacySdJwtVcFormatIdentifier,
-  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod6.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional(),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
+//#endregion
+//#region src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
+const zSdJwtDcFormatIdentifier = zod.default.literal("dc+sd-jwt");
+const zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	vct: zod.default.string(),
+	format: zSdJwtDcFormatIdentifier,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  vct: import_zod6.default.string(),
-  format: zLegacySdJwtVcFormatIdentifier,
-  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-  order: import_zod6.default.optional(import_zod6.default.array(import_zod6.default.string())),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
-});
-var zLegacySdJwtVcCredentialRequestFormatDraft14 = import_zod6.default.object({
-  format: zLegacySdJwtVcFormatIdentifier,
-  vct: import_zod6.default.string(),
-  claims: import_zod6.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-  credential_definition: import_zod6.default.optional(import_zod6.default.never())
+const zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	vct: zod.default.string(),
+	format: zSdJwtDcFormatIdentifier,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
 
-// src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
-var import_zod7 = __toESM(require("zod"));
-var zSdJwtDcFormatIdentifier = import_zod7.default.literal("dc+sd-jwt");
-var zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  vct: import_zod7.default.string(),
-  format: zSdJwtDcFormatIdentifier,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcFormatIdentifier = zod.default.literal("vc+sd-jwt");
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+	vct: zod.default.string(),
+	format: zLegacySdJwtVcFormatIdentifier,
+	order: zod.default.optional(zod.default.array(zod.default.string())),
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
+	credential_definition: zod.default.optional(zod.default.never())
 });
-var zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  vct: import_zod7.default.string(),
-  format: zSdJwtDcFormatIdentifier,
-  claims: import_zod7.default.array(zIssuerMetadataClaimsDescription).optional()
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	vct: zod.default.string(),
+	format: zLegacySdJwtVcFormatIdentifier,
+	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
+	order: zod.default.optional(zod.default.array(zod.default.string())),
+	credential_definition: zod.default.optional(zod.default.never())
+});
+/**
+* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
+* of the OpenID for Verifiable Presentations specification. Please update your
+* implementations accordingly.
+*/
+const zLegacySdJwtVcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zLegacySdJwtVcFormatIdentifier,
+	vct: zod.default.string(),
+	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
+	credential_definition: zod.default.optional(zod.default.never())
 });
 
-// src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
-var import_zod9 = __toESM(require("zod"));
-
-// src/formats/credential/w3c-vc/z-w3c-vc-common.ts
-var import_zod8 = __toESM(require("zod"));
-var zCredentialSubjectLeafTypeDraft14 = import_zod8.default.object({
-  mandatory: import_zod8.default.boolean().optional(),
-  value_type: import_zod8.default.string().optional(),
-  display: import_zod8.default.array(
-    import_zod8.default.object({
-      name: import_zod8.default.string().optional(),
-      locale: import_zod8.default.string().optional()
-    }).passthrough()
-  ).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-vc-common.ts
+const zCredentialSubjectLeafTypeDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).passthrough()).optional()
 }).passthrough();
-var zClaimValueSchemaDraft14 = import_zod8.default.union([
-  import_zod8.default.array(import_zod8.default.any()),
-  import_zod8.default.record(import_zod8.default.string(), import_zod8.default.any()),
-  zCredentialSubjectLeafTypeDraft14
+const zClaimValueSchemaDraft14 = zod.default.union([
+	zod.default.array(zod.default.any()),
+	zod.default.record(zod.default.string(), zod.default.any()),
+	zCredentialSubjectLeafTypeDraft14
 ]);
-var zW3cVcCredentialSubjectDraft14 = import_zod8.default.record(import_zod8.default.string(), zClaimValueSchemaDraft14);
-var zW3cVcJsonLdCredentialDefinition = import_zod8.default.object({
-  "@context": import_zod8.default.array(import_zod8.default.string()),
-  type: import_zod8.default.array(import_zod8.default.string()).nonempty()
+const zW3cVcCredentialSubjectDraft14 = zod.default.record(zod.default.string(), zClaimValueSchemaDraft14);
+const zW3cVcJsonLdCredentialDefinition = zod.default.object({
+	"@context": zod.default.array(zod.default.string()),
+	type: zod.default.array(zod.default.string()).nonempty()
 }).passthrough();
-var zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-});
+const zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
 
-// src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
-var zLdpVcFormatIdentifier = import_zod9.default.literal("ldp_vc");
-var zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod9.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
+const zJwtVcJsonFormatIdentifier = zod.default.literal("jwt_vc_json");
+const zJwtVcJsonCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
+const zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  claims: import_zod9.default.array(zIssuerMetadataClaimsDescription).optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-  order: import_zod9.default.array(import_zod9.default.string()).optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
+	order: zod.default.array(zod.default.string()).optional()
 });
-var zLdpVcCredentialIssuerMetadataDraft11 = import_zod9.default.object({
-  order: import_zod9.default.array(import_zod9.default.string()).optional(),
-  format: zLdpVcFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  "@context": import_zod9.default.array(import_zod9.default.string()),
-  types: import_zod9.default.array(import_zod9.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zJwtVcJsonCredentialIssuerMetadataDraft11 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	order: zod.default.array(zod.default.string()).optional(),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(
-  ({ "@context": context, types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      "@context": context,
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  ...credentialDefinition,
-  types: type
-})).pipe(zLdpVcCredentialIssuerMetadataDraft11);
-var zLdpVcCredentialRequestFormatDraft14 = import_zod9.default.object({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14
+const zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(({ types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	types: type,
+	...credentialDefinition
+})).pipe(zJwtVcJsonCredentialIssuerMetadataDraft11);
+const zJwtVcJsonCredentialRequestFormatDraft14 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	credential_definition: zJwtVcJsonCredentialDefinition
 });
-var zLdpVcCredentialRequestDraft11 = import_zod9.default.object({
-  format: zLdpVcFormatIdentifier,
-  credential_definition: import_zod9.default.object({
-    "@context": import_zod9.default.array(import_zod9.default.string()),
-    // credential_definition was using types instead of type in v11
-    types: import_zod9.default.array(import_zod9.default.string()),
-    credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-  })
+const zJwtVcJsonCredentialRequestDraft11 = zod.default.object({
+	format: zJwtVcJsonFormatIdentifier,
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
 }).passthrough();
-var zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(
-  ({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      ...restCredentialDefinition,
-      type: types
-    }
-  })
-);
-var zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-  ...rest,
-  credential_definition: {
-    ...restCredentialDefinition,
-    types: type
-  }
-})).pipe(zLdpVcCredentialRequestDraft11);
+const zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(({ types, credentialSubject,...rest }) => {
+	return {
+		...rest,
+		credential_definition: {
+			type: types,
+			...credentialSubject ? { credentialSubject } : {}
+		}
+	};
+});
+const zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	types: type,
+	...credentialDefinition
+})).pipe(zJwtVcJsonCredentialRequestDraft11);
 
-// src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
-var import_zod10 = __toESM(require("zod"));
-var zJwtVcJsonLdFormatIdentifier = import_zod10.default.literal("jwt_vc_json-ld");
-var zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod10.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
+const zJwtVcJsonLdFormatIdentifier = zod.default.literal("jwt_vc_json-ld");
+const zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition,
-  claims: import_zod10.default.array(zIssuerMetadataClaimsDescription).optional()
+const zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-  order: import_zod10.default.optional(import_zod10.default.array(import_zod10.default.string()))
+const zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
+	order: zod.default.optional(zod.default.array(zod.default.string()))
 });
-var zJwtVcJsonLdCredentialIssuerMetadataDraft11 = import_zod10.default.object({
-  order: import_zod10.default.array(import_zod10.default.string()).optional(),
-  format: zJwtVcJsonLdFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  "@context": import_zod10.default.array(import_zod10.default.string()),
-  types: import_zod10.default.array(import_zod10.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zJwtVcJsonLdCredentialIssuerMetadataDraft11 = zod.default.object({
+	order: zod.default.array(zod.default.string()).optional(),
+	format: zJwtVcJsonLdFormatIdentifier,
+	"@context": zod.default.array(zod.default.string()),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(
-  ({ "@context": context, types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      "@context": context,
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  ...credentialDefinition,
-  types: type
+const zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		"@context": context,
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	...credentialDefinition,
+	types: type
 })).pipe(zJwtVcJsonLdCredentialIssuerMetadataDraft11);
-var zJwtVcJsonLdCredentialRequestFormatDraft14 = import_zod10.default.object({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: zW3cVcJsonLdCredentialDefinition
+const zJwtVcJsonLdCredentialRequestFormatDraft14 = zod.default.object({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition
 });
-var zJwtVcJsonLdCredentialRequestDraft11 = import_zod10.default.object({
-  format: zJwtVcJsonLdFormatIdentifier,
-  credential_definition: import_zod10.default.object({
-    "@context": import_zod10.default.array(import_zod10.default.string()),
-    // credential_definition was using types instead of type in v11
-    types: import_zod10.default.array(import_zod10.default.string()),
-    credentialSubject: import_zod10.default.optional(zW3cVcCredentialSubjectDraft14)
-  }).passthrough()
+const zJwtVcJsonLdCredentialRequestDraft11 = zod.default.object({
+	format: zJwtVcJsonLdFormatIdentifier,
+	credential_definition: zod.default.object({
+		"@context": zod.default.array(zod.default.string()),
+		types: zod.default.array(zod.default.string()),
+		credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
+	}).passthrough()
 }).passthrough();
-var zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(
-  ({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      ...restCredentialDefinition,
-      type: types
-    }
-  })
-);
-var zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-  ...rest,
-  credential_definition: {
-    ...restCredentialDefinition,
-    types: type
-  }
+const zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		type: types
+	}
+}));
+const zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		types: type
+	}
 })).pipe(zJwtVcJsonLdCredentialRequestDraft11);
 
-// src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
-var import_zod11 = __toESM(require("zod"));
-var zJwtVcJsonFormatIdentifier = import_zod11.default.literal("jwt_vc_json");
-var zJwtVcJsonCredentialDefinition = import_zod11.default.object({
-  type: import_zod11.default.array(import_zod11.default.string()).nonempty()
-}).passthrough();
-var zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-});
-var zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod11.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional()
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
+const zLdpVcFormatIdentifier = zod.default.literal("ldp_vc");
+const zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition,
-  claims: import_zod11.default.array(zIssuerMetadataClaimsDescription).optional()
+const zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
-  order: import_zod11.default.array(import_zod11.default.string()).optional()
+const zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
+	order: zod.default.array(zod.default.string()).optional()
 });
-var zJwtVcJsonCredentialIssuerMetadataDraft11 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  order: import_zod11.default.array(import_zod11.default.string()).optional(),
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  types: import_zod11.default.array(import_zod11.default.string()),
-  credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+const zLdpVcCredentialIssuerMetadataDraft11 = zod.default.object({
+	order: zod.default.array(zod.default.string()).optional(),
+	format: zLdpVcFormatIdentifier,
+	"@context": zod.default.array(zod.default.string()),
+	types: zod.default.array(zod.default.string()),
+	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 }).passthrough();
-var zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(
-  ({ types, credentialSubject, ...rest }) => ({
-    ...rest,
-    credential_definition: {
-      type: types,
-      // Prevent weird typing issue with optional vs undefined
-      ...credentialSubject ? { credentialSubject } : {}
-    }
-  })
-);
-var zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  types: type,
-  ...credentialDefinition
-})).pipe(zJwtVcJsonCredentialIssuerMetadataDraft11);
-var zJwtVcJsonCredentialRequestFormatDraft14 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  credential_definition: zJwtVcJsonCredentialDefinition
+const zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
+	...rest,
+	credential_definition: {
+		"@context": context,
+		type: types,
+		...credentialSubject ? { credentialSubject } : {}
+	}
+}));
+const zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+	...rest,
+	...credentialDefinition,
+	types: type
+})).pipe(zLdpVcCredentialIssuerMetadataDraft11);
+const zLdpVcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14
 });
-var zJwtVcJsonCredentialRequestDraft11 = import_zod11.default.object({
-  format: zJwtVcJsonFormatIdentifier,
-  // Credential definition was spread on top level instead of a separatey property in v11
-  // As well as using types instead of type
-  types: import_zod11.default.array(import_zod11.default.string()),
-  credentialSubject: import_zod11.default.optional(zW3cVcCredentialSubjectDraft14)
+const zLdpVcCredentialRequestDraft11 = zod.default.object({
+	format: zLdpVcFormatIdentifier,
+	credential_definition: zod.default.object({
+		"@context": zod.default.array(zod.default.string()),
+		types: zod.default.array(zod.default.string()),
+		credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
+	})
 }).passthrough();
-var zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(
-  ({ types, credentialSubject, ...rest }) => {
-    return {
-      ...rest,
-      credential_definition: {
-        type: types,
-        // Prevent weird typing issue with optional vs undefined
-        ...credentialSubject ? { credentialSubject } : {}
-      }
-    };
-  }
-);
-var zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-  ...rest,
-  types: type,
-  ...credentialDefinition
-})).pipe(zJwtVcJsonCredentialRequestDraft11);
+const zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		type: types
+	}
+}));
+const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+	...rest,
+	credential_definition: {
+		...restCredentialDefinition,
+		types: type
+	}
+})).pipe(zLdpVcCredentialRequestDraft11);
 
-// src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
-var import_zod12 = __toESM(require("zod"));
-var zSdJwtW3VcFormatIdentifier = import_zod12.default.literal("vc+sd-jwt");
-var zSdJwtW3VcCredentialDefinition = import_zod12.default.object({
-  type: import_zod12.default.array(import_zod12.default.string()).nonempty()
-}).passthrough();
-var zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-  format: zSdJwtW3VcFormatIdentifier,
-  credential_definition: zSdJwtW3VcCredentialDefinition,
-  credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({
-    claims: import_zod12.default.array(zIssuerMetadataClaimsDescription).optional()
-  }).optional(),
-  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
-  vct: import_zod12.default.optional(import_zod12.default.never())
+//#endregion
+//#region src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
+const zSdJwtW3VcFormatIdentifier = zod.default.literal("vc+sd-jwt");
+const zSdJwtW3VcCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
+	vct: zod.default.optional(zod.default.never())
 });
-var zSdJwtW3VcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-  format: zSdJwtW3VcFormatIdentifier,
-  credential_definition: zSdJwtW3VcCredentialDefinition,
-  claims: import_zod12.default.array(zIssuerMetadataClaimsDescription).optional(),
-  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
-  vct: import_zod12.default.optional(import_zod12.default.never())
+const zSdJwtW3VcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional(),
+	vct: zod.default.optional(zod.default.never())
 });
-var zSdJwtW3VcCredentialRequestFormatDraft14 = import_zod12.default.object({
-  format: zSdJwtW3VcFormatIdentifier,
-  credential_definition: zSdJwtW3VcCredentialDefinition,
-  // FIXME(vc+sd-jwt): remove when dropping support for legacy vc+sd-jwt. Allows type narrowing.
-  vct: import_zod12.default.optional(import_zod12.default.never())
+const zSdJwtW3VcCredentialRequestFormatDraft14 = zod.default.object({
+	format: zSdJwtW3VcFormatIdentifier,
+	credential_definition: zSdJwtW3VcCredentialDefinition,
+	vct: zod.default.optional(zod.default.never())
 });
 
