npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20251017121147 → 0.3.0-alpha-20251021081452 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20251017121147 → 0.3.0-alpha-20251021081452

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -30,7 +30,7 @@ zod = __toESM(zod);
 //#region src/version.ts
 let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
-	Openid4vciDraftVersion$1["Draft16"] = "Draft16";
+	Openid4vciDraftVersion$1["V1"] = "V1";
 	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
 	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
 	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
@@ -43,23 +43,23 @@ const zTxCode = zod.default.object({
 	input_mode: zod.default.union([zod.default.literal("numeric"), zod.default.literal("text")]).optional(),
 	length: zod.default.number().int().optional(),
 	description: zod.default.string().max(300).optional()
-}).passthrough();
+}).loose();
 const zCredentialOfferGrants = zod.default.object({
 	authorization_code: zod.default.object({
 		issuer_state: zod.default.string().optional(),
 		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
-	}).passthrough().optional(),
+	}).loose().optional(),
 	[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
 		"pre-authorized_code": zod.default.string(),
 		tx_code: zTxCode.optional(),
 		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
-	}).passthrough().optional()
-}).passthrough();
+	}).loose().optional()
+}).loose();
 const zCredentialOfferObjectDraft14 = zod.default.object({
 	credential_issuer: __openid4vc_utils.zHttpsUrl,
 	credential_configuration_ids: zod.default.array(zod.default.string()),
 	grants: zod.default.optional(zCredentialOfferGrants)
-}).passthrough();
+}).loose();
 const zCredentialOfferObjectDraft11To14 = zod.default.object({
 	credential_issuer: __openid4vc_utils.zHttpsUrl,
 	credentials: zod.default.array(zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })),
@@ -68,9 +68,9 @@ const zCredentialOfferObjectDraft11To14 = zod.default.object({
 		[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
 			"pre-authorized_code": zod.default.string(),
 			user_pin_required: zod.default.optional(zod.default.boolean())
-		}).passthrough().optional()
+		}).loose().optional()
 	}))
-}).passthrough().transform(({ credentials, grants,...rest }) => {
+}).loose().transform(({ credentials, grants,...rest }) => {
 	const v14 = {
 		...rest,
 		credential_configuration_ids: credentials
@@ -177,14 +177,15 @@ const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.ob
 	display: zod.default.array(zod.default.object({
 		name: zod.default.string().optional(),
 		locale: zod.default.string().optional()
-	}).passthrough()).optional()
-}).passthrough();
+	}).loose()).optional()
+}).loose();
 const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
-const zClaimsDescriptionPath = zod.default.array(zod.default.union([
+const zClaimDescriptionPathValue = zod.default.union([
 	zod.default.string(),
 	zod.default.number().int().nonnegative(),
 	zod.default.null()
-])).nonempty();
+]);
+const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
 const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], { message: "mso_mdoc claims description path MUST be an array with exactly two string elements, pointing to the namespace and element identifier within an mdoc credential" });
 const zIssuerMetadataClaimsDescription = zod.default.object({
 	path: zClaimsDescriptionPath,
@@ -192,8 +193,8 @@ const zIssuerMetadataClaimsDescription = zod.default.object({
 	display: zod.default.array(zod.default.object({
 		name: zod.default.string().optional(),
 		locale: zod.default.string().optional()
-	}).passthrough()).optional()
-}).passthrough();
+	}).loose()).optional()
+}).loose();
 const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
 //#endregion
@@ -201,7 +202,7 @@ const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription
 const zKeyAttestationJwtHeader = zod.default.object({
 	...__openid4vc_oauth2.zJwtHeader.shape,
 	typ: zod.default.literal("keyattestation+jwt").or(zod.default.literal("key-attestation+jwt"))
-}).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+}).loose().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
 const zIso18045 = zod.default.enum([
 	"iso_18045_high",
 	"iso_18045_moderate",
@@ -215,13 +216,13 @@ const zKeyAttestationJwtPayload = zod.default.object({
 	attested_keys: zod.default.array(__openid4vc_oauth2.zJwk),
 	key_storage: zod.default.optional(zIso18045OrStringArray),
 	user_authentication: zod.default.optional(zIso18045OrStringArray),
-	certification: zod.default.optional(zod.default.string().url())
-}).passthrough();
+	certification: zod.default.optional(zod.default.url())
+}).loose();
 const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
 	...zKeyAttestationJwtPayload.shape,
 	nonce: use === "proof_type.attestation" ? zod.default.string({ message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly` }) : zod.default.optional(zod.default.string()),
