@openid4vc/openid4vci 0.3.0-alpha-20251017122507 → 0.3.0-alpha-20251021081452

package/dist/index.d.mts

@@ -7,7 +7,7 @@ import * as zod_v4_core0 from "zod/v4/core";
 
 //#region src/version.d.ts
 declare enum Openid4vciDraftVersion {
-  Draft16 = "Draft16",
+  V1 = "V1",
   Draft15 = "Draft15",
   Draft14 = "Draft14",
   Draft11 = "Draft11",
@@ -1160,8 +1160,8 @@ declare const zCredentialIssuerMetadataDisplayEntry: z.ZodObject<{
   }, z.core.$loose>>;
 }, z.core.$loose>;
 type CredentialIssuerMetadataDisplayEntry = z.infer<typeof zCredentialIssuerMetadataDisplayEntry>;
-type CredentialIssuerMetadata = z.infer<typeof zCredentialIssuerMetadataDraft14Draft15Draft16>;
-declare const zCredentialIssuerMetadataDraft14Draft15Draft16: z.ZodObject<{
+type CredentialIssuerMetadata = z.infer<typeof zCredentialIssuerMetadataDraft14Draft15V1>;
+declare const zCredentialIssuerMetadataDraft14Draft15V1: z.ZodObject<{
   credential_issuer: z.ZodString;
   authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString>>;
   credential_endpoint: z.ZodString;
@@ -1176,7 +1176,6 @@ declare const zCredentialIssuerMetadataDraft14Draft15Draft16: z.ZodObject<{
   batch_credential_issuance: z.ZodOptional<z.ZodObject<{
     batch_size: z.ZodNumber;
   }, z.core.$loose>>;
-  signed_metadata: z.ZodOptional<z.ZodString>;
   display: z.ZodOptional<z.ZodArray<z.ZodObject<{
     name: z.ZodOptional<z.ZodString>;
     locale: z.ZodOptional<z.ZodString>;
@@ -2337,10 +2336,10 @@ declare const zCredentialResponse: z.ZodObject<{
   credentials: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodObject<{
     credential: z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>;
   }, z.core.$strip>>, z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>]>>;
-  interval: z.ZodOptional<z.ZodNumber>;
   notification_id: z.ZodOptional<z.ZodString>;
-  credential: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>;
   transaction_id: z.ZodOptional<z.ZodString>;
+  interval: z.ZodOptional<z.ZodNumber>;
+  credential: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>;
   c_nonce: z.ZodOptional<z.ZodString>;
   c_nonce_expires_in: z.ZodOptional<z.ZodNumber>;
 }, z.core.$loose>;
@@ -2357,8 +2356,9 @@ declare const zDeferredCredentialResponse: z.ZodObject<{
   credentials: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodObject<{
     credential: z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>;
   }, z.core.$strip>>, z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>]>>;
-  interval: z.ZodOptional<z.ZodNumber>;
   notification_id: z.ZodOptional<z.ZodString>;
+  transaction_id: z.ZodOptional<z.ZodString>;
+  interval: z.ZodOptional<z.ZodNumber>;
 }, z.core.$loose>;
 type DeferredCredentialResponse = z.infer<typeof zDeferredCredentialResponse>;
 //#endregion
@@ -3680,10 +3680,20 @@ interface CreateCredentialResponseOptions