-// src/metadata/credential-issuer/z-credential-issuer-metadata.ts
-var allCredentialIssuerMetadataFormats = [
-  zSdJwtDcCredentialIssuerMetadata,
-  zMsoMdocCredentialIssuerMetadata,
-  zJwtVcJsonLdCredentialIssuerMetadata,
-  zLdpVcCredentialIssuerMetadata,
-  zJwtVcJsonCredentialIssuerMetadata,
-  zSdJwtW3VcCredentialIssuerMetadata,
-  zSdJwtW3VcCredentialIssuerMetadataDraft15,
-  zLegacySdJwtVcCredentialIssuerMetadataDraft16,
-  zSdJwtDcCredentialIssuerMetadataDraft15,
-  zMsoMdocCredentialIssuerMetadataDraft15,
-  zJwtVcJsonLdCredentialIssuerMetadataDraft15,
-  zLdpVcCredentialIssuerMetadataDraft15,
-  zJwtVcJsonCredentialIssuerMetadataDraft15,
-  zMsoMdocCredentialIssuerMetadataDraft14,
-  zLegacySdJwtVcCredentialIssuerMetadataDraft14,
-  zJwtVcJsonLdCredentialIssuerMetadataDraft14,
-  zLdpVcCredentialIssuerMetadataDraft14,
-  zJwtVcJsonCredentialIssuerMetadataDraft14
+//#endregion
+//#region src/metadata/credential-issuer/z-credential-issuer-metadata.ts
+const allCredentialIssuerMetadataFormats = [
+	zSdJwtDcCredentialIssuerMetadata,
+	zMsoMdocCredentialIssuerMetadata,
+	zJwtVcJsonLdCredentialIssuerMetadata,
+	zLdpVcCredentialIssuerMetadata,
+	zJwtVcJsonCredentialIssuerMetadata,
+	zSdJwtW3VcCredentialIssuerMetadata,
+	zSdJwtW3VcCredentialIssuerMetadataDraft15,
+	zLegacySdJwtVcCredentialIssuerMetadataDraft16,
+	zSdJwtDcCredentialIssuerMetadataDraft15,
+	zMsoMdocCredentialIssuerMetadataDraft15,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
+	zLdpVcCredentialIssuerMetadataDraft15,
+	zJwtVcJsonCredentialIssuerMetadataDraft15,
+	zMsoMdocCredentialIssuerMetadataDraft14,
+	zLegacySdJwtVcCredentialIssuerMetadataDraft14,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft14,
+	zLdpVcCredentialIssuerMetadataDraft14,
+	zJwtVcJsonCredentialIssuerMetadataDraft14
 ];
-var allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map(
-  (format) => format.shape.format.value
-);
-var zCredentialConfigurationSupportedWithFormats = import_zod13.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
-  if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
-  const validators = allCredentialIssuerMetadataFormats.filter(
-    (formatValidator) => formatValidator.shape.format.value === data.format
-  );
-  const result = import_zod13.default.object({}).passthrough().and(
-    validators.length > 1 ? import_zod13.default.union(
-      validators
-    ) : validators[0]
-  ).safeParse(data);
-  if (result.success) {
-    return result.data;
-  }
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod13.default.NEVER;
+const allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map((format) => format.shape.format.value);
+const zCredentialConfigurationSupportedWithFormats = zod.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
+	if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
+	const validators = allCredentialIssuerMetadataFormats.filter((formatValidator) => formatValidator.shape.format.value === data.format);
+	const result = zod.default.object({}).passthrough().and(validators.length > 1 ? zod.default.union(validators) : validators[0]).safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialIssuerMetadataDisplayEntry = import_zod13.default.object({
-  name: import_zod13.default.string().optional(),
-  locale: import_zod13.default.string().optional(),
-  logo: import_zod13.default.object({
-    // FIXME: make required again, but need to support draft 11 first
-    uri: import_zod13.default.string().optional(),
-    alt_text: import_zod13.default.string().optional()
-  }).passthrough().optional()
+const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
+	name: zod.default.string().optional(),
+	locale: zod.default.string().optional(),
+	logo: zod.default.object({
+		uri: zod.default.string().optional(),
+		alt_text: zod.default.string().optional()
+	}).passthrough().optional()
 }).passthrough();
-var zCredentialIssuerMetadataDraft14Draft15Draft16 = import_zod13.default.object({
-  credential_issuer: import_utils4.zHttpsUrl,
-  authorization_servers: import_zod13.default.array(import_utils4.zHttpsUrl).optional(),
-  credential_endpoint: import_utils4.zHttpsUrl,
-  deferred_credential_endpoint: import_utils4.zHttpsUrl.optional(),
-  notification_endpoint: import_utils4.zHttpsUrl.optional(),
-  // Added after draft 14, but needed for proper
-  nonce_endpoint: import_utils4.zHttpsUrl.optional(),
-  credential_response_encryption: import_zod13.default.object({
-    alg_values_supported: import_zod13.default.array(import_zod13.default.string()),
-    enc_values_supported: import_zod13.default.array(import_zod13.default.string()),
-    encryption_required: import_zod13.default.boolean()
-  }).passthrough().optional(),
-  batch_credential_issuance: import_zod13.default.object({
-    batch_size: import_zod13.default.number().positive()
-  }).passthrough().optional(),
-  signed_metadata: import_oauth24.zCompactJwt.optional(),
-  display: import_zod13.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-  credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedWithFormats)
+const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
+	credential_issuer: __openid4vc_utils.zHttpsUrl,
+	authorization_servers: zod.default.array(__openid4vc_utils.zHttpsUrl).optional(),
+	credential_endpoint: __openid4vc_utils.zHttpsUrl,
+	deferred_credential_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	notification_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	nonce_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
+	credential_response_encryption: zod.default.object({
+		alg_values_supported: zod.default.array(zod.default.string()),
+		enc_values_supported: zod.default.array(zod.default.string()),
+		encryption_required: zod.default.boolean()
+	}).passthrough().optional(),
+	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).passthrough().optional(),
+	signed_metadata: __openid4vc_oauth2.zCompactJwt.optional(),
+	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
+	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
 }).passthrough();
-var zCredentialConfigurationSupportedDraft11To16 = import_zod13.default.object({
-  id: import_zod13.default.string().optional(),
-  format: import_zod13.default.string(),
-  cryptographic_suites_supported: import_zod13.default.array(import_zod13.default.string()).optional(),
-  display: import_zod13.default.array(
-    import_zod13.default.object({
-      logo: import_zod13.default.object({
-        url: import_zod13.default.string().url().optional()
-      }).passthrough().optional(),
-      background_image: import_zod13.default.object({
-        url: import_zod13.default.string().url().optional()
-      }).passthrough().optional()
-    }).passthrough()
-  ).optional(),
-  claims: import_zod13.default.any().optional()
-}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id, ...rest }) => ({
-  ...rest,
-  ...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
-  ...claims || display ? {
-    credential_metadata: {
-      ...claims ? { claims } : {},
-      ...display ? {
-        display: display.map(({ logo, background_image, ...displayRest }) => ({
-          ...displayRest,
-          // url became uri and also required
-          // so if there's no url in the logo, we remove the whole logo object
-          ...logo?.url ? {
-            // TODO: we should add the other params from logo as well
-            logo: {
-              uri: logo.url
-            }
-          } : {},
-          // TODO: we should add the other params from background_image as well
-          // url became uri and also required
-          // so if there's no url in the background_image, we remove the whole logo object
-          ...background_image?.url ? {
-            background_image: {
-              uri: background_image.url
-            }
-          } : {}
-        }))
-      } : {}
-    }
-  } : {}
+const zCredentialConfigurationSupportedDraft11To16 = zod.default.object({
+	id: zod.default.string().optional(),
+	format: zod.default.string(),
+	cryptographic_suites_supported: zod.default.array(zod.default.string()).optional(),
+	display: zod.default.array(zod.default.object({
+		logo: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional(),
+		background_image: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional()
+	}).passthrough()).optional(),
+	claims: zod.default.any().optional()
+}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id,...rest }) => ({
+	...rest,
+	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
+	...claims || display ? { credential_metadata: {
+		...claims ? { claims } : {},
+		...display ? { display: display.map(({ logo, background_image,...displayRest }) => ({
+			...displayRest,
+			...logo?.url ? { logo: { uri: logo.url } } : {},
+			...background_image?.url ? { background_image: { uri: background_image.url } } : {}
+		})) } : {}
+	} } : {}
 })).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialIssuerMetadataDraft11To14,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialIssuerMetadataDraft11To14,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialIssuerMetadataDraft11To14
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod13.default.NEVER;
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialIssuerMetadataDraft11To14,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialIssuerMetadataDraft11To14,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialIssuerMetadataDraft11To14
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
-var zCredentialConfigurationSupportedDraft16To15 = zCredentialConfigurationSupportedWithFormats.transform(
-  ({ credential_metadata, ...rest }) => ({
-    ...credential_metadata,
-    ...rest
-  })
-);
-var zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedDraft16To15.and(
-  import_zod13.default.object({
-    id: import_zod13.default.string()
-  }).passthrough()
-).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, ...rest }) => ({
-  ...rest,
-  ...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
-  ...display ? {
-    display: display.map(({ logo, background_image, ...displayRest }) => {
-      const { uri: logoUri, ...logoRest } = logo ?? {};
-      const { uri: backgroundImageUri, ...backgroundImageRest } = background_image ?? {};
-      return {
-        ...displayRest,
-        // draft 11 uses url, draft 13/14 uses uri
-        ...logoUri ? { logo: { url: logoUri, ...logoRest } } : {},
-        // draft 11 uses url, draft 13/14 uses uri
-        ...backgroundImageUri ? { logo: { url: backgroundImageUri, ...backgroundImageRest } } : {}
-      };
-    })
-  } : {},
-  id
-})).pipe(
-  import_zod13.default.union([
-    zLdpVcCredentialIssuerMetadataDraft14To11,
-    zJwtVcJsonCredentialIssuerMetadataDraft14To11,
-    zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
-    // To handle unrecognized formats and not error immediately we allow the common format as well
-    // but they can't use any of the format identifiers that have a specific transformation. This way if a format is
-    // has a transformation it NEEDS to use the format specific transformation, and otherwise we fall back to the common validation
-    import_zod13.default.object({
-      format: import_zod13.default.string().refine(
-        (input) => ![
-          zLdpVcFormatIdentifier.value,
-          zJwtVcJsonFormatIdentifier.value,
-          zJwtVcJsonLdFormatIdentifier.value
-        ].includes(input)
-      )
-    }).passthrough()
-  ])
-);
-var zCredentialIssuerMetadataDraft11To16 = import_zod13.default.object({
-  authorization_server: import_zod13.default.string().optional(),
-  credentials_supported: import_zod13.default.array(
-    import_zod13.default.object({
-      id: import_zod13.default.string().optional()
-    }).passthrough()
-  )
-}).passthrough().transform(({ authorization_server, credentials_supported, ...rest }) => {
-  return {
-    ...rest,
-    ...authorization_server ? { authorization_servers: [authorization_server] } : {},
-    // Go from array to map but keep v11 structure
-    credential_configurations_supported: Object.fromEntries(
-      credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0)
-    )
-  };
-}).pipe(
-  import_zod13.default.object({
-    // Update from v11 structure to v14 structure
-    credential_configurations_supported: import_zod13.default.record(import_zod13.default.string(), zCredentialConfigurationSupportedDraft11To16)
-  }).passthrough()
-).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
-var zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
-  ...issuerMetadata,
-  ...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
-  credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
-    ...value,
-    id
-  }))
-})).pipe(
-  zCredentialIssuerMetadataDraft14Draft15Draft16.extend({
-    credentials_supported: import_zod13.default.array(zCredentialConfigurationSupportedDraft16To11)
-  })
-);
-var zCredentialIssuerMetadata = import_zod13.default.union([
-  // First prioritize draft 16/15/14 (and 13)
-  zCredentialIssuerMetadataDraft14Draft15Draft16,
-  // Then try parsing draft 11 and transform into draft 16
-  zCredentialIssuerMetadataDraft11To16
-]);
-var zCredentialIssuerMetadataWithDraftVersion = import_zod13.default.union([
-  zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
-    const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
-    const isDraft15 = credentialConfigurations.some((configuration) => {
-      const knownConfiguration = configuration;
-      if (knownConfiguration.format === zSdJwtDcFormatIdentifier.value) return true;
-      if (Array.isArray(knownConfiguration.claims)) return true;
-      if (Object.values(knownConfiguration.proof_types_supported ?? {}).some(
-        (proofType) => proofType.key_attestations_required !== void 0
-      ))
-        return true;
-      return false;
-    });
-    const isDraft16 = credentialConfigurations.some((configuration) => {
-      return configuration.credential_metadata;
-    });
-    return {
-      credentialIssuerMetadata,
-      originalDraftVersion: isDraft16 ? "Draft16" /* Draft16 */ : isDraft15 ? "Draft15" /* Draft15 */ : "Draft14" /* Draft14 */
-    };
-  }),
-  // Then try parsing draft 11 and transform into draft 14
-  zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
-    credentialIssuerMetadata,
-    originalDraftVersion: "Draft11" /* Draft11 */
-  }))
-]);
+const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
+	...credential_metadata,
+	...rest
+})).and(zod.default.object({ id: zod.default.string() }).passthrough()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
+	...rest,
+	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
+	...display ? { display: display.map(({ logo, background_image,...displayRest }) => {
+		const { uri: logoUri,...logoRest } = logo ?? {};
+		const { uri: backgroundImageUri,...backgroundImageRest } = background_image ?? {};
+		return {
+			...displayRest,
+			...logoUri ? { logo: {
+				url: logoUri,
+				...logoRest
+			} } : {},
+			...backgroundImageUri ? { logo: {
+				url: backgroundImageUri,
+				...backgroundImageRest
+			} } : {}
+		};
+	}) } : {},
+	id
+})).pipe(zod.default.union([
+	zLdpVcCredentialIssuerMetadataDraft14To11,
+	zJwtVcJsonCredentialIssuerMetadataDraft14To11,
+	zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
+	zod.default.object({ format: zod.default.string().refine((input) => ![
+		zLdpVcFormatIdentifier.value,
+		zJwtVcJsonFormatIdentifier.value,
+		zJwtVcJsonLdFormatIdentifier.value
+	].includes(input)) }).passthrough()
+]));
+const zCredentialIssuerMetadataDraft11To16 = zod.default.object({
+	authorization_server: zod.default.string().optional(),
+	credentials_supported: zod.default.array(zod.default.object({ id: zod.default.string().optional() }).passthrough())
+}).passthrough().transform(({ authorization_server, credentials_supported,...rest }) => {
+	return {
+		...rest,
+		...authorization_server ? { authorization_servers: [authorization_server] } : {},
+		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
+	};
+}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).passthrough()).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
+const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
+	...issuerMetadata,
+	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
+	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
+		...value,
+		id
+	}))
+})).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedDraft16To11) }));
+const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
+	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
+	const isDraft15 = credentialConfigurations.some((configuration) => {
+		const knownConfiguration = configuration;
+		if (knownConfiguration.format === zSdJwtDcFormatIdentifier.value) return true;
+		if (Array.isArray(knownConfiguration.claims)) return true;
+		if (Object.values(knownConfiguration.proof_types_supported ?? {}).some((proofType) => proofType.key_attestations_required !== void 0)) return true;
+		return false;
+	});
+	return {
+		credentialIssuerMetadata,
+		originalDraftVersion: credentialConfigurations.some((configuration) => {
+			return configuration.credential_metadata;
+		}) ? Openid4vciDraftVersion.Draft16 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+	};
+}), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
+	credentialIssuerMetadata,
+	originalDraftVersion: Openid4vciDraftVersion.Draft11
+}))]);
 