 	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
-}).passthrough();
+}).loose();
 //#endregion
 //#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
@@ -231,12 +232,12 @@ const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
 	logo: zod.default.object({
 		uri: zod.default.string().optional(),
 		alt_text: zod.default.string().optional()
-	}).passthrough().optional(),
+	}).loose().optional(),
 	description: zod.default.string().optional(),
 	background_color: zod.default.string().optional(),
-	background_image: zod.default.object({ uri: zod.default.string().optional() }).passthrough().optional(),
+	background_image: zod.default.object({ uri: zod.default.string().optional() }).loose().optional(),
 	text_color: zod.default.string().optional()
-}).passthrough();
+}).loose();
 const zCredentialConfigurationSupportedCommonCredentialMetadata = zod.default.object({ display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional() });
 const zCredentialConfigurationSupportedCommon = zod.default.object({
 	format: zod.default.string(),
@@ -252,11 +253,11 @@ const zCredentialConfigurationSupportedCommon = zod.default.object({
 		key_attestations_required: zod.default.object({
 			key_storage: zIso18045OrStringArray.optional(),
 			user_authentication: zIso18045OrStringArray.optional()
-		}).passthrough().optional()
+		}).loose().optional()
 	})).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional(),
 	claims: zod.default.optional(zod.default.never())
-}).passthrough();
+}).loose();
 const zCredentialConfigurationSupportedCommonDraft15 = zod.default.object({
 	format: zod.default.string(),
 	scope: zod.default.string().optional(),
@@ -271,11 +272,11 @@ const zCredentialConfigurationSupportedCommonDraft15 = zod.default.object({
 		key_attestations_required: zod.default.object({
 			key_storage: zIso18045OrStringArray.optional(),
 			user_authentication: zIso18045OrStringArray.optional()
-		}).passthrough().optional()
+		}).loose().optional()
 	})).optional(),
 	display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
 	credential_metadata: zod.default.optional(zod.default.never())
-}).passthrough();
+}).loose();
 //#endregion
 //#region src/formats/credential/mso-mdoc/z-mso-mdoc.ts
@@ -329,7 +330,7 @@ const zLegacySdJwtVcFormatIdentifier = zod.default.literal("vc+sd-jwt");
 * of the OpenID for Verifiable Presentations specification. Please update your
 * implementations accordingly.
 */
-const zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+const zLegacySdJwtVcCredentialIssuerMetadataV1 = zCredentialConfigurationSupportedCommon.extend({
 	vct: zod.default.string(),
 	format: zLegacySdJwtVcFormatIdentifier,
 	order: zod.default.optional(zod.default.array(zod.default.string())),
@@ -368,8 +369,8 @@ const zCredentialSubjectLeafTypeDraft14 = zod.default.object({
 	display: zod.default.array(zod.default.object({
 		name: zod.default.string().optional(),
 		locale: zod.default.string().optional()
-	}).passthrough()).optional()
-}).passthrough();
+	}).loose()).optional()
+}).loose();
 const zClaimValueSchemaDraft14 = zod.default.union([
 	zod.default.array(zod.default.any()),
 	zod.default.record(zod.default.string(), zod.default.any()),
@@ -378,14 +379,14 @@ const zClaimValueSchemaDraft14 = zod.default.union([
 const zW3cVcCredentialSubjectDraft14 = zod.default.record(zod.default.string(), zClaimValueSchemaDraft14);
 const zW3cVcJsonLdCredentialDefinition = zod.default.object({
 	"@context": zod.default.array(zod.default.string()),
-	type: zod.default.array(zod.default.string()).nonempty()
-}).passthrough();
+	type: zod.default.tuple([zod.default.string()], zod.default.string())
+}).loose();
 const zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
 //#endregion
 //#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
 const zJwtVcJsonFormatIdentifier = zod.default.literal("jwt_vc_json");
-const zJwtVcJsonCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zJwtVcJsonCredentialDefinition = zod.default.object({ type: zod.default.tuple([zod.default.string()], zod.default.string()) }).loose();
 const zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
 const zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zJwtVcJsonFormatIdentifier,
@@ -405,9 +406,9 @@ const zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSuppor
 const zJwtVcJsonCredentialIssuerMetadataDraft11 = zod.default.object({
 	format: zJwtVcJsonFormatIdentifier,
 	order: zod.default.array(zod.default.string()).optional(),
-	types: zod.default.array(zod.default.string()),
+	types: zod.default.tuple([zod.default.string()], zod.default.string()),
 	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).passthrough();
+}).loose();
 const zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(({ types, credentialSubject,...rest }) => ({
 	...rest,
 	credential_definition: {
@@ -415,7 +416,7 @@ const zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuer
 		...credentialSubject ? { credentialSubject } : {}
 	}
 }));
-const zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+const zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
 	...rest,
 	types: type,
 	...credentialDefinition
@@ -426,9 +427,9 @@ const zJwtVcJsonCredentialRequestFormatDraft14 = zod.default.object({
 });
 const zJwtVcJsonCredentialRequestDraft11 = zod.default.object({
 	format: zJwtVcJsonFormatIdentifier,
-	types: zod.default.array(zod.default.string()),
+	types: zod.default.tuple([zod.default.string()], zod.default.string()),
 	credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
-}).passthrough();
+}).loose();
 const zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(({ types, credentialSubject,...rest }) => {
 	return {
 		...rest,
@@ -438,7 +439,7 @@ const zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft1
 		}
 	};
 });
-const zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+const zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
 	...rest,
 	types: type,
 	...credentialDefinition
@@ -466,9 +467,9 @@ const zJwtVcJsonLdCredentialIssuerMetadataDraft11 = zod.default.object({
 	order: zod.default.array(zod.default.string()).optional(),
 	format: zJwtVcJsonLdFormatIdentifier,
 	"@context": zod.default.array(zod.default.string()),
-	types: zod.default.array(zod.default.string()),
+	types: zod.default.tuple([zod.default.string()], zod.default.string()),
 	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).passthrough();
+}).loose();
 const zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
 	...rest,
 	credential_definition: {
@@ -477,7 +478,7 @@ const zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIs
 		...credentialSubject ? { credentialSubject } : {}
 	}
 }));
-const zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+const zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
 	...rest,
 	...credentialDefinition,
 	types: type
@@ -490,10 +491,10 @@ const zJwtVcJsonLdCredentialRequestDraft11 = zod.default.object({
 	format: zJwtVcJsonLdFormatIdentifier,
 	credential_definition: zod.default.object({
 		"@context": zod.default.array(zod.default.string()),
-		types: zod.default.array(zod.default.string()),
+		types: zod.default.tuple([zod.default.string()], zod.default.string()),
 		credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
-	}).passthrough()
-}).passthrough();
+	}).loose()
+}).loose();
 const zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
 	...rest,
 	credential_definition: {
@@ -501,7 +502,7 @@ const zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDr
 		type: types
 	}
 }));
-const zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+const zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
 	...rest,
 	credential_definition: {
 		...restCredentialDefinition,
@@ -531,9 +532,9 @@ const zLdpVcCredentialIssuerMetadataDraft11 = zod.default.object({
 	order: zod.default.array(zod.default.string()).optional(),
 	format: zLdpVcFormatIdentifier,
 	"@context": zod.default.array(zod.default.string()),
-	types: zod.default.array(zod.default.string()),
+	types: zod.default.tuple([zod.default.string()], zod.default.string()),
 	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).passthrough();
+}).loose();
 const zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject,...rest }) => ({
 	...rest,
 	credential_definition: {
@@ -542,7 +543,7 @@ const zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadata
 		...credentialSubject ? { credentialSubject } : {}
 	}
 }));
-const zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.passthrough().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
+const zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type,...credentialDefinition },...rest }) => ({
 	...rest,
 	...credentialDefinition,
 	types: type
@@ -555,10 +556,10 @@ const zLdpVcCredentialRequestDraft11 = zod.default.object({
 	format: zLdpVcFormatIdentifier,
 	credential_definition: zod.default.object({
 		"@context": zod.default.array(zod.default.string()),
-		types: zod.default.array(zod.default.string()),
+		types: zod.default.tuple([zod.default.string()], zod.default.string()),
 		credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
 	})
-}).passthrough();
+}).loose();
 const zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(({ credential_definition: { types,...restCredentialDefinition },...rest }) => ({
 	...rest,
 	credential_definition: {
@@ -566,7 +567,7 @@ const zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transf
 		type: types
 	}
 }));
-const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.passthrough().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
+const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type,...restCredentialDefinition },...rest }) => ({
 	...rest,
 	credential_definition: {
 		...restCredentialDefinition,
@@ -577,7 +578,7 @@ const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.