-// src/metadata/credential-issuer/credential-issuer-metadata.ts
-var wellKnownCredentialIssuerSuffix = ".well-known/openid-credential-issuer";
+//#endregion
+//#region src/metadata/credential-issuer/credential-issuer-metadata.ts
+const wellKnownCredentialIssuerSuffix = ".well-known/openid-credential-issuer";
+/**
+* @inheritdoc {@link fetchWellKnownMetadata}
+*/
 async function fetchCredentialIssuerMetadata(credentialIssuer, fetch) {
-  const wellKnownMetadataUrl = (0, import_utils5.joinUriParts)(credentialIssuer, [wellKnownCredentialIssuerSuffix]);
-  const result = await (0, import_oauth25.fetchWellKnownMetadata)(wellKnownMetadataUrl, zCredentialIssuerMetadataWithDraftVersion, fetch);
-  if (result && result.credentialIssuerMetadata.credential_issuer !== credentialIssuer) {
-    throw new import_oauth25.Oauth2Error(
-      `The 'credential_issuer' parameter '${result.credentialIssuerMetadata.credential_issuer}' in the well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`
-    );
-  }
-  return result;
+	const wellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(credentialIssuer, [wellKnownCredentialIssuerSuffix]);
+	const result = await (0, __openid4vc_oauth2.fetchWellKnownMetadata)(wellKnownMetadataUrl, zCredentialIssuerMetadataWithDraftVersion, fetch);
+	if (result && result.credentialIssuerMetadata.credential_issuer !== credentialIssuer) throw new __openid4vc_oauth2.Oauth2Error(`The 'credential_issuer' parameter '${result.credentialIssuerMetadata.credential_issuer}' in the well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`);
+	return result;
 }
+/**
+* Extract credential configuration supported entries where the `format` is known to this
+* library. Should be ran only after verifying the credential issuer metadata structure, so
+* we can be certain that if the `format` matches the other format specific requirements are also met.
+*
+* Validation is done when resolving issuer metadata, or when calling `createIssuerMetadata`.
+*/
 function extractKnownCredentialConfigurationSupportedFormats(credentialConfigurationsSupported) {
-  return Object.fromEntries(
-    Object.entries(credentialConfigurationsSupported).filter(
-      (entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)
-    )
-  );
+	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)));
 }
 function getCredentialConfigurationSupportedById(credentialConfigurations, credentialConfigurationId) {
-  const configuration = credentialConfigurations[credentialConfigurationId];
-  if (!configuration) {
-    throw new import_oauth25.Oauth2Error(
-      `Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`
-    );
-  }
-  return configuration;
+	const configuration = credentialConfigurations[credentialConfigurationId];
+	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
+	return configuration;
 }
 
-// src/credential-request/credential-request-configurations.ts
-function getCredentialConfigurationsMatchingRequestFormat({
-  requestFormat,
-  credentialConfigurations
-}) {
-  const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
-  return Object.fromEntries(
-    Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
-      if (credentialConfiguration.format !== requestFormat.format) return false;
-      const r = requestFormat;
-      const c = credentialConfiguration;
-      if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) {
-        return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
-      }
-      if (c.format === "jwt_vc_json" && r.format === c.format) {
-        return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-      }
-      if (c.format === "vc+sd-jwt" && r.format === c.format) {
-        if (r.vct && c.vct) {
-          return r.vct === c.vct;
-        }
-        if (c.credential_definition && r.credential_definition) {
-          return (0, import_utils6.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-        }
-      }
-      if (c.format === "mso_mdoc" && r.format === c.format) {
-        return r.doctype === c.doctype;
-      }
-      return false;
-    })
-  );
+//#endregion
+//#region src/credential-request/credential-request-configurations.ts
+function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, credentialConfigurations }) {
+	const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
+	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
+		if (credentialConfiguration.format !== requestFormat.format) return false;
+		const r = requestFormat;
+		const c = credentialConfiguration;
+		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
+		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		if (c.format === "vc+sd-jwt" && r.format === c.format) {
+			if (r.vct && c.vct) return r.vct === c.vct;
+			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		}
+		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
+		return false;
+	}));
 }
 
-// src/error/Openid4vciError.ts
+//#endregion
+//#region src/error/Openid4vciError.ts
 var Openid4vciError = class extends Error {
-  constructor(message, options) {
-    const errorMessage = message ?? "Unknown error occured.";
-    const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
-    super(`${errorMessage}${causeMessage}`);
-    this.cause = options?.cause;
-  }
+	constructor(message, options) {
+		const errorMessage = message ?? "Unknown error occured.";
+		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
+		super(`${errorMessage}${causeMessage}`);
+		this.cause = options?.cause;
+	}
 };
 
-// src/error/Openid4vciRetrieveCredentialsError.ts
-var import_utils7 = require("@openid4vc/utils");
+//#endregion
+//#region src/error/Openid4vciRetrieveCredentialsError.ts
 var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
-  constructor(message, response, responseText) {
-    const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, import_utils7.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
-    super(`${message}
-${JSON.stringify(errorData, null, 2)}`);
-    this.response = response;
-  }
+	constructor(message, response, responseText) {
+		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
+		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
+		this.response = response;
+	}
 };
 
-// src/error/Openid4vciSendNotificationError.ts
+//#endregion
+//#region src/error/Openid4vciSendNotificationError.ts
 var Openid4vciSendNotificationError = class extends Openid4vciError {
-  constructor(message, response) {
-    super(message);
-    this.response = response;
-  }
+	constructor(message, response) {
+		super(message);
+		this.response = response;
+	}
 };
 
-// src/key-attestation/key-attestation.ts
-var import_oauth26 = require("@openid4vc/oauth2");
-var import_oauth27 = require("@openid4vc/oauth2");
-var import_utils8 = require("@openid4vc/utils");
+//#endregion
+//#region src/key-attestation/key-attestation.ts
 async function createKeyAttestationJwt(options) {
-  const header = (0, import_utils8.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
-    ...(0, import_oauth26.jwtHeaderFromJwtSigner)(options.signer),
-    typ: "keyattestation+jwt"
-  });
-  const payload = (0, import_utils8.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
-    iat: (0, import_utils8.dateToSeconds)(options.issuedAt),
-    exp: options.expiresAt ? (0, import_utils8.dateToSeconds)(options.expiresAt) : void 0,
-    nonce: options.nonce,
-    attested_keys: options.attestedKeys,
-    user_authentication: options.userAuthentication,
-    key_storage: options.keyStorage,
-    certification: options.certification,
-    ...options.additionalPayload
-  });
-  const { jwt } = await options.callbacks.signJwt(options.signer, { header, payload });
-  return jwt;
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		typ: "keyattestation+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
+		nonce: options.nonce,
+		attested_keys: options.attestedKeys,
+		user_authentication: options.userAuthentication,
+		key_storage: options.keyStorage,
+		certification: options.certification,
+		...options.additionalPayload
+	});
+	const { jwt } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	return jwt;
 }
 function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
-  return (0, import_oauth26.decodeJwt)({
-    jwt: keyAttestationJwt,
-    headerSchema: zKeyAttestationJwtHeader,
-    payloadSchema: zKeyAttestationJwtPayloadForUse(use)
-  });
+	return (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: keyAttestationJwt,
+		headerSchema: zKeyAttestationJwtHeader,
+		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
+	});
 }
 async function verifyKeyAttestationJwt(options) {
-  const { header, payload } = parseKeyAttestationJwt({ keyAttestationJwt: options.keyAttestationJwt, use: options.use });
-  const now = options.now?.getTime() ?? Date.now();
-  if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) {
-    throw new Openid4vciError("Nonce used for key attestation jwt expired");
-  }
-  const { signer } = await (0, import_oauth27.verifyJwt)({
-    compact: options.keyAttestationJwt,
-    header,
-    payload,
-    signer: (0, import_oauth27.jwtSignerFromJwt)({ header, payload }),
-    verifyJwtCallback: options.callbacks.verifyJwt,
-    errorMessage: "Error verifiying key attestation jwt",
-    expectedNonce: options.expectedNonce,
-    now: options.now
-  });
-  return {
-    header,
-    payload,
-    signer
-  };
+	const { header, payload } = parseKeyAttestationJwt({
+		keyAttestationJwt: options.keyAttestationJwt,
+		use: options.use
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.keyAttestationJwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying key attestation jwt",
+		expectedNonce: options.expectedNonce,
+		now: options.now
+	});
+	return {
+		header,
+		payload,
+		signer
+	};
 }
 
-// src/metadata/credential-issuer/credential-configurations.ts
-var import_oauth28 = require("@openid4vc/oauth2");
-var import_utils9 = require("@openid4vc/utils");
+//#endregion
+//#region src/metadata/credential-issuer/credential-configurations.ts
 function extractScopesForCredentialConfigurationIds(options) {
-  const scopes = /* @__PURE__ */ new Set();
-  for (const credentialConfigurationId of options.credentialConfigurationIds) {
-    const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-    if (!credentialConfiguration) {
-      throw new import_oauth28.Oauth2Error(
-        `Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-      );
-    }
-    const scope = credentialConfiguration.scope;
-    if (scope) scopes.add(scope);
-    else if (!scope && options.throwOnConfigurationWithoutScope) {
-      throw new import_oauth28.Oauth2Error(
-        `Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`
-      );
-    }
-  }
-  return scopes.size > 0 ? Array.from(scopes) : void 0;
+	const scopes = /* @__PURE__ */ new Set();
+	for (const credentialConfigurationId of options.credentialConfigurationIds) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		const scope = credentialConfiguration.scope;
+		if (scope) scopes.add(scope);
+		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
+	}
+	return scopes.size > 0 ? Array.from(scopes) : void 0;
 }
+/**
+* Transforms draft 11 credentials supported syntax to credential configurations supported
+*
+* @throws if a credentials supported entry without id is passed
+* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+*/
 function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
-  const credentialConfigurationsSupported = {};
-  for (let index = 0; index < credentialsSupported.length; index++) {
-    const credentialSupported = credentialsSupported[index];
-    if (!credentialSupported.id) {
-      throw new Openid4vciError(
-        `Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`
-      );
-    }
-    const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
-    if (!parseResult.success) {
-      throw new import_utils9.ValidationError(
-        `Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`,
-        parseResult.error
-      );
-    }
-    credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
-  }
-  return credentialConfigurationsSupported;
+	const credentialConfigurationsSupported = {};
+	for (let index = 0; index < credentialsSupported.length; index++) {
+		const credentialSupported = credentialsSupported[index];
+		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
+		const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
+		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
+		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
+	}
+	return credentialConfigurationsSupported;
 }
 
-// src/Openid4vciClient.ts
-var import_oauth219 = require("@openid4vc/oauth2");
-
-// src/credential-request/format-payload.ts
-var import_utils10 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
-  const credentialConfiguration = getCredentialConfigurationSupportedById(
-    options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-    options.credentialConfigurationId
-  );
-  if ((0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, import_utils10.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      vct: credentialConfiguration.vct
-    };
-  }
-  if ((0, import_utils10.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      doctype: credentialConfiguration.doctype
-    };
-  }
-  if ((0, import_utils10.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zLdpVcCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        "@context": credentialConfiguration.credential_definition["@context"],
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zJwtVcJsonLdCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        "@context": credentialConfiguration.credential_definition["@context"],
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration) || (0, import_utils10.zIs)(zJwtVcJsonCredentialIssuerMetadataDraft14, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  if ((0, import_utils10.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) {
-    throw new Openid4vciError(
-      `Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`
-    );
-  }
-  if ((0, import_utils10.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) {
-    return {
-      format: credentialConfiguration.format,
-      credential_definition: {
-        type: credentialConfiguration.credential_definition.type
-      }
-    };
-  }
-  throw new Openid4vciError(
-    `Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-  );
+	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		vct: credentialConfiguration.vct
+	};
+	if ((0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		doctype: credentialConfiguration.doctype
+	};
+	if ((0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: {
+			"@context": credentialConfiguration.credential_definition["@context"],
+			type: credentialConfiguration.credential_definition.type
+		}
+	};
+	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: {
+			"@context": credentialConfiguration.credential_definition["@context"],
+			type: credentialConfiguration.credential_definition.type
+		}
+	};
+	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: { type: credentialConfiguration.credential_definition.type }
+	};
+	if ((0, __openid4vc_utils.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) throw new Openid4vciError(`Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`);
+	if ((0, __openid4vc_utils.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) return {
+		format: credentialConfiguration.format,
+		credential_definition: { type: credentialConfiguration.credential_definition.type }
+	};
+	throw new Openid4vciError(`Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
 }
 
-// src/credential-request/retrieve-credentials.ts
-var import_oauth213 = require("@openid4vc/oauth2");
-var import_utils12 = require("@openid4vc/utils");
-
-// src/credential-request/z-credential-request.ts
-var import_oauth212 = require("@openid4vc/oauth2");
-var import_zod17 = __toESM(require("zod"));
-
-// src/credential-request/z-credential-request-common.ts
-var import_oauth211 = require("@openid4vc/oauth2");
-var import_zod16 = __toESM(require("zod"));
-
-// src/formats/proof-type/jwt/z-jwt-proof-type.ts
-var import_oauth29 = require("@openid4vc/oauth2");
-var import_utils11 = require("@openid4vc/utils");
-var import_zod14 = __toESM(require("zod"));
-var zJwtProofTypeIdentifier = import_zod14.default.literal("jwt");
-var jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
-var zCredentialRequestProofJwt = import_zod14.default.object({
-  proof_type: zJwtProofTypeIdentifier,
-  jwt: import_oauth29.zCompactJwt
+//#endregion
+//#region src/formats/proof-type/attestation/z-attestation-proof-type.ts
+const zAttestationProofTypeIdentifier = zod.default.literal("attestation");
+const attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
+const zCredentialRequestProofAttestation = zod.default.object({
+	proof_type: zAttestationProofTypeIdentifier,
+	attestation: __openid4vc_oauth2.zCompactJwt
 });
-var zCredentialRequestJwtProofTypeHeader = import_oauth29.zJwtHeader.merge(
-  import_zod14.default.object({
-    key_attestation: import_zod14.default.optional(import_oauth29.zCompactJwt),
-    typ: import_zod14.default.literal("openid4vci-proof+jwt")
-  })
-).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, {
-  message: `Both 'jwk' and 'kid' are defined. Only one is allowed`
-}).refine(({ trust_chain, kid }) => !trust_chain || !kid, {
-  message: `When 'trust_chain' is provided, 'kid' is required`
-});
-var zCredentialRequestJwtProofTypePayload = import_zod14.default.object({
-  ...import_oauth29.zJwtPayload.shape,
-  aud: import_utils11.zHttpsUrl,
-  iat: import_utils11.zInteger
-}).passthrough();
+const zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
 
-// src/formats/proof-type/attestation/z-attestation-proof-type.ts
-var import_oauth210 = require("@openid4vc/oauth2");
-var import_zod15 = __toESM(require("zod"));
-var zAttestationProofTypeIdentifier = import_zod15.default.literal("attestation");
-var attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
-var zCredentialRequestProofAttestation = import_zod15.default.object({
-  proof_type: zAttestationProofTypeIdentifier,
-  attestation: import_oauth210.zCompactJwt
+//#endregion
+//#region src/formats/proof-type/jwt/z-jwt-proof-type.ts
+const zJwtProofTypeIdentifier = zod.default.literal("jwt");
+const jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
+const zCredentialRequestProofJwt = zod.default.object({
+	proof_type: zJwtProofTypeIdentifier,
+	jwt: __openid4vc_oauth2.zCompactJwt
 });
-var zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
-
-// src/credential-request/z-credential-request-common.ts
-var zCredentialRequestProofCommon = import_zod16.default.object({
-  proof_type: import_zod16.default.string()
+const zCredentialRequestJwtProofTypeHeader = __openid4vc_oauth2.zJwtHeader.merge(zod.default.object({
+	key_attestation: zod.default.optional(__openid4vc_oauth2.zCompactJwt),
+	typ: zod.default.literal("openid4vci-proof+jwt")
+})).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+const zCredentialRequestJwtProofTypePayload = zod.default.object({
+	...__openid4vc_oauth2.zJwtPayload.shape,
+	aud: __openid4vc_utils.zHttpsUrl,
+	iat: __openid4vc_utils.zInteger
 }).passthrough();
-var allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
-var zCredentialRequestProof = import_zod16.default.union([
-  zCredentialRequestProofCommon,
-  import_zod16.default.discriminatedUnion("proof_type", allCredentialRequestProofs)
-]);
-var zCredentialRequestProofsCommon = import_zod16.default.record(import_zod16.default.string(), import_zod16.default.array(import_zod16.default.unknown()));
-var zCredentialRequestProofs = import_zod16.default.object({
-  [zJwtProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofJwt.shape.jwt)),
-  [zAttestationProofTypeIdentifier.value]: import_zod16.default.optional(import_zod16.default.array(zCredentialRequestProofAttestation.shape.attestation))
-});
-var zCredentialRequestCommon = import_zod16.default.object({
-  proof: zCredentialRequestProof.optional(),
-  proofs: import_zod16.default.optional(
-    import_zod16.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, {
-      message: `The 'proofs' object in a credential request should contain exactly one attribute`
-    })
-  ),
-  credential_response_encryption: import_zod16.default.object({
-    jwk: import_oauth211.zJwk,
-    alg: import_zod16.default.string(),
-    enc: import_zod16.default.string()
-  }).passthrough().optional()
-}).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), {
-  message: `Both 'proof' and 'proofs' are defined. Only one is allowed`
+
+//#endregion
+//#region src/credential-request/z-credential-request-common.ts
+const zCredentialRequestProofCommon = zod.default.object({ proof_type: zod.default.string() }).passthrough();
+const allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
+const zCredentialRequestProof = zod.default.union([zCredentialRequestProofCommon, zod.default.discriminatedUnion("proof_type", allCredentialRequestProofs)]);
+const zCredentialRequestProofsCommon = zod.default.record(zod.default.string(), zod.default.array(zod.default.unknown()));
+const zCredentialRequestProofs = zod.default.object({
+	[zJwtProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofJwt.shape.jwt)),
+	[zAttestationProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofAttestation.shape.attestation))
 });
+const zCredentialRequestCommon = zod.default.object({
+	proof: zCredentialRequestProof.optional(),
+	proofs: zod.default.optional(zod.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, { message: `The 'proofs' object in a credential request should contain exactly one attribute` })),
+	credential_response_encryption: zod.default.object({
+		jwk: __openid4vc_oauth2.zJwk,
+		alg: zod.default.string(),
+		enc: zod.default.string()
+	}).passthrough().optional()
+}).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), { message: `Both 'proof' and 'proofs' are defined. Only one is allowed` });
 
-// src/credential-request/z-credential-request.ts
-var allCredentialRequestFormats = [
-  zSdJwtW3VcCredentialRequestFormatDraft14,
-  zMsoMdocCredentialRequestFormatDraft14,
-  zLdpVcCredentialRequestFormatDraft14,
-  zJwtVcJsonLdCredentialRequestFormatDraft14,
-  zJwtVcJsonCredentialRequestFormatDraft14,
-  zLegacySdJwtVcCredentialRequestFormatDraft14
+//#endregion
+//#region src/credential-request/z-credential-request.ts
+const allCredentialRequestFormats = [
+	zSdJwtW3VcCredentialRequestFormatDraft14,
+	zMsoMdocCredentialRequestFormatDraft14,
+	zLdpVcCredentialRequestFormatDraft14,
+	zJwtVcJsonLdCredentialRequestFormatDraft14,
+	zJwtVcJsonCredentialRequestFormatDraft14,
+	zLegacySdJwtVcCredentialRequestFormatDraft14
 ];
-var allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map(
-  (format) => format.shape.format.value
-);
-var zCredentialRequestCredentialConfigurationId = import_zod17.default.object({
-  credential_configuration_id: import_zod17.default.string(),
-  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
-  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
+const allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map((format) => format.shape.format.value);
+const zCredentialRequestCredentialConfigurationId = zod.default.object({
+	credential_configuration_id: zod.default.string(),
+	format: zod.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
+	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
 });
-var zAuthorizationDetailsCredentialRequest = import_zod17.default.object({
-  credential_identifier: import_zod17.default.string(),
-  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
-  // Cannot be present if credential identifier is present
-  format: import_zod17.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
+const zAuthorizationDetailsCredentialRequest = zod.default.object({
+	credential_identifier: zod.default.string(),
+	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
+	format: zod.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
 });
-var zCredentialRequestFormat = import_zod17.default.object({
-  format: import_zod17.default.string(),
-  credential_identifier: import_zod17.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
-  credential_configuration_id: import_zod17.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
+const zCredentialRequestFormat = zod.default.object({
+	format: zod.default.string(),
+	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
+	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
 }).passthrough();
-var zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-  if (!allCredentialRequestFormatIdentifiers.includes(
-    data.format
-  ))
-    return data;
-  const result = import_zod17.default.object({}).passthrough().and(import_zod17.default.union(allCredentialRequestFormats)).safeParse(data);
-  if (result.success) {
-    return result.data;
-  }
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
+	if (!allCredentialRequestFormatIdentifiers.includes(data.format)) return data;
+	const result = zod.default.object({}).passthrough().and(zod.default.union(allCredentialRequestFormats)).safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialRequestDraft15 = import_zod17.default.union([
-  zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest),
-  zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)
-]);
-var zCredentialRequestDraft14 = import_zod17.default.union([
-  zCredentialRequestDraft14WithFormat,
-  zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)
-]);
-var zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft11To14,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft11To14,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft11To14
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft15 = zod.default.union([zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest), zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)]);
+const zCredentialRequestDraft14 = zod.default.union([zCredentialRequestDraft14WithFormat, zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)]);
+const zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft11To14,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft11To14,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft11To14
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 }).pipe(zCredentialRequestDraft14);
-var zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine(
-  (data) => data.credential_identifier === void 0,
-  `'credential_identifier' is not supported in OpenID4VCI draft 11`
-).transform((data, ctx) => {
-  const formatSpecificTransformations = {
-    [zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
-    [zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
-    [zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft14To11
-  };
-  if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-  const schema = formatSpecificTransformations[data.format];
-  const result = schema.safeParse(data);
-  if (result.success) return result.data;
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue);
-  }
-  return import_zod17.default.NEVER;
+const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine((data) => data.credential_identifier === void 0, `'credential_identifier' is not supported in OpenID4VCI draft 11`).transform((data, ctx) => {
+	const formatSpecificTransformations = {
+		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
+		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
+		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft14To11
+	};
+	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
+	const result = formatSpecificTransformations[data.format].safeParse(data);
+	if (result.success) return result.data;
+	for (const issue of result.error.issues) ctx.addIssue(issue);
+	return zod.default.NEVER;
 });
-var zCredentialRequest = import_zod17.default.union([
-  zCredentialRequestDraft15,
-  zCredentialRequestDraft14,
-  zCredentialRequestDraft11To14
+const zCredentialRequest = zod.default.union([
+	zCredentialRequestDraft15,
+	zCredentialRequestDraft14,
+	zCredentialRequestDraft11To14
 ]);
-var zDeferredCredentialRequest = import_zod17.default.object({
-  transaction_id: import_zod17.default.string().nonempty(),
-  credential_response_encryption: import_zod17.default.object({
-    jwk: import_oauth212.zJwk,
-    alg: import_zod17.default.string(),
-    enc: import_zod17.default.string()
-  }).passthrough().optional()
+const zDeferredCredentialRequest = zod.default.object({
+	transaction_id: zod.default.string().nonempty(),
+	credential_response_encryption: zod.default.object({
+		jwk: __openid4vc_oauth2.zJwk,
+		alg: zod.default.string(),
+		enc: zod.default.string()
+	}).passthrough().optional()
 });
 
-// src/credential-request/z-credential-response.ts
-var import_zod19 = __toESM(require("zod"));
-
-// ../oauth2/src/common/z-oauth2-error.ts
-var import_zod18 = __toESM(require("zod"));
-var Oauth2ErrorCodes = /* @__PURE__ */ ((Oauth2ErrorCodes4) => {
-  Oauth2ErrorCodes4["ServerError"] = "server_error";
-  Oauth2ErrorCodes4["InvalidTarget"] = "invalid_target";
-  Oauth2ErrorCodes4["InvalidRequest"] = "invalid_request";
-  Oauth2ErrorCodes4["InvalidToken"] = "invalid_token";
-  Oauth2ErrorCodes4["InsufficientScope"] = "insufficient_scope";
-  Oauth2ErrorCodes4["InvalidGrant"] = "invalid_grant";
-  Oauth2ErrorCodes4["InvalidClient"] = "invalid_client";
-  Oauth2ErrorCodes4["UnauthorizedClient"] = "unauthorized_client";
-  Oauth2ErrorCodes4["UnsupportedGrantType"] = "unsupported_grant_type";
-  Oauth2ErrorCodes4["InvalidScope"] = "invalid_scope";
-  Oauth2ErrorCodes4["InvalidDpopProof"] = "invalid_dpop_proof";
-  Oauth2ErrorCodes4["UseDpopNonce"] = "use_dpop_nonce";
-  Oauth2ErrorCodes4["RedirectToWeb"] = "redirect_to_web";
-  Oauth2ErrorCodes4["InvalidSession"] = "invalid_session";
-  Oauth2ErrorCodes4["InsufficientAuthorization"] = "insufficient_authorization";
-  Oauth2ErrorCodes4["InvalidCredentialRequest"] = "invalid_credential_request";
-  Oauth2ErrorCodes4["CredentialRequestDenied"] = "credential_request_denied";
-  Oauth2ErrorCodes4["InvalidProof"] = "invalid_proof";
-  Oauth2ErrorCodes4["InvalidNonce"] = "invalid_nonce";
-  Oauth2ErrorCodes4["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
-  Oauth2ErrorCodes4["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
-  Oauth2ErrorCodes4["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
-  Oauth2ErrorCodes4["InvalidTransactionId"] = "invalid_transaction_id";
-  Oauth2ErrorCodes4["UnsupportedCredentialType"] = "unsupported_credential_type";
-  Oauth2ErrorCodes4["UnsupportedCredentialFormat"] = "unsupported_credential_format";
-  Oauth2ErrorCodes4["InvalidRequestUri"] = "invalid_request_uri";
-  Oauth2ErrorCodes4["InvalidRequestObject"] = "invalid_request_object";
-  Oauth2ErrorCodes4["RequestNotSupported"] = "request_not_supported";
-  Oauth2ErrorCodes4["RequestUriNotSupported"] = "request_uri_not_supported";
-  Oauth2ErrorCodes4["VpFormatsNotSupported"] = "vp_formats_not_supported";
-  Oauth2ErrorCodes4["AccessDenied"] = "access_denied";
-  Oauth2ErrorCodes4["InvalidPresentationDefinitionUri"] = "invalid_presentation_definition_uri";
-  Oauth2ErrorCodes4["InvalidPresentationDefinitionReference"] = "invalid_presentation_definition_reference";
-  Oauth2ErrorCodes4["InvalidRequestUriMethod"] = "invalid_request_uri_method";
-  Oauth2ErrorCodes4["InvalidTransactionData"] = "invalid_transaction_data";
-  Oauth2ErrorCodes4["WalletUnavailable"] = "wallet_unavailable";
-  return Oauth2ErrorCodes4;
-})(Oauth2ErrorCodes || {});
-var zOauth2ErrorResponse = import_zod18.default.object({
-  error: import_zod18.default.union([import_zod18.default.nativeEnum(Oauth2ErrorCodes), import_zod18.default.string()]),
-  error_description: import_zod18.default.string().optional(),
-  error_uri: import_zod18.default.string().optional()
+//#endregion
+//#region ../oauth2/src/common/z-oauth2-error.ts
+let Oauth2ErrorCodes$2 = /* @__PURE__ */ function(Oauth2ErrorCodes$3) {
+	Oauth2ErrorCodes$3["ServerError"] = "server_error";
+	Oauth2ErrorCodes$3["InvalidTarget"] = "invalid_target";
+	Oauth2ErrorCodes$3["InvalidRequest"] = "invalid_request";
+	Oauth2ErrorCodes$3["InvalidToken"] = "invalid_token";
+	Oauth2ErrorCodes$3["InsufficientScope"] = "insufficient_scope";
+	Oauth2ErrorCodes$3["InvalidGrant"] = "invalid_grant";
+	Oauth2ErrorCodes$3["InvalidClient"] = "invalid_client";
+	Oauth2ErrorCodes$3["UnauthorizedClient"] = "unauthorized_client";
+	Oauth2ErrorCodes$3["UnsupportedGrantType"] = "unsupported_grant_type";
+	Oauth2ErrorCodes$3["InvalidScope"] = "invalid_scope";
+	Oauth2ErrorCodes$3["InvalidDpopProof"] = "invalid_dpop_proof";
+	Oauth2ErrorCodes$3["UseDpopNonce"] = "use_dpop_nonce";
+	Oauth2ErrorCodes$3["RedirectToWeb"] = "redirect_to_web";
+	Oauth2ErrorCodes$3["InvalidSession"] = "invalid_session";
+	Oauth2ErrorCodes$3["InsufficientAuthorization"] = "insufficient_authorization";
+	Oauth2ErrorCodes$3["InvalidCredentialRequest"] = "invalid_credential_request";
+	Oauth2ErrorCodes$3["CredentialRequestDenied"] = "credential_request_denied";
+	Oauth2ErrorCodes$3["InvalidProof"] = "invalid_proof";
+	Oauth2ErrorCodes$3["InvalidNonce"] = "invalid_nonce";
+	Oauth2ErrorCodes$3["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
+	Oauth2ErrorCodes$3["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
+	Oauth2ErrorCodes$3["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
+	Oauth2ErrorCodes$3["InvalidTransactionId"] = "invalid_transaction_id";
+	Oauth2ErrorCodes$3["UnsupportedCredentialType"] = "unsupported_credential_type";
+	Oauth2ErrorCodes$3["UnsupportedCredentialFormat"] = "unsupported_credential_format";
+	Oauth2ErrorCodes$3["InvalidRequestUri"] = "invalid_request_uri";
+	Oauth2ErrorCodes$3["InvalidRequestObject"] = "invalid_request_object";
+	Oauth2ErrorCodes$3["RequestNotSupported"] = "request_not_supported";
+	Oauth2ErrorCodes$3["RequestUriNotSupported"] = "request_uri_not_supported";
+	Oauth2ErrorCodes$3["VpFormatsNotSupported"] = "vp_formats_not_supported";
+	Oauth2ErrorCodes$3["AccessDenied"] = "access_denied";
+	Oauth2ErrorCodes$3["InvalidPresentationDefinitionUri"] = "invalid_presentation_definition_uri";
+	Oauth2ErrorCodes$3["InvalidPresentationDefinitionReference"] = "invalid_presentation_definition_reference";
+	Oauth2ErrorCodes$3["InvalidRequestUriMethod"] = "invalid_request_uri_method";
+	Oauth2ErrorCodes$3["InvalidTransactionData"] = "invalid_transaction_data";
+	Oauth2ErrorCodes$3["WalletUnavailable"] = "wallet_unavailable";
+	return Oauth2ErrorCodes$3;
+}({});
+const zOauth2ErrorResponse = zod.default.object({
+	error: zod.default.union([zod.default.nativeEnum(Oauth2ErrorCodes$2), zod.default.string()]),
+	error_description: zod.default.string().optional(),
+	error_uri: zod.default.string().optional()
 }).passthrough();
 