 //#endregion
 //#region src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
 const zSdJwtW3VcFormatIdentifier = zod.default.literal("vc+sd-jwt");
-const zSdJwtW3VcCredentialDefinition = zod.default.object({ type: zod.default.array(zod.default.string()).nonempty() }).passthrough();
+const zSdJwtW3VcCredentialDefinition = zod.default.object({ type: zod.default.tuple([zod.default.string()], zod.default.string()) }).loose();
 const zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zSdJwtW3VcFormatIdentifier,
 	credential_definition: zSdJwtW3VcCredentialDefinition,
@@ -606,7 +607,7 @@ const allCredentialIssuerMetadataFormats = [
 	zJwtVcJsonCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadataDraft15,
-	zLegacySdJwtVcCredentialIssuerMetadataDraft16,
+	zLegacySdJwtVcCredentialIssuerMetadataV1,
 	zSdJwtDcCredentialIssuerMetadataDraft15,
 	zMsoMdocCredentialIssuerMetadataDraft15,
 	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -622,9 +623,12 @@ const allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadata
 const zCredentialConfigurationSupportedWithFormats = zod.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
 	if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
 	const validators = allCredentialIssuerMetadataFormats.filter((formatValidator) => formatValidator.shape.format.value === data.format);
-	const result = zod.default.object({}).passthrough().and(validators.length > 1 ? zod.default.union(validators) : validators[0]).safeParse(data);
+	const result = zod.default.object({}).loose().and(validators.length > 1 ? zod.default.union(validators) : validators[0]).safeParse(data);
 	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue(issue);
+	for (const issue of result.error.issues) ctx.addIssue({
+		...issue,
+		code: issue.code
+	});
 	return zod.default.NEVER;
 });
 const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
@@ -633,9 +637,9 @@ const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
 	logo: zod.default.object({
 		uri: zod.default.string().optional(),
 		alt_text: zod.default.string().optional()
-	}).passthrough().optional()
-}).passthrough();
-const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
+	}).loose().optional()
+}).loose();
+const zCredentialIssuerMetadataDraft14Draft15V1 = zod.default.object({
 	credential_issuer: __openid4vc_utils.zHttpsUrl,
 	authorization_servers: zod.default.array(__openid4vc_utils.zHttpsUrl).optional(),
 	credential_endpoint: __openid4vc_utils.zHttpsUrl,
@@ -646,22 +650,21 @@ const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
 		alg_values_supported: zod.default.array(zod.default.string()),
 		enc_values_supported: zod.default.array(zod.default.string()),
 		encryption_required: zod.default.boolean()
-	}).passthrough().optional(),
-	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).passthrough().optional(),
-	signed_metadata: __openid4vc_oauth2.zCompactJwt.optional(),
+	}).loose().optional(),
+	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).loose().optional(),
 	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
 	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
-}).passthrough();
+}).loose();
 const zCredentialConfigurationSupportedDraft11To16 = zod.default.object({
 	id: zod.default.string().optional(),
 	format: zod.default.string(),
 	cryptographic_suites_supported: zod.default.array(zod.default.string()).optional(),
 	display: zod.default.array(zod.default.object({
-		logo: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional(),
-		background_image: zod.default.object({ url: zod.default.string().url().optional() }).passthrough().optional()
-	}).passthrough()).optional(),
+		logo: zod.default.object({ url: zod.default.url().optional() }).loose().optional(),
+		background_image: zod.default.object({ url: zod.default.url().optional() }).loose().optional()
+	}).loose()).optional(),
 	claims: zod.default.any().optional()
-}).passthrough().transform(({ cryptographic_suites_supported, display, claims, id,...rest }) => ({
+}).loose().transform(({ cryptographic_suites_supported, display, claims, id,...rest }) => ({
 	...rest,
 	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
 	...claims || display ? { credential_metadata: {
@@ -681,13 +684,16 @@ const zCredentialConfigurationSupportedDraft11To16 = zod.default.object({
 	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
 	const result = formatSpecificTransformations[data.format].safeParse(data);
 	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue(issue);
+	for (const issue of result.error.issues) ctx.addIssue({
+		...issue,
+		code: issue.code
+	});
 	return zod.default.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
-const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
+const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
 	...credential_metadata,
 	...rest