-// src/credential-request/z-credential-response.ts
-var zCredentialEncoding = import_zod19.default.union([import_zod19.default.string(), import_zod19.default.record(import_zod19.default.string(), import_zod19.default.any())]);
-var zBaseCredentialResponse = import_zod19.default.object({
-  credentials: import_zod19.default.union([
-    // Draft >= 15
-    import_zod19.default.array(import_zod19.default.object({ credential: zCredentialEncoding })),
-    // Draft < 15
-    import_zod19.default.array(zCredentialEncoding)
-  ]).optional(),
-  interval: import_zod19.default.number().int().positive().optional(),
-  notification_id: import_zod19.default.string().optional()
+//#endregion
+//#region src/credential-request/z-credential-response.ts
+const zCredentialEncoding = zod.default.union([zod.default.string(), zod.default.record(zod.default.string(), zod.default.any())]);
+const zBaseCredentialResponse = zod.default.object({
+	credentials: zod.default.union([zod.default.array(zod.default.object({ credential: zCredentialEncoding })), zod.default.array(zCredentialEncoding)]).optional(),
+	interval: zod.default.number().int().positive().optional(),
+	notification_id: zod.default.string().optional()
 }).passthrough();
-var zCredentialResponse = zBaseCredentialResponse.extend({
-  credential: import_zod19.default.optional(zCredentialEncoding),
-  transaction_id: import_zod19.default.string().optional(),
-  c_nonce: import_zod19.default.string().optional(),
-  c_nonce_expires_in: import_zod19.default.number().int().optional()
+const zCredentialResponse = zBaseCredentialResponse.extend({
+	credential: zod.default.optional(zCredentialEncoding),
+	transaction_id: zod.default.string().optional(),
+	c_nonce: zod.default.string().optional(),
+	c_nonce_expires_in: zod.default.number().int().optional()
 }).passthrough().superRefine((value, ctx) => {
-  const { credential, credentials, transaction_id, interval, notification_id } = value;
-  if ([credential, credentials, transaction_id].filter((i) => i !== void 0).length !== 1) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
-    });
-  }
-  if (transaction_id && !interval) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `'interval' MUST be defined when 'transaction_id' is defined.`
-    });
-  }
-  if (notification_id && !(credentials || credential)) {
-    ctx.addIssue({
-      code: import_zod19.default.ZodIssueCode.custom,
-      message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
-    });
-  }
+	const { credential, credentials, transaction_id, interval, notification_id } = value;
+	if ([
+		credential,
+		credentials,
+		transaction_id
+	].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
+	});
+	if (transaction_id && !interval) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `'interval' MUST be defined when 'transaction_id' is defined.`
+	});
+	if (notification_id && !(credentials || credential)) ctx.addIssue({
+		code: zod.default.ZodIssueCode.custom,
+		message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
+	});
 });
-var zCredentialErrorResponse = import_zod19.default.object({
-  ...zOauth2ErrorResponse.shape,
-  c_nonce: import_zod19.default.string().optional(),
-  c_nonce_expires_in: import_zod19.default.number().int().optional()
+const zCredentialErrorResponse = zod.default.object({
+	...zOauth2ErrorResponse.shape,
+	c_nonce: zod.default.string().optional(),
+	c_nonce_expires_in: zod.default.number().int().optional()
 }).passthrough();
-var zDeferredCredentialResponse = zBaseCredentialResponse.refine(
-  (value) => {
-    const { credentials, interval } = value;
-    return [credentials, interval].filter((i) => i !== void 0).length === 1;
-  },
-  {
-    message: `Exactly one of 'credentials' or 'interval' MUST be defined.`
-  }
-);
+const zDeferredCredentialResponse = zBaseCredentialResponse.refine((value) => {
+	const { credentials, interval } = value;
+	return [credentials, interval].filter((i) => i !== void 0).length === 1;
+}, { message: `Exactly one of 'credentials' or 'interval' MUST be defined.` });
 
-// src/credential-request/retrieve-credentials.ts
+//#endregion
+//#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
-  if (options.issuerMetadata.originalDraftVersion !== "Draft15" /* Draft15 */ && options.issuerMetadata.originalDraftVersion !== "Draft16" /* Draft16 */) {
-    throw new Openid4vciError(
-      "Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request."
-    );
-  }
-  getCredentialConfigurationSupportedById(
-    options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-    options.credentialConfigurationId
-  );
-  const credentialRequest = {
-    ...options.additionalRequestPayload,
-    credential_configuration_id: options.credentialConfigurationId,
-    proof: options.proof,
-    proofs: options.proofs
-  };
-  return retrieveCredentials({
-    callbacks: options.callbacks,
-    credentialRequest,
-    issuerMetadata: options.issuerMetadata,
-    accessToken: options.accessToken,
-    dpop: options.dpop
-  });
+	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
+	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	const credentialRequest = {
+		...options.additionalRequestPayload,
+		credential_configuration_id: options.credentialConfigurationId,
+		proof: options.proof,
+		proofs: options.proofs
+	};
+	return retrieveCredentials({
+		callbacks: options.callbacks,
+		credentialRequest,
+		issuerMetadata: options.issuerMetadata,
+		accessToken: options.accessToken,
+		dpop: options.dpop
+	});
 }
 async function retrieveCredentialsWithFormat(options) {
-  if (options.issuerMetadata.originalDraftVersion === "Draft15" /* Draft15 */ || options.issuerMetadata.originalDraftVersion === "Draft16" /* Draft16 */) {
-    throw new Openid4vciError(
-      "Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request."
-    );
-  }
-  const credentialRequest = {
-    ...options.formatPayload,
-    ...options.additionalRequestPayload,
-    proof: options.proof,
-    proofs: options.proofs
-  };
-  return retrieveCredentials({
-    callbacks: options.callbacks,
-    credentialRequest,
-    issuerMetadata: options.issuerMetadata,
-    accessToken: options.accessToken,
-    dpop: options.dpop
-  });
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request.");
+	const credentialRequest = {
+		...options.formatPayload,
+		...options.additionalRequestPayload,
+		proof: options.proof,
+		proofs: options.proofs
+	};
+	return retrieveCredentials({
+		callbacks: options.callbacks,
+		credentialRequest,
+		issuerMetadata: options.issuerMetadata,
+		accessToken: options.accessToken,
+		dpop: options.dpop
+	});
 }
+/**
+* internal method
+*/
 async function retrieveCredentials(options) {
-  const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
-  let credentialRequest = (0, import_utils12.parseWithErrorHandling)(
-    zCredentialRequest,
-    options.credentialRequest,
-    "Error validating credential request"
-  );
-  if (credentialRequest.proofs) {
-    const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
-    if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-      throw new import_oauth213.Oauth2Error(
-        `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`
-      );
-    }
-    const proofs = Object.values(credentialRequest.proofs)[0];
-    if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) {
-      throw new import_oauth213.Oauth2Error(
-        `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`
-      );
-    }
-  }
-  if (options.issuerMetadata.originalDraftVersion === "Draft11" /* Draft11 */) {
-    credentialRequest = (0, import_utils12.parseWithErrorHandling)(
-      zCredentialRequestDraft14To11,
-      credentialRequest,
-      `Error transforming credential request from ${"Draft14" /* Draft14 */} to ${"Draft11" /* Draft11 */}`
-    );
-  }
-  const resourceResponse = await (0, import_oauth213.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: credentialEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils12.ContentType.Json
-      },
-      body: JSON.stringify(credentialRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const credentialErrorResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      credentialErrorResponseResult
-    };
-  }
-  const credentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-  if (!credentialResponseResult?.success) {
-    return {
-      ...resourceResponse,
-      ok: false,
-      credentialResponseResult
-    };
-  }
-  return {
-    ...resourceResponse,
-    credentialResponse: credentialResponseResult.data
-  };
+	const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
+	let credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
+	if (credentialRequest.proofs) {
+		const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
+		if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`);
+		const proofs = Object.values(credentialRequest.proofs)[0];
+		if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`);
+	}
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestDraft14To11, credentialRequest, `Error transforming credential request from ${Openid4vciDraftVersion.Draft14} to ${Openid4vciDraftVersion.Draft11}`);
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: credentialEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(credentialRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const credentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			credentialErrorResponseResult
+		};
+	}
+	const credentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	if (!credentialResponseResult?.success) return {
+		...resourceResponse,
+		ok: false,
+		credentialResponseResult
+	};
+	return {
+		...resourceResponse,
+		credentialResponse: credentialResponseResult.data
+	};
 }
 async function retrieveDeferredCredentials(options) {
-  const credentialEndpoint = options.issuerMetadata.credentialIssuer.deferred_credential_endpoint;
-  if (!credentialEndpoint) {
-    throw new Openid4vciError(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support deferred credential retrieval.`
-    );
-  }
-  const deferredCredentialRequest = (0, import_utils12.parseWithErrorHandling)(
-    zDeferredCredentialRequest,
-    {
-      transaction_id: options.transactionId,
-      ...options.additionalRequestPayload
-    },
-    "Error validating deferred credential request"
-  );
-  const resourceResponse = await (0, import_oauth213.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: credentialEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils12.ContentType.Json
-      },
-      body: JSON.stringify(deferredCredentialRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const deferredCredentialErrorResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      deferredCredentialErrorResponseResult
-    };
-  }
-  const deferredCredentialResponseResult = (0, import_utils12.isResponseContentType)(import_utils12.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-  if (!deferredCredentialResponseResult?.success) {
-    return {
-      ...resourceResponse,
-      ok: false,
-      deferredCredentialResponseResult
-    };
-  }
-  return {
-    ...resourceResponse,
-    deferredCredentialResponse: deferredCredentialResponseResult.data
-  };
+	const credentialEndpoint = options.issuerMetadata.credentialIssuer.deferred_credential_endpoint;
+	if (!credentialEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support deferred credential retrieval.`);
+	const deferredCredentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, {
+		transaction_id: options.transactionId,
+		...options.additionalRequestPayload
+	}, "Error validating deferred credential request");
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: credentialEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(deferredCredentialRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const deferredCredentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			deferredCredentialErrorResponseResult
+		};
+	}
+	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	if (!deferredCredentialResponseResult?.success) return {
+		...resourceResponse,
+		ok: false,
+		deferredCredentialResponseResult
+	};
+	return {
+		...resourceResponse,
+		deferredCredentialResponse: deferredCredentialResponseResult.data
+	};
 }
 
-// src/formats/proof-type/jwt/jwt-proof-type.ts
-var import_oauth214 = require("@openid4vc/oauth2");
-var import_oauth215 = require("@openid4vc/oauth2");
-var import_utils13 = require("@openid4vc/utils");
+//#endregion
+//#region src/formats/proof-type/jwt/jwt-proof-type.ts
 async function createCredentialRequestJwtProof(options) {
-  const header = (0, import_utils13.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
-    ...(0, import_oauth214.jwtHeaderFromJwtSigner)(options.signer),
-    key_attestation: options.keyAttestationJwt,
-    typ: "openid4vci-proof+jwt"
-  });
-  const payload = (0, import_utils13.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
-    nonce: options.nonce,
-    aud: options.credentialIssuer,
-    iat: (0, import_utils13.dateToSeconds)(options.issuedAt),
-    iss: options.clientId
-  });
-  const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, { header, payload });
-  if (options.keyAttestationJwt) {
-    const decodedKeyAttestation = (0, import_oauth214.decodeJwt)({
-      jwt: options.keyAttestationJwt,
-      headerSchema: zKeyAttestationJwtHeader,
-      payloadSchema: zKeyAttestationJwtPayload
-    });
-    const isSigedWithAttestedKey = await (0, import_oauth214.isJwkInSet)({
-      jwk: signerJwk,
-      jwks: decodedKeyAttestation.payload.attested_keys,
-      callbacks: options.callbacks
-    });
-    if (!isSigedWithAttestedKey) {
-      throw new Openid4vciError(
-        `Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`
-      );
-    }
-  }
-  return jwt;
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		key_attestation: options.keyAttestationJwt,
+		typ: "openid4vci-proof+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
+		nonce: options.nonce,
+		aud: options.credentialIssuer,
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		iss: options.clientId
+	});
+	const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	if (options.keyAttestationJwt) {
+		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
+			jwk: signerJwk,
+			jwks: (0, __openid4vc_oauth2.decodeJwt)({
+				jwt: options.keyAttestationJwt,
+				headerSchema: zKeyAttestationJwtHeader,
+				payloadSchema: zKeyAttestationJwtPayload
+			}).payload.attested_keys,
+			callbacks: options.callbacks
+		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
+	}
+	return jwt;
 }
 async function verifyCredentialRequestJwtProof(options) {
-  const { header, payload } = (0, import_oauth214.decodeJwt)({
-    jwt: options.jwt,
-    headerSchema: zCredentialRequestJwtProofTypeHeader,
-    payloadSchema: zCredentialRequestJwtProofTypePayload
-  });
-  const now = options.now?.getTime() ?? Date.now();
-  if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) {
-    throw new Openid4vciError("Nonce used for credential request proof expired");
-  }
-  const { signer } = await (0, import_oauth215.verifyJwt)({
-    compact: options.jwt,
-    header,
-    payload,
-    signer: (0, import_oauth215.jwtSignerFromJwt)({ header, payload }),
-    verifyJwtCallback: options.callbacks.verifyJwt,
-    errorMessage: "Error verifiying credential request proof jwt.",
-    expectedNonce: options.expectedNonce,
-    expectedAudience: options.credentialIssuer,
-    expectedIssuer: options.clientId,
-    now: options.now
-  });
-  let keyAttestationResult = void 0;
-  if (header.key_attestation) {
-    keyAttestationResult = await verifyKeyAttestationJwt({
-      callbacks: options.callbacks,
-      keyAttestationJwt: header.key_attestation,
-      use: "proof_type.jwt"
-    });
-    const isSigedWithAttestedKey = await (0, import_oauth214.isJwkInSet)({
-      jwk: signer.publicJwk,
-      jwks: keyAttestationResult.payload.attested_keys,
-      callbacks: options.callbacks
-    });
-    if (!isSigedWithAttestedKey) {
-      throw new Openid4vciError(
-        `Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`
-      );
-    }
-  }
-  return {
-    header,
-    payload,
-    signer,
-    keyAttestation: keyAttestationResult
-  };
+	const { header, payload } = (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: options.jwt,
+		headerSchema: zCredentialRequestJwtProofTypeHeader,
+		payloadSchema: zCredentialRequestJwtProofTypePayload
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for credential request proof expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.jwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying credential request proof jwt.",
+		expectedNonce: options.expectedNonce,
+		expectedAudience: options.credentialIssuer,
+		expectedIssuer: options.clientId,
+		now: options.now
+	});
+	let keyAttestationResult;
+	if (header.key_attestation) {
+		keyAttestationResult = await verifyKeyAttestationJwt({
+			callbacks: options.callbacks,
+			keyAttestationJwt: header.key_attestation,
+			use: "proof_type.jwt"
+		});
+		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
+			jwk: signer.publicJwk,
+			jwks: keyAttestationResult.payload.attested_keys,
+			callbacks: options.callbacks
+		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
+	}
+	return {
+		header,
+		payload,
+		signer,
+		keyAttestation: keyAttestationResult
+	};
 }
 
-// src/metadata/fetch-issuer-metadata.ts
-var import_oauth216 = require("@openid4vc/oauth2");
-var import_utils14 = require("@openid4vc/utils");
+//#endregion
+//#region src/metadata/fetch-issuer-metadata.ts
 async function resolveIssuerMetadata(credentialIssuer, options) {
-  const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
-  const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, options?.fetch);
-  if (!credentialIssuerMetadataWithDraftVersion) {
-    throw new import_oauth216.Oauth2Error(`Well known credential issuer metadata for issuer '${credentialIssuer}' not found.`);
-  }
-  const { credentialIssuerMetadata, originalDraftVersion } = credentialIssuerMetadataWithDraftVersion;
-  const authorizationServers = credentialIssuerMetadata.authorization_servers ?? [credentialIssuer];
-  const authoriationServersMetadata = [];
-  for (const authorizationServer of authorizationServers) {
-    if (options?.restrictToAuthorizationServers && !options.restrictToAuthorizationServers.includes(authorizationServer)) {
-      continue;
-    }
-    let authorizationServerMetadata = await (0, import_oauth216.fetchAuthorizationServerMetadata)(authorizationServer, options?.fetch);
-    if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) {
-      authorizationServerMetadata = (0, import_utils14.parseWithErrorHandling)(
-        import_oauth216.zAuthorizationServerMetadata,
-        {
-          token_endpoint: credentialIssuerMetadata.token_endpoint,
-          issuer: credentialIssuer
-        },
-        `Well known authorization server metadata for authorization server '${authorizationServer}' not found, and could also not extract required values from the credential issuer metadata as a fallback.`
-      );
-    }
-    if (!authorizationServerMetadata) {
-      throw new import_oauth216.Oauth2Error(
-        `Well known openid configuration or authorization server metadata for authorization server '${authorizationServer}' not found.`
-      );
-    }
-    authoriationServersMetadata.push(authorizationServerMetadata);
-  }
-  return {
-    originalDraftVersion,
-    credentialIssuer: credentialIssuerMetadata,
-    authorizationServers: authoriationServersMetadata
-  };
+	const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
+	const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, options?.fetch);
+	if (!credentialIssuerMetadataWithDraftVersion) throw new __openid4vc_oauth2.Oauth2Error(`Well known credential issuer metadata for issuer '${credentialIssuer}' not found.`);
+	const { credentialIssuerMetadata, originalDraftVersion } = credentialIssuerMetadataWithDraftVersion;
+	const authorizationServers = credentialIssuerMetadata.authorization_servers ?? [credentialIssuer];
+	const authoriationServersMetadata = [];
+	for (const authorizationServer of authorizationServers) {
+		if (options?.restrictToAuthorizationServers && !options.restrictToAuthorizationServers.includes(authorizationServer)) continue;
+		let authorizationServerMetadata = await (0, __openid4vc_oauth2.fetchAuthorizationServerMetadata)(authorizationServer, options?.fetch);
+		if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) authorizationServerMetadata = (0, __openid4vc_utils.parseWithErrorHandling)(__openid4vc_oauth2.zAuthorizationServerMetadata, {
+			token_endpoint: credentialIssuerMetadata.token_endpoint,
+			issuer: credentialIssuer
+		}, `Well known authorization server metadata for authorization server '${authorizationServer}' not found, and could also not extract required values from the credential issuer metadata as a fallback.`);
+		if (!authorizationServerMetadata) throw new __openid4vc_oauth2.Oauth2Error(`Well known openid configuration or authorization server metadata for authorization server '${authorizationServer}' not found.`);
+		authoriationServersMetadata.push(authorizationServerMetadata);
+	}
+	return {
+		originalDraftVersion,
+		credentialIssuer: credentialIssuerMetadata,
+		authorizationServers: authoriationServersMetadata
+	};
 }
 
-// src/nonce/nonce-request.ts
-var import_oauth217 = require("@openid4vc/oauth2");
-var import_utils16 = require("@openid4vc/utils");
-
-// src/nonce/z-nonce.ts
-var import_utils15 = require("@openid4vc/utils");
-var import_zod20 = __toESM(require("zod"));
-var zNonceResponse = import_zod20.default.object({
-  c_nonce: import_zod20.default.string(),
-  c_nonce_expires_in: import_zod20.default.optional(import_utils15.zInteger)
+//#endregion
+//#region src/nonce/z-nonce.ts
+const zNonceResponse = zod.default.object({
+	c_nonce: zod.default.string(),
+	c_nonce_expires_in: zod.default.optional(__openid4vc_utils.zInteger)
 }).passthrough();
 
-// src/nonce/nonce-request.ts
+//#endregion
+//#region src/nonce/nonce-request.ts
+/**
+* Request a nonce from the `nonce_endpoint`
+*
+* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
+* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
+* @throws ValidationError - if validating the nonce response failed
+*/
 async function requestNonce(options) {
-  const fetchWithZod = (0, import_utils16.createZodFetcher)(options?.fetch);
-  const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
-  if (!nonceEndpoint) {
-    throw new Openid4vciError(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`
-    );
-  }
-  const { response, result } = await fetchWithZod(zNonceResponse, import_utils16.ContentType.Json, nonceEndpoint, {
-    method: "POST"
-  });
-  if (!response.ok || !result) {
-    throw new import_oauth217.InvalidFetchResponseError(
-      `Requesting nonce from '${nonceEndpoint}' resulted in an unsuccessful response with status '${response.status}'`,
-      await response.clone().text(),
-      response
-    );
-  }
-  if (!result.success) {
-    throw new import_utils16.ValidationError("Error parsing nonce response", result.error);
-  }
-  return result.data;
+	const fetchWithZod = (0, __openid4vc_utils.createZodFetcher)(options?.fetch);
+	const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
+	if (!nonceEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`);
+	const { response, result } = await fetchWithZod(zNonceResponse, __openid4vc_utils.ContentType.Json, nonceEndpoint, { method: "POST" });
+	if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Requesting nonce from '${nonceEndpoint}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
+	if (!result.success) throw new __openid4vc_utils.ValidationError("Error parsing nonce response", result.error);
+	return result.data;
 }
 function createNonceResponse(options) {
-  return (0, import_utils16.parseWithErrorHandling)(zNonceResponse, {
-    c_nonce: options.cNonce,
-    c_nonce_expires_in: options.cNonceExpiresIn,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zNonceResponse, {
+		c_nonce: options.cNonce,
+		c_nonce_expires_in: options.cNonceExpiresIn,
+		...options.additionalPayload
+	});
 }
 
-// src/notification/notification.ts
-var import_oauth218 = require("@openid4vc/oauth2");
-var import_utils17 = require("@openid4vc/utils");
-
-// src/notification/z-notification.ts
-var import_zod21 = __toESM(require("zod"));
-var zNotificationEvent = import_zod21.default.enum(["credential_accepted", "credential_failure", "credential_deleted"]);
-var zNotificationRequest = import_zod21.default.object({
-  notification_id: import_zod21.default.string(),
-  event: zNotificationEvent,
-  event_description: import_zod21.default.optional(import_zod21.default.string())
-}).passthrough();
-var zNotificationErrorResponse = import_zod21.default.object({
-  error: import_zod21.default.enum(["invalid_notification_id", "invalid_notification_request"])
+//#endregion
+//#region src/notification/z-notification.ts
+const zNotificationEvent = zod.default.enum([
+	"credential_accepted",
+	"credential_failure",
+	"credential_deleted"
+]);
+const zNotificationRequest = zod.default.object({
+	notification_id: zod.default.string(),
+	event: zNotificationEvent,
+	event_description: zod.default.optional(zod.default.string())
 }).passthrough();
+const zNotificationErrorResponse = zod.default.object({ error: zod.default.enum(["invalid_notification_id", "invalid_notification_request"]) }).passthrough();
 
-// src/notification/notification.ts
+//#endregion
+//#region src/notification/notification.ts
 async function sendNotification(options) {
-  const notificationEndpoint = options.issuerMetadata.credentialIssuer.notification_endpoint;
-  if (!notificationEndpoint) {
-    throw new import_oauth218.Oauth2Error(
-      `Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`
-    );
-  }
-  const notificationRequest = (0, import_utils17.parseWithErrorHandling)(
-    zNotificationRequest,
-    {
-      event: options.notification.event,
-      notification_id: options.notification.notificationId,
-      event_description: options.notification.eventDescription
-    },
-    "Error validating notification request"
-  );
-  const resourceResponse = await (0, import_oauth218.resourceRequest)({
-    dpop: options.dpop,
-    accessToken: options.accessToken,
-    callbacks: options.callbacks,
-    url: notificationEndpoint,
-    requestOptions: {
-      method: "POST",
-      headers: {
-        "Content-Type": import_utils17.ContentType.Json
-      },
-      body: JSON.stringify(notificationRequest)
-    }
-  });
-  if (!resourceResponse.ok) {
-    const notificationErrorResponseResult = (0, import_utils17.isResponseContentType)(import_utils17.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-    return {
-      ...resourceResponse,
-      notificationErrorResponseResult
-    };
-  }
-  return resourceResponse;
+	const notificationEndpoint = options.issuerMetadata.credentialIssuer.notification_endpoint;
+	if (!notificationEndpoint) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`);
+	const notificationRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zNotificationRequest, {
+		event: options.notification.event,
+		notification_id: options.notification.notificationId,
+		event_description: options.notification.eventDescription
+	}, "Error validating notification request");
+	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
+		dpop: options.dpop,
+		accessToken: options.accessToken,
+		callbacks: options.callbacks,
+		url: notificationEndpoint,
+		requestOptions: {
+			method: "POST",
+			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
+			body: JSON.stringify(notificationRequest)
+		}
+	});
+	if (!resourceResponse.ok) {
+		const notificationErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+		return {
+			...resourceResponse,
+			notificationErrorResponseResult
+		};
+	}
+	return resourceResponse;
 }
 