-})).and(zod.default.object({ id: zod.default.string() }).passthrough()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
+})).and(zod.default.object({ id: zod.default.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
 	...rest,
 	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
 	...display ? { display: display.map(({ logo, background_image,...displayRest }) => {
@@ -714,28 +720,28 @@ const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSup
 		zLdpVcFormatIdentifier.value,
 		zJwtVcJsonFormatIdentifier.value,
 		zJwtVcJsonLdFormatIdentifier.value
-	].includes(input)) }).passthrough()
+	].includes(input)) }).loose()
 ]));
 const zCredentialIssuerMetadataDraft11To16 = zod.default.object({
 	authorization_server: zod.default.string().optional(),
-	credentials_supported: zod.default.array(zod.default.object({ id: zod.default.string().optional() }).passthrough())
-}).passthrough().transform(({ authorization_server, credentials_supported,...rest }) => {
+	credentials_supported: zod.default.array(zod.default.object({ id: zod.default.string().optional() }).loose())
+}).loose().transform(({ authorization_server, credentials_supported,...rest }) => {
 	return {
 		...rest,
 		...authorization_server ? { authorization_servers: [authorization_server] } : {},
 		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
 	};
-}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).passthrough()).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
-const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
+}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
+const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15V1.transform((issuerMetadata) => ({
 	...issuerMetadata,
 	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
 	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
 		...value,
 		id
 	}))
-})).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedDraft16To11) }));
-const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16, zCredentialIssuerMetadataDraft11To16]);
-const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
+})).pipe(zCredentialIssuerMetadataDraft14Draft15V1.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedV1ToDraft11) }));
+const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1.transform((credentialIssuerMetadata) => {
 	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
 	const isDraft15 = credentialConfigurations.some((configuration) => {
 		const knownConfiguration = configuration;
@@ -746,9 +752,7 @@ const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredential
 	});
 	return {
 		credentialIssuerMetadata,
-		originalDraftVersion: credentialConfigurations.some((configuration) => {
-			return configuration.credential_metadata;
-		}) ? Openid4vciDraftVersion.Draft16 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
 	};
 }), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
 	credentialIssuerMetadata,
@@ -927,7 +931,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
 //#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
 	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
-	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
 		format: credentialConfiguration.format,
 		vct: credentialConfiguration.vct
 	};
@@ -982,16 +986,16 @@ const zCredentialRequestProofJwt = zod.default.object({
 const zCredentialRequestJwtProofTypeHeader = __openid4vc_oauth2.zJwtHeader.merge(zod.default.object({
 	key_attestation: zod.default.optional(__openid4vc_oauth2.zCompactJwt),
 	typ: zod.default.literal("openid4vci-proof+jwt")
-})).passthrough().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
+})).loose().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
 const zCredentialRequestJwtProofTypePayload = zod.default.object({
 	...__openid4vc_oauth2.zJwtPayload.shape,
 	aud: __openid4vc_utils.zHttpsUrl,
 	iat: __openid4vc_utils.zInteger
-}).passthrough();
+}).loose();
 //#endregion
 //#region src/credential-request/z-credential-request-common.ts
-const zCredentialRequestProofCommon = zod.default.object({ proof_type: zod.default.string() }).passthrough();
+const zCredentialRequestProofCommon = zod.default.object({ proof_type: zod.default.string() }).loose();
 const allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
 const zCredentialRequestProof = zod.default.union([zCredentialRequestProofCommon, zod.default.discriminatedUnion("proof_type", allCredentialRequestProofs)]);
 const zCredentialRequestProofsCommon = zod.default.record(zod.default.string(), zod.default.array(zod.default.unknown()));
@@ -1006,8 +1010,8 @@ const zCredentialRequestCommon = zod.default.object({
 		jwk: __openid4vc_oauth2.zJwk,
 		alg: zod.default.string(),
 		enc: zod.default.string()
-	}).passthrough().optional()
-}).passthrough().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), { message: `Both 'proof' and 'proofs' are defined. Only one is allowed` });
+	}).loose().optional()
+}).loose().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), { message: `Both 'proof' and 'proofs' are defined. Only one is allowed` });
 //#endregion
 //#region src/credential-request/z-credential-request.ts
@@ -1034,12 +1038,15 @@ const zCredentialRequestFormat = zod.default.object({
 	format: zod.default.string(),
 	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
 	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
-}).passthrough();
+}).loose();
 const zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
 	if (!allCredentialRequestFormatIdentifiers.includes(data.format)) return data;
-	const result = zod.default.object({}).passthrough().and(zod.default.union(allCredentialRequestFormats)).safeParse(data);
+	const result = zod.default.object({}).loose().and(zod.default.union(allCredentialRequestFormats)).safeParse(data);
 	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue(issue);
+	for (const issue of result.error.issues) ctx.addIssue({
+		...issue,
+		code: issue.code
+	});
 	return zod.default.NEVER;
 });
 const zCredentialRequestDraft15 = zod.default.union([zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest), zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)]);
@@ -1053,10 +1060,22 @@ const zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRe
 	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
 	const result = formatSpecificTransformations[data.format].safeParse(data);
 	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue(issue);
+	for (const issue of result.error.issues) ctx.addIssue({
+		...issue,
+		code: issue.code
+	});
 	return zod.default.NEVER;
 }).pipe(zCredentialRequestDraft14);
-const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine((data) => data.credential_identifier === void 0, `'credential_identifier' is not supported in OpenID4VCI draft 11`).transform((data, ctx) => {
+const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.transform((data, ctx) => {
+	if (data.credential_identifier !== void 0) {
+		ctx.addIssue({
+			code: "custom",
+			continue: false,
+			message: `'credential_identifier' is not supported in OpenID4VCI draft 11`,
+			path: ["credential_identifier"]
+		});
+		return zod.default.NEVER;
+	}
 	const formatSpecificTransformations = {
 		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
 		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
@@ -1065,7 +1084,10 @@ const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.refine((data) =>
 	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
 	const result = formatSpecificTransformations[data.format].safeParse(data);
 	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue(issue);
+	for (const issue of result.error.issues) ctx.addIssue({
+		...issue,
+		code: issue.code
+	});
 	return zod.default.NEVER;
 });
 const zCredentialRequest = zod.default.union([
@@ -1079,7 +1101,7 @@ const zDeferredCredentialRequest = zod.default.object({
 		jwk: __openid4vc_oauth2.zJwk,
 		alg: zod.default.string(),
 		enc: zod.default.string()
-	}).passthrough().optional()
+	}).loose().optional()
 });
 //#endregion
@@ -1124,40 +1146,40 @@ let Oauth2ErrorCodes$2 = /* @__PURE__ */ function(Oauth2ErrorCodes$3) {
 	return Oauth2ErrorCodes$3;
 }({});
 const zOauth2ErrorResponse = zod.default.object({
-	error: zod.default.union([zod.default.nativeEnum(Oauth2ErrorCodes$2), zod.default.string()]),
+	error: zod.default.union([zod.default.enum(Oauth2ErrorCodes$2), zod.default.string()]),
 	error_description: zod.default.string().optional(),
 	error_uri: zod.default.string().optional()
-}).passthrough();
+}).loose();
 //#endregion
 //#region src/credential-request/z-credential-response.ts
 const zCredentialEncoding = zod.default.union([zod.default.string(), zod.default.record(zod.default.string(), zod.default.any())]);
 const zBaseCredentialResponse = zod.default.object({
 	credentials: zod.default.union([zod.default.array(zod.default.object({ credential: zCredentialEncoding })), zod.default.array(zCredentialEncoding)]).optional(),
-	interval: zod.default.number().int().positive().optional(),
-	notification_id: zod.default.string().optional()
-}).passthrough();
+	notification_id: zod.default.string().optional(),
+	transaction_id: zod.default.string().optional(),
+	interval: zod.default.number().int().positive().optional()
+}).loose();
 const zCredentialResponse = zBaseCredentialResponse.extend({
 	credential: zod.default.optional(zCredentialEncoding),
-	transaction_id: zod.default.string().optional(),
 	c_nonce: zod.default.string().optional(),
 	c_nonce_expires_in: zod.default.number().int().optional()
-}).passthrough().superRefine((value, ctx) => {
+}).loose().superRefine((value, ctx) => {
 	const { credential, credentials, transaction_id, interval, notification_id } = value;