-// src/Openid4vciClient.ts
-var AuthorizationFlow = /* @__PURE__ */ ((AuthorizationFlow2) => {
-  AuthorizationFlow2["Oauth2Redirect"] = "Oauth2Redirect";
-  AuthorizationFlow2["PresentationDuringIssuance"] = "PresentationDuringIssuance";
-  return AuthorizationFlow2;
-})(AuthorizationFlow || {});
+//#endregion
+//#region src/Openid4vciClient.ts
+let AuthorizationFlow = /* @__PURE__ */ function(AuthorizationFlow$1) {
+	AuthorizationFlow$1["Oauth2Redirect"] = "Oauth2Redirect";
+	AuthorizationFlow$1["PresentationDuringIssuance"] = "PresentationDuringIssuance";
+	return AuthorizationFlow$1;
+}({});
 var Openid4vciClient = class {
-  constructor(options) {
-    this.options = options;
-    this.oauth2Client = new import_oauth219.Oauth2Client({
-      callbacks: this.options.callbacks
-    });
-  }
-  getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-    return extractKnownCredentialConfigurationSupportedFormats(
-      credentialIssuerMetadata.credential_configurations_supported
-    );
-  }
-  /**
-   * Resolve a credential offer into a credential offer object, handling both
-   * 'credential_offer' and 'credential_offer_uri' params.
-   */
-  async resolveCredentialOffer(credentialOffer) {
-    return resolveCredentialOffer(credentialOffer, {
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  async resolveIssuerMetadata(credentialIssuer) {
-    return resolveIssuerMetadata(credentialIssuer, {
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  /**
-   * Retrieve an authorization code for a presentation during issuance session
-   *
-   * This can only be called if an authorization challenge was performed before and returned a
-   * `presentation` parameter along with an `auth_session`. If the presentation response included
-   * an `presentation_during_issuance_session` parameter it MUST be included in this request as well.
-   */
-  async retrieveAuthorizationCodeUsingPresentation(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const oauth2Client = new import_oauth219.Oauth2Client({ callbacks: this.options.callbacks });
-    const { authorizationChallengeResponse, dpop } = await oauth2Client.sendAuthorizationChallengeRequest({
-      authorizationServerMetadata,
-      authSession: options.authSession,
-      presentationDuringIssuanceSession: options.presentationDuringIssuanceSession,
-      dpop: options.dpop
-    });
-    return { authorizationChallengeResponse, dpop };
-  }
-  /**
-   * Initiates authorization for credential issuance. It handles the following cases:
-   * - Authorization Challenge
-   * - Pushed Authorization Request
-   * - Regular Authorization url
-   *
-   * In case the authorization challenge request returns an error with `insufficient_authorization`
-   * with a `presentation` field it means the authorization server expects presentation of credentials
-   * before issuance of credentials. If this is the case, the value in `presentation` should be treated
-   * as an openid4vp authorization request and submitted to the verifier. Once the presentation response
-   * has been submitted, the RP will respond with a `presentation_during_issuance_session` parameter.
-   * Together with the `auth_session` parameter returned in this call you can retrieve an `authorization_code`
-   * using
-   */
-  async initiateAuthorization(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const oauth2Client = new import_oauth219.Oauth2Client({ callbacks: this.options.callbacks });
-    try {
-      const result = await oauth2Client.initiateAuthorization({
-        clientId: options.clientId,
-        pkceCodeVerifier: options.pkceCodeVerifier,
-        redirectUri: options.redirectUri,
-        scope: options.scope,
-        additionalRequestPayload: {
-          ...options.additionalRequestPayload,
-          issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-        },
-        dpop: options.dpop,
-        resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-        authorizationServerMetadata
-      });
-      return {
-        ...result,
-        authorizationFlow: "Oauth2Redirect" /* Oauth2Redirect */,
-        authorizationServer: authorizationServerMetadata.issuer
-      };
-    } catch (error) {
-      if (error instanceof import_oauth219.Oauth2ClientAuthorizationChallengeError && error.errorResponse.error === import_oauth219.Oauth2ErrorCodes.InsufficientAuthorization && error.errorResponse.presentation) {
-        if (!error.errorResponse.auth_session) {
-          throw new Openid4vciError(
-            `Expected 'auth_session' to be defined with authorization challenge response error '${error.errorResponse.error}' and 'presentation' parameter`
-          );
-        }
-        return {
-          authorizationFlow: "PresentationDuringIssuance" /* PresentationDuringIssuance */,
-          openid4vpRequestUrl: error.errorResponse.presentation,
-          authSession: error.errorResponse.auth_session,
-          authorizationServer: authorizationServerMetadata.issuer
-        };
-      }
-      throw error;
-    }
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.createAuthorizationRequestUrl}
-   * but specifically focused on a credential offer
-   */
-  async createAuthorizationRequestUrlFromOffer(options) {
-    if (!options.credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-    }
-    const authorizationCodeGrant = options.credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      issuerMetadata: options.issuerMetadata,
-      grantAuthorizationServer: authorizationCodeGrant.authorization_server
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      options.issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const { authorizationRequestUrl, pkce, dpop } = await this.oauth2Client.createAuthorizationRequestUrl({
-      authorizationServerMetadata,
-      clientId: options.clientId,
-      additionalRequestPayload: {
-        ...options.additionalRequestPayload,
-        issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-      },
-      resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-      redirectUri: options.redirectUri,
-      scope: options.scope,
-      pkceCodeVerifier: options.pkceCodeVerifier,
-      dpop: options.dpop
-    });
-    return {
-      authorizationRequestUrl,
-      pkce,
-      dpop,
-      authorizationServer: authorizationServerMetadata.issuer
-    };
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.retrievePreAuthorizedCodeAccessToken}
-   * but specifically focused on a credential offer
-   */
-  async retrievePreAuthorizedCodeAccessTokenFromOffer({
-    credentialOffer,
-    issuerMetadata,
-    additionalRequestPayload,
-    txCode,
-    dpop
-  }) {
-    if (!credentialOffer.grants?.[import_oauth219.preAuthorizedCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`The credential offer does not contain the '${import_oauth219.preAuthorizedCodeGrantIdentifier}' grant.`);
-    }
-    if (credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier].tx_code && !txCode) {
-      throw new import_oauth219.Oauth2Error(
-        `Retrieving access token requires a 'tx_code' in the request, but the 'txCode' parameter was not provided.`
-      );
-    }
-    const preAuthorizedCode = credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier]["pre-authorized_code"];
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      grantAuthorizationServer: credentialOffer.grants[import_oauth219.preAuthorizedCodeGrantIdentifier].authorization_server,
-      issuerMetadata
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const result = await this.oauth2Client.retrievePreAuthorizedCodeAccessToken({
-      authorizationServerMetadata,
-      preAuthorizedCode,
-      txCode,
-      resource: issuerMetadata.credentialIssuer.credential_issuer,
-      additionalRequestPayload,
-      dpop
-    });
-    return {
-      ...result,
-      authorizationServer
-    };
-  }
-  /**
-   * Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessTokenFrom}
-   * but specifically focused on a credential offer
-   */
-  async retrieveAuthorizationCodeAccessTokenFromOffer({
-    issuerMetadata,
-    additionalRequestPayload,
-    credentialOffer,
-    authorizationCode,
-    pkceCodeVerifier,
-    redirectUri,
-    dpop
-  }) {
-    if (!credentialOffer.grants?.[import_oauth219.authorizationCodeGrantIdentifier]) {
-      throw new import_oauth219.Oauth2Error(`The credential offer does not contain the '${import_oauth219.authorizationCodeGrantIdentifier}' grant.`);
-    }
-    const authorizationServer = determineAuthorizationServerForCredentialOffer({
-      grantAuthorizationServer: credentialOffer.grants[import_oauth219.authorizationCodeGrantIdentifier].authorization_server,
-      issuerMetadata
-    });
-    const authorizationServerMetadata = (0, import_oauth219.getAuthorizationServerMetadataFromList)(
-      issuerMetadata.authorizationServers,
-      authorizationServer
-    );
-    const result = await this.oauth2Client.retrieveAuthorizationCodeAccessToken({
-      authorizationServerMetadata,
-      authorizationCode,
-      pkceCodeVerifier,
-      additionalRequestPayload,
-      dpop,
-      redirectUri,
-      resource: issuerMetadata.credentialIssuer.credential_issuer
-    });
-    return {
-      ...result,
-      authorizationServer
-    };
-  }
-  /**
-   * Request a nonce to be used in credential request proofs from the `nonce_endpoint`
-   *
-   * @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
-   * @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
-   * @throws ValidationError - if validating the nonce response failed
-   */
-  async requestNonce(options) {
-    return requestNonce({
-      ...options,
-      fetch: this.options.callbacks.fetch
-    });
-  }
-  /**
-   * Creates the jwt proof payload and header to be included in a credential request.
-   */
-  async createCredentialRequestJwtProof(options) {
-    const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
-    if (!credentialConfiguration) {
-      throw new Openid4vciError(
-        `Credential configuration with '${options.credentialConfigurationId}' not found in 'credential_configurations_supported' from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`
-      );
-    }
-    if (credentialConfiguration.proof_types_supported) {
-      if (!credentialConfiguration.proof_types_supported.jwt) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' does not support the 'jwt' proof type.`
-        );
-      }
-      if (!credentialConfiguration.proof_types_supported.jwt.proof_signing_alg_values_supported.includes(
-        options.signer.alg
-      )) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' does not support the '${options.signer.alg}' alg for 'jwt' proof type.`
-        );
-      }
-      if (credentialConfiguration.proof_types_supported.jwt.key_attestations_required && !options.keyAttestationJwt) {
-        throw new Openid4vciError(
-          `Credential configuration with id '${options.credentialConfigurationId}' requires key attestations for 'jwt' proof type but no 'keyAttestationJwt' was provided`
-        );
-      }
-    }
-    const jwt = await createCredentialRequestJwtProof({
-      credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-      signer: options.signer,
-      clientId: options.clientId,
-      issuedAt: options.issuedAt,
-      nonce: options.nonce,
-      keyAttestationJwt: options.keyAttestationJwt,
-      callbacks: this.options.callbacks
-    });
-    return {
-      jwt
-    };
-  }
-  /**
-   * @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-   * @throws ValidationError - if validation of the credential request failed
-   * @throws Openid4vciError - if the `credentialConfigurationId` couldn't be found, or if the the format specific request couldn't be constructed
-   */
-  async retrieveCredentials({
-    issuerMetadata,
-    proof,
-    proofs,
-    credentialConfigurationId,
-    additionalRequestPayload,
-    accessToken,
-    dpop
-  }) {
-    let credentialResponse;
-    if (issuerMetadata.originalDraftVersion === "Draft15" /* Draft15 */ || issuerMetadata.originalDraftVersion === "Draft16" /* Draft16 */) {
-      credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
-        accessToken,
-        credentialConfigurationId,
-        issuerMetadata,
-        additionalRequestPayload,
-        proof,
-        proofs,
-        callbacks: this.options.callbacks,
-        dpop
-      });
-    } else {
-      const formatPayload = getCredentialRequestFormatPayloadForCredentialConfigurationId({
-        credentialConfigurationId,
-        issuerMetadata
-      });
-      credentialResponse = await retrieveCredentialsWithFormat({
-        accessToken,
-        formatPayload,
-        issuerMetadata,
-        additionalRequestPayload,
-        proof,
-        proofs,
-        callbacks: this.options.callbacks,
-        dpop
-      });
-    }
-    if (!credentialResponse.ok) {
-      throw new Openid4vciRetrieveCredentialsError(
-        `Error retrieving credentials from '${issuerMetadata.credentialIssuer.credential_issuer}'`,
-        credentialResponse,
-        await credentialResponse.response.clone().text()
-      );
-    }
-    return credentialResponse;
-  }
-  /**
-   * @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-   * @throws ValidationError - if validation of the credential request failed
-   */
-  async retrieveDeferredCredentials(options) {
-    const credentialResponse = await retrieveDeferredCredentials({
-      ...options,
-      callbacks: this.options.callbacks
-    });
-    if (!credentialResponse.ok) {
-      throw new Openid4vciRetrieveCredentialsError(
-        `Error retrieving deferred credentials from '${options.issuerMetadata.credentialIssuer.credential_issuer}'`,
-        credentialResponse,
-        await credentialResponse.response.clone().text()
-      );
-    }
-    return credentialResponse;
-  }
-  /**
-   * @throws Openid4vciSendNotificationError - if an unsuccessful response
-   * @throws ValidationError - if validation of the notification request failed
-   */
-  async sendNotification({
-    issuerMetadata,
-    notification,
-    additionalRequestPayload,
-    accessToken,
-    dpop
-  }) {
-    const notificationResponse = await sendNotification({
-      accessToken,
-      issuerMetadata,
-      additionalRequestPayload,
-      callbacks: this.options.callbacks,
-      dpop,
-      notification
-    });
-    if (!notificationResponse.ok) {
-      throw new Openid4vciSendNotificationError(
-        `Error sending notification to '${issuerMetadata.credentialIssuer.credential_issuer}'`,
-        notificationResponse
-      );
-    }
-    return notificationResponse;
-  }
+	constructor(options) {
+		this.options = options;
+		this.oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
+	}
+	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
+		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
+	}
+	/**
+	* Resolve a credential offer into a credential offer object, handling both
+	* 'credential_offer' and 'credential_offer_uri' params.
+	*/
+	async resolveCredentialOffer(credentialOffer) {
+		return resolveCredentialOffer(credentialOffer, { fetch: this.options.callbacks.fetch });
+	}
+	async resolveIssuerMetadata(credentialIssuer) {
+		return resolveIssuerMetadata(credentialIssuer, { fetch: this.options.callbacks.fetch });
+	}
+	/**
+	* Retrieve an authorization code for a presentation during issuance session
+	*
+	* This can only be called if an authorization challenge was performed before and returned a
+	* `presentation` parameter along with an `auth_session`. If the presentation response included
+	* an `presentation_during_issuance_session` parameter it MUST be included in this request as well.
+	*/
+	async retrieveAuthorizationCodeUsingPresentation(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const { authorizationChallengeResponse, dpop } = await new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks }).sendAuthorizationChallengeRequest({
+			authorizationServerMetadata,
+			authSession: options.authSession,
+			presentationDuringIssuanceSession: options.presentationDuringIssuanceSession,
+			dpop: options.dpop
+		});
+		return {
+			authorizationChallengeResponse,
+			dpop
+		};
+	}
+	/**
+	* Initiates authorization for credential issuance. It handles the following cases:
+	* - Authorization Challenge
+	* - Pushed Authorization Request
+	* - Regular Authorization url
+	*
+	* In case the authorization challenge request returns an error with `insufficient_authorization`
+	* with a `presentation` field it means the authorization server expects presentation of credentials
+	* before issuance of credentials. If this is the case, the value in `presentation` should be treated
+	* as an openid4vp authorization request and submitted to the verifier. Once the presentation response
+	* has been submitted, the RP will respond with a `presentation_during_issuance_session` parameter.
+	* Together with the `auth_session` parameter returned in this call you can retrieve an `authorization_code`
+	* using
+	*/
+	async initiateAuthorization(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
+		try {
+			return {
+				...await oauth2Client.initiateAuthorization({
+					clientId: options.clientId,
+					pkceCodeVerifier: options.pkceCodeVerifier,
+					redirectUri: options.redirectUri,
+					scope: options.scope,
+					additionalRequestPayload: {
+						...options.additionalRequestPayload,
+						issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
+					},
+					dpop: options.dpop,
+					resource: options.issuerMetadata.credentialIssuer.credential_issuer,
+					authorizationServerMetadata
+				}),
+				authorizationFlow: AuthorizationFlow.Oauth2Redirect,
+				authorizationServer: authorizationServerMetadata.issuer
+			};
+		} catch (error) {
+			if (error instanceof __openid4vc_oauth2.Oauth2ClientAuthorizationChallengeError && error.errorResponse.error === __openid4vc_oauth2.Oauth2ErrorCodes.InsufficientAuthorization && error.errorResponse.presentation) {
+				if (!error.errorResponse.auth_session) throw new Openid4vciError(`Expected 'auth_session' to be defined with authorization challenge response error '${error.errorResponse.error}' and 'presentation' parameter`);
+				return {
+					authorizationFlow: AuthorizationFlow.PresentationDuringIssuance,
+					openid4vpRequestUrl: error.errorResponse.presentation,
+					authSession: error.errorResponse.auth_session,
+					authorizationServer: authorizationServerMetadata.issuer
+				};
+			}
+			throw error;
+		}
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.createAuthorizationRequestUrl}
+	* but specifically focused on a credential offer
+	*/
+	async createAuthorizationRequestUrlFromOffer(options) {
+		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
+		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			issuerMetadata: options.issuerMetadata,
+			grantAuthorizationServer: authorizationCodeGrant.authorization_server
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
+		const { authorizationRequestUrl, pkce, dpop } = await this.oauth2Client.createAuthorizationRequestUrl({
+			authorizationServerMetadata,
+			clientId: options.clientId,
+			additionalRequestPayload: {
+				...options.additionalRequestPayload,
+				issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
+			},
+			resource: options.issuerMetadata.credentialIssuer.credential_issuer,
+			redirectUri: options.redirectUri,
+			scope: options.scope,
+			pkceCodeVerifier: options.pkceCodeVerifier,
+			dpop: options.dpop
+		});
+		return {
+			authorizationRequestUrl,
+			pkce,
+			dpop,
+			authorizationServer: authorizationServerMetadata.issuer
+		};
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.retrievePreAuthorizedCodeAccessToken}
+	* but specifically focused on a credential offer
+	*/
+	async retrievePreAuthorizedCodeAccessTokenFromOffer({ credentialOffer, issuerMetadata, additionalRequestPayload, txCode, dpop }) {
+		if (!credentialOffer.grants?.[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier}' grant.`);
+		if (credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code && !txCode) throw new __openid4vc_oauth2.Oauth2Error(`Retrieving access token requires a 'tx_code' in the request, but the 'txCode' parameter was not provided.`);
+		const preAuthorizedCode = credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]["pre-authorized_code"];
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].authorization_server,
+			issuerMetadata
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
+		return {
+			...await this.oauth2Client.retrievePreAuthorizedCodeAccessToken({
+				authorizationServerMetadata,
+				preAuthorizedCode,
+				txCode,
+				resource: issuerMetadata.credentialIssuer.credential_issuer,
+				additionalRequestPayload,
+				dpop
+			}),
+			authorizationServer
+		};
+	}
+	/**
+	* Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessTokenFrom}
+	* but specifically focused on a credential offer
+	*/
+	async retrieveAuthorizationCodeAccessTokenFromOffer({ issuerMetadata, additionalRequestPayload, credentialOffer, authorizationCode, pkceCodeVerifier, redirectUri, dpop }) {
+		if (!credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.authorizationCodeGrantIdentifier}' grant.`);
+		const authorizationServer = determineAuthorizationServerForCredentialOffer({
+			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier].authorization_server,
+			issuerMetadata
+		});
+		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
+		return {
+			...await this.oauth2Client.retrieveAuthorizationCodeAccessToken({
+				authorizationServerMetadata,
+				authorizationCode,
+				pkceCodeVerifier,
+				additionalRequestPayload,
+				dpop,
+				redirectUri,
+				resource: issuerMetadata.credentialIssuer.credential_issuer
+			}),
+			authorizationServer
+		};
+	}
+	/**
+	* Request a nonce to be used in credential request proofs from the `nonce_endpoint`
+	*
+	* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
+	* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
+	* @throws ValidationError - if validating the nonce response failed
+	*/
+	async requestNonce(options) {
+		return requestNonce({
+			...options,
+			fetch: this.options.callbacks.fetch
+		});
+	}
+	/**
+	* Creates the jwt proof payload and header to be included in a credential request.
+	*/
+	async createCredentialRequestJwtProof(options) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
+		if (!credentialConfiguration) throw new Openid4vciError(`Credential configuration with '${options.credentialConfigurationId}' not found in 'credential_configurations_supported' from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		if (credentialConfiguration.proof_types_supported) {
+			if (!credentialConfiguration.proof_types_supported.jwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the 'jwt' proof type.`);
+			if (!credentialConfiguration.proof_types_supported.jwt.proof_signing_alg_values_supported.includes(options.signer.alg)) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the '${options.signer.alg}' alg for 'jwt' proof type.`);
+			if (credentialConfiguration.proof_types_supported.jwt.key_attestations_required && !options.keyAttestationJwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' requires key attestations for 'jwt' proof type but no 'keyAttestationJwt' was provided`);
+		}
+		return { jwt: await createCredentialRequestJwtProof({
+			credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+			signer: options.signer,
+			clientId: options.clientId,
+			issuedAt: options.issuedAt,
+			nonce: options.nonce,
+			keyAttestationJwt: options.keyAttestationJwt,
+			callbacks: this.options.callbacks
+		}) };
+	}
+	/**
+	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
+	* @throws ValidationError - if validation of the credential request failed
+	* @throws Openid4vciError - if the `credentialConfigurationId` couldn't be found, or if the the format specific request couldn't be constructed
+	*/
+	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
+		let credentialResponse;
+		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
+			accessToken,
+			credentialConfigurationId,
+			issuerMetadata,
+			additionalRequestPayload,
+			proof,
+			proofs,
+			callbacks: this.options.callbacks,
+			dpop
+		});
+		else credentialResponse = await retrieveCredentialsWithFormat({
+			accessToken,
+			formatPayload: getCredentialRequestFormatPayloadForCredentialConfigurationId({
+				credentialConfigurationId,
+				issuerMetadata
+			}),
+			issuerMetadata,
+			additionalRequestPayload,
+			proof,
+			proofs,
+			callbacks: this.options.callbacks,
+			dpop
+		});
+		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving credentials from '${issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
+		return credentialResponse;
+	}
+	/**
+	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
+	* @throws ValidationError - if validation of the credential request failed
+	*/
+	async retrieveDeferredCredentials(options) {
+		const credentialResponse = await retrieveDeferredCredentials({
+			...options,
+			callbacks: this.options.callbacks
+		});
+		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving deferred credentials from '${options.issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
+		return credentialResponse;
+	}
+	/**
+	* @throws Openid4vciSendNotificationError - if an unsuccessful response
+	* @throws ValidationError - if validation of the notification request failed
+	*/
+	async sendNotification({ issuerMetadata, notification, additionalRequestPayload, accessToken, dpop }) {
+		const notificationResponse = await sendNotification({
+			accessToken,
+			issuerMetadata,
+			additionalRequestPayload,
+			callbacks: this.options.callbacks,
+			dpop,
+			notification
+		});
+		if (!notificationResponse.ok) throw new Openid4vciSendNotificationError(`Error sending notification to '${issuerMetadata.credentialIssuer.credential_issuer}'`, notificationResponse);
+		return notificationResponse;
+	}
 };
 
-// src/Openid4vciIssuer.ts
-var import_oauth220 = require("@openid4vc/oauth2");
-var import_utils21 = require("@openid4vc/utils");
-
-// src/credential-request/credential-response.ts
-var import_utils18 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/credential-response.ts
 function createCredentialResponse(options) {
-  return (0, import_utils18.parseWithErrorHandling)(zCredentialResponse, {
-    c_nonce: options.cNonce,
-    c_nonce_expires_in: options.cNonceExpiresInSeconds,
-    credential: options.credential,
-    credentials: options.credentials,
-    notification_id: options.notificationId,
-    transaction_id: options.transactionId,
-    interval: options.interval,
-    // NOTE `format` is removed in draft 13. For now if a format was requested
-    // we just always return it in the response as well.
-    format: options.credentialRequest.format?.format,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialResponse, {
+		c_nonce: options.cNonce,
+		c_nonce_expires_in: options.cNonceExpiresInSeconds,
+		credential: options.credential,
+		credentials: options.credentials,
+		notification_id: options.notificationId,
+		transaction_id: options.transactionId,
+		interval: options.interval,
+		format: options.credentialRequest.format?.format,
+		...options.additionalPayload
+	});
 }
 function createDeferredCredentialResponse(options) {
-  return (0, import_utils18.parseWithErrorHandling)(zDeferredCredentialResponse, {
-    credentials: options.credentials,
-    notification_id: options.notificationId,
-    interval: options.interval,
-    ...options.additionalPayload
-  });
+	return (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialResponse, {
+		credentials: options.credentials,
+		notification_id: options.notificationId,
+		interval: options.interval,
+		...options.additionalPayload
+	});
 }
 
-// src/credential-request/parse-credential-request.ts
-var import_utils19 = require("@openid4vc/utils");
-var import_zod22 = __toESM(require("zod"));
+//#endregion
+//#region src/credential-request/parse-credential-request.ts
 function parseCredentialRequest(options) {
-  const credentialRequest = (0, import_utils19.parseWithErrorHandling)(
-    zCredentialRequest,
-    options.credentialRequest,
-    "Error validating credential request"
-  );
-  let proofs = void 0;
-  const knownProofs = zCredentialRequestProofs.strict().safeParse(credentialRequest.proofs);
-  if (knownProofs.success) {
-    proofs = knownProofs.data;
-  }
-  const knownProof = import_zod22.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
-  if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) {
-    proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
-  } else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) {
-    proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
-  }
-  if (credentialRequest.credential_configuration_id) {
-    getCredentialConfigurationSupportedById(
-      options.issuerMetadata.credentialIssuer.credential_configurations_supported,
-      credentialRequest.credential_configuration_id
-    );
-    const credentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(
-      options.issuerMetadata.credentialIssuer.credential_configurations_supported
-    );
-    return {
-      credentialConfiguration: credentialConfigurations[credentialRequest.credential_configuration_id],
-      credentialConfigurationId: credentialRequest.credential_configuration_id,
-      credentialRequest,
-      proofs
-    };
-  }
-  if (credentialRequest.credential_identifier) {
-    return {
-      credentialIdentifier: credentialRequest.credential_identifier,
-      credentialRequest,
-      proofs
-    };
-  }
-  if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(
-    credentialRequest.format
-  )) {
-    return {
-      // Removes all claims that are not specific to this format
-      format: (0, import_utils19.parseWithErrorHandling)(
-        import_zod22.default.union(allCredentialRequestFormats),
-        credentialRequest,
-        "Unable to validate format specific properties from credential request"
-      ),
-      credentialRequest,
-      proofs
-    };
-  }
-  return {
-    credentialRequest,
-    proofs
-  };
+	const credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
+	let proofs;
+	const knownProofs = zCredentialRequestProofs.strict().safeParse(credentialRequest.proofs);
+	if (knownProofs.success) proofs = knownProofs.data;
+	const knownProof = zod.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
+	if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
+	else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
+	if (credentialRequest.credential_configuration_id) {
+		getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, credentialRequest.credential_configuration_id);
+		return {
+			credentialConfiguration: extractKnownCredentialConfigurationSupportedFormats(options.issuerMetadata.credentialIssuer.credential_configurations_supported)[credentialRequest.credential_configuration_id],
+			credentialConfigurationId: credentialRequest.credential_configuration_id,
+			credentialRequest,
+			proofs
+		};
+	}
+	if (credentialRequest.credential_identifier) return {
+		credentialIdentifier: credentialRequest.credential_identifier,
+		credentialRequest,
+		proofs
+	};
+	if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(credentialRequest.format)) return {
+		format: (0, __openid4vc_utils.parseWithErrorHandling)(zod.default.union(allCredentialRequestFormats), credentialRequest, "Unable to validate format specific properties from credential request"),
+		credentialRequest,
+		proofs
+	};
+	return {
+		credentialRequest,
+		proofs
+	};
 }
 
-// src/credential-request/parse-deferred-credential-request.ts
-var import_utils20 = require("@openid4vc/utils");
+//#endregion
+//#region src/credential-request/parse-deferred-credential-request.ts
 function parseDeferredCredentialRequest(options) {
-  const deferredCredentialRequest = (0, import_utils20.parseWithErrorHandling)(
-    zDeferredCredentialRequest,
-    options.deferredCredentialRequest,
-    "Error validating credential request"
-  );
-  return {
-    deferredCredentialRequest
-  };
+	return { deferredCredentialRequest: (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, options.deferredCredentialRequest, "Error validating credential request") };
 }
 
-// src/formats/proof-type/attestation/attestation-proof-type.ts
+//#endregion
+//#region src/formats/proof-type/attestation/attestation-proof-type.ts
 async function verifyCredentialRequestAttestationProof(options) {
-  const verificationResult = await verifyKeyAttestationJwt({
-    ...options,
-    use: "proof_type.attestation"
-  });
-  return verificationResult;
+	return await verifyKeyAttestationJwt({
+		...options,
+		use: "proof_type.attestation"
+	});
 }
 
-// src/Openid4vciIssuer.ts
+//#endregion
+//#region src/Openid4vciIssuer.ts
 var Openid4vciIssuer = class {
-  constructor(options) {
-    this.options = options;
-  }
-  getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
-    return (0, import_utils21.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
-  }
-  getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-    return extractKnownCredentialConfigurationSupportedFormats(
-      credentialIssuerMetadata.credential_configurations_supported
-    );
-  }
-  /**
-   * Create issuer metadata and validates the structure is correct
-   */
-  createCredentialIssuerMetadata(credentialIssuerMetadata) {
-    return (0, import_utils21.parseWithErrorHandling)(
-      zCredentialIssuerMetadata,
-      credentialIssuerMetadata,
-      "Error validating credential issuer metadata"
-    );
-  }
-  async createCredentialOffer(options) {
-    return createCredentialOffer({
-      callbacks: this.options.callbacks,
-      credentialConfigurationIds: options.credentialConfigurationIds,
-      grants: options.grants,
-      issuerMetadata: options.issuerMetadata,
-      additionalPayload: options.additionalPayload,
-      credentialOfferScheme: options.credentialOfferScheme,
-      credentialOfferUri: options.credentialOfferUri
-    });
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - if verification of the jwt failed. You can extract
-   *  the credential error response from this.
-   */
-  async verifyCredentialRequestJwtProof(options) {
-    try {
-      return await verifyCredentialRequestJwtProof({
-        callbacks: this.options.callbacks,
-        credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-        expectedNonce: options.expectedNonce,
-        nonceExpiresAt: options.nonceExpiresAt,
-        jwt: options.jwt,
-        clientId: options.clientId,
-        now: options.now
-      });
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidProof,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_oauth220.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof jwt",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - if verification of the key attestation failed. You can extract
-   *  the credential error response from this.
-   */
-  async verifyCredentialRequestAttestationProof(options) {
-    try {
-      return await verifyCredentialRequestAttestationProof({
-        callbacks: this.options.callbacks,
-        expectedNonce: options.expectedNonce,
-        keyAttestationJwt: options.keyAttestationJwt,
-        nonceExpiresAt: options.nonceExpiresAt,
-        now: options.now
-      });
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidProof,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_oauth220.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof attestation",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
-   *  You can extract the credential error response from this.
-   */
-  parseCredentialRequest(options) {
-    try {
-      return parseCredentialRequest(options);
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidCredentialRequest,
-          error_description: (
-            // TODO: error should have a internalErrorMessage and a publicErrorMessage
-            error instanceof import_utils21.ValidationError ? error.message : "Invalid request"
-          )
-        },
-        {
-          internalMessage: "Error verifying credential request proof jwt",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws Oauth2ServerErrorResponseError - when validation of the deferred credential request fails
-   */
-  parseDeferredCredentialRequest(options) {
-    try {
-      return parseDeferredCredentialRequest(options);
-    } catch (error) {
-      throw new import_oauth220.Oauth2ServerErrorResponseError(
-        {
-          error: import_oauth220.Oauth2ErrorCodes.InvalidCredentialRequest,
-          error_description: error instanceof import_utils21.ValidationError ? error.message : "Invalid request"
-        },
-        {
-          internalMessage: "Error parsing deferred credential request",
-          cause: error
-        }
-      );
-    }
-  }
-  /**
-   * @throws ValidationError - when validation of the credential response fails
-   */
-  createCredentialResponse(options) {
-    return createCredentialResponse(options);
-  }
-  /**
-   * @throws ValidationError - when validation of the credential response fails
-   */
-  createDeferredCredentialResponse(options) {
-    return createDeferredCredentialResponse(options);
-  }
-  /**
-   * @throws ValidationError - when validation of the nonce response fails
-   */
-  createNonceResponse(options) {
-    return createNonceResponse(options);
-  }
-  async verifyWalletAttestation(options) {
-    return new import_oauth220.Oauth2AuthorizationServer({
-      callbacks: this.options.callbacks
-    }).verifyClientAttestation(options);
-  }
+	constructor(options) {
+		this.options = options;
+	}
+	getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
+		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
+	}
+	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
+		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
+	}
+	/**
+	* Create issuer metadata and validates the structure is correct
+	*/
+	createCredentialIssuerMetadata(credentialIssuerMetadata) {
+		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadata, credentialIssuerMetadata, "Error validating credential issuer metadata");
+	}
+	async createCredentialOffer(options) {
+		return createCredentialOffer({
+			callbacks: this.options.callbacks,
+			credentialConfigurationIds: options.credentialConfigurationIds,
+			grants: options.grants,
+			issuerMetadata: options.issuerMetadata,
+			additionalPayload: options.additionalPayload,
+			credentialOfferScheme: options.credentialOfferScheme,
+			credentialOfferUri: options.credentialOfferUri
+		});
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - if verification of the jwt failed. You can extract
+	*  the credential error response from this.
+	*/
+	async verifyCredentialRequestJwtProof(options) {
+		try {
+			return await verifyCredentialRequestJwtProof({
+				callbacks: this.options.callbacks,
+				credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
+				expectedNonce: options.expectedNonce,
+				nonceExpiresAt: options.nonceExpiresAt,
+				jwt: options.jwt,
+				clientId: options.clientId,
+				now: options.now
+			});
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
+				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
+			}, {
+				internalMessage: "Error verifying credential request proof jwt",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - if verification of the key attestation failed. You can extract
+	*  the credential error response from this.
+	*/
+	async verifyCredentialRequestAttestationProof(options) {
+		try {
+			return await verifyCredentialRequestAttestationProof({
+				callbacks: this.options.callbacks,
+				expectedNonce: options.expectedNonce,
+				keyAttestationJwt: options.keyAttestationJwt,
+				nonceExpiresAt: options.nonceExpiresAt,
+				now: options.now
+			});
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
+				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
+			}, {
+				internalMessage: "Error verifying credential request proof attestation",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
+	*  You can extract the credential error response from this.
+	*/
+	parseCredentialRequest(options) {
+		try {
+			return parseCredentialRequest(options);
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
+				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
+			}, {
+				internalMessage: "Error verifying credential request proof jwt",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws Oauth2ServerErrorResponseError - when validation of the deferred credential request fails
+	*/
+	parseDeferredCredentialRequest(options) {
+		try {
+			return parseDeferredCredentialRequest(options);
+		} catch (error) {
+			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
+				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
+				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
+			}, {
+				internalMessage: "Error parsing deferred credential request",
+				cause: error
+			});
+		}
+	}
+	/**
+	* @throws ValidationError - when validation of the credential response fails
+	*/
+	createCredentialResponse(options) {
+		return createCredentialResponse(options);
+	}
+	/**
+	* @throws ValidationError - when validation of the credential response fails
+	*/
+	createDeferredCredentialResponse(options) {
+		return createDeferredCredentialResponse(options);
+	}
+	/**
+	* @throws ValidationError - when validation of the nonce response fails
+	*/
+	createNonceResponse(options) {
+		return createNonceResponse(options);
+	}
+	async verifyWalletAttestation(options) {
+		return new __openid4vc_oauth2.Oauth2AuthorizationServer({ callbacks: this.options.callbacks }).verifyClientAttestation(options);
+	}
 };
 
-// src/Openid4vciWalletProvider.ts
-var import_oauth221 = require("@openid4vc/oauth2");
+//#endregion
+//#region src/Openid4vciWalletProvider.ts
 var Openid4vciWalletProvider = class {
-  constructor(options) {
-    this.options = options;
-  }
-  async createWalletAttestationJwt(options) {
-    const additionalPayload = options.additionalPayload ? {
-      wallet_name: options.walletName,
-      wallet_link: options.walletLink,
-      ...options.additionalPayload
-    } : {
-      wallet_name: options.walletName,
-      wallet_link: options.walletLink
-    };
-    return await (0, import_oauth221.createClientAttestationJwt)({
-      ...options,
-      callbacks: this.options.callbacks,
-      additionalPayload
-    });
+	constructor(options) {
+		this.options = options;
+	}
+	async createWalletAttestationJwt(options) {
+		const additionalPayload = options.additionalPayload ? {
+			wallet_name: options.walletName,
+			wallet_link: options.walletLink,
+			...options.additionalPayload
+		} : {
+			wallet_name: options.walletName,
+			wallet_link: options.walletLink
+		};
+		return await (0, __openid4vc_oauth2.createClientAttestationJwt)({
+			...options,
+			callbacks: this.options.callbacks,
+			additionalPayload
+		});
+	}
+	async createKeyAttestationJwt(options) {
+		return await createKeyAttestationJwt({
+			callbacks: this.options.callbacks,
+			...options
+		});
+	}
+};
+
+//#endregion
+exports.AuthorizationFlow = AuthorizationFlow;
+exports.Openid4vciClient = Openid4vciClient;
+exports.Openid4vciDraftVersion = Openid4vciDraftVersion;
+exports.Openid4vciError = Openid4vciError;
+exports.Openid4vciIssuer = Openid4vciIssuer;
+exports.Openid4vciRetrieveCredentialsError = Openid4vciRetrieveCredentialsError;
+exports.Openid4vciSendNotificationError = Openid4vciSendNotificationError;
+exports.Openid4vciWalletProvider = Openid4vciWalletProvider;
+exports.createKeyAttestationJwt = createKeyAttestationJwt;
+exports.credentialsSupportedToCredentialConfigurationsSupported = credentialsSupportedToCredentialConfigurationsSupported;
+exports.determineAuthorizationServerForCredentialOffer = determineAuthorizationServerForCredentialOffer;
+exports.extractScopesForCredentialConfigurationIds = extractScopesForCredentialConfigurationIds;
+exports.getCredentialConfigurationsMatchingRequestFormat = getCredentialConfigurationsMatchingRequestFormat;
+Object.defineProperty(exports, 'getGlobalConfig', {
+  enumerable: true,
+  get: function () {
+    return __openid4vc_utils.getGlobalConfig;
   }
-  async createKeyAttestationJwt(options) {
-    return await createKeyAttestationJwt({
-      callbacks: this.options.callbacks,
-      ...options
-    });
+});
+exports.parseKeyAttestationJwt = parseKeyAttestationJwt;
+Object.defineProperty(exports, 'setGlobalConfig', {
+  enumerable: true,
+  get: function () {
+    return __openid4vc_utils.setGlobalConfig;
   }
-};
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  AuthorizationFlow,
-  Openid4vciClient,
-  Openid4vciDraftVersion,
-  Openid4vciError,
-  Openid4vciIssuer,
-  Openid4vciRetrieveCredentialsError,
-  Openid4vciSendNotificationError,
-  Openid4vciWalletProvider,
-  createKeyAttestationJwt,
-  credentialsSupportedToCredentialConfigurationsSupported,
-  determineAuthorizationServerForCredentialOffer,
-  extractScopesForCredentialConfigurationIds,
-  getCredentialConfigurationsMatchingRequestFormat,
-  getGlobalConfig,
-  parseKeyAttestationJwt,
-  setGlobalConfig,
-  verifyKeyAttestationJwt
 });
+exports.verifyKeyAttestationJwt = verifyKeyAttestationJwt;
 //# sourceMappingURL=index.js.map