 	if ([
 		credential,
 		credentials,
 		transaction_id
 	].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
-		code: zod.default.ZodIssueCode.custom,
+		code: "custom",
 		message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
 	});
 	if (transaction_id && !interval) ctx.addIssue({
-		code: zod.default.ZodIssueCode.custom,
+		code: "custom",
 		message: `'interval' MUST be defined when 'transaction_id' is defined.`
 	});
 	if (notification_id && !(credentials || credential)) ctx.addIssue({
-		code: zod.default.ZodIssueCode.custom,
+		code: "custom",
 		message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
 	});
 });
@@ -1165,16 +1187,27 @@ const zCredentialErrorResponse = zod.default.object({
 	...zOauth2ErrorResponse.shape,
 	c_nonce: zod.default.string().optional(),
 	c_nonce_expires_in: zod.default.number().int().optional()
-}).passthrough();
-const zDeferredCredentialResponse = zBaseCredentialResponse.refine((value) => {
-	const { credentials, interval } = value;
-	return [credentials, interval].filter((i) => i !== void 0).length === 1;
-}, { message: `Exactly one of 'credentials' or 'interval' MUST be defined.` });
+}).loose();
+const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value, ctx) => {
+	const { credentials, transaction_id, interval, notification_id } = value;
+	if ([credentials, transaction_id].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
+		code: "custom",
+		message: `Exactly one of 'credentials', or 'transaction_id' MUST be defined.`
+	});
+	if (transaction_id && !interval) ctx.addIssue({
+		code: "custom",
+		message: `'interval' MUST be defined when 'transaction_id' is defined.`
+	});
+	if (notification_id && credentials) ctx.addIssue({
+		code: "custom",
+		message: `'notification_id' MUST NOT be defined when 'credentials' is not defined.`
+	});
+});
 //#endregion
 //#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
-	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
+	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
 	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
 	const credentialRequest = {
 		...options.additionalRequestPayload,
@@ -1191,7 +1224,7 @@ async function retrieveCredentialsWithCredentialConfigurationId(options) {
 	});
 }
 async function retrieveCredentialsWithFormat(options) {
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request.");
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on format is not supported on OpenID4VCI above draft 15. Provide the credential configuration id directly in the request.");
 	const credentialRequest = {
 		...options.formatPayload,
 		...options.additionalRequestPayload,
@@ -1273,7 +1306,7 @@ async function retrieveDeferredCredentials(options) {
 			deferredCredentialErrorResponseResult
 		};
 	}
-	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.refine((response) => response.credentials || response.transaction_id === options.transactionId, { error: `Transaction id in deferred credential response does not match transaction id in deferred credential request '${options.transactionId}'` }).safeParse(await resourceResponse.response.clone().json()) : void 0;
 	if (!deferredCredentialResponseResult?.success) return {
 		...resourceResponse,
 		ok: false,
@@ -1391,7 +1424,7 @@ async function resolveIssuerMetadata(credentialIssuer, options) {
 const zNonceResponse = zod.default.object({
 	c_nonce: zod.default.string(),
 	c_nonce_expires_in: zod.default.optional(__openid4vc_utils.zInteger)
-}).passthrough();
+}).loose();
 //#endregion
 //#region src/nonce/nonce-request.ts
@@ -1430,8 +1463,8 @@ const zNotificationRequest = zod.default.object({
 	notification_id: zod.default.string(),
 	event: zNotificationEvent,
 	event_description: zod.default.optional(zod.default.string())
-}).passthrough();
-const zNotificationErrorResponse = zod.default.object({ error: zod.default.enum(["invalid_notification_id", "invalid_notification_request"]) }).passthrough();
+}).loose();
+const zNotificationErrorResponse = zod.default.object({ error: zod.default.enum(["invalid_notification_id", "invalid_notification_request"]) }).loose();
 //#endregion
 //#region src/notification/notification.ts
@@ -1691,7 +1724,7 @@ var Openid4vciClient = class {
 	*/
 	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
 		let credentialResponse;
-		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
+		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
 			accessToken,
 			credentialConfigurationId,
 			issuerMetadata,
@@ -1766,6 +1799,7 @@ function createDeferredCredentialResponse(options) {
 	return (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialResponse, {
 		credentials: options.credentials,
 		notification_id: options.notificationId,
+		transaction_id: options.transactionId,
 		interval: options.interval,
 		...options.additionalPayload
 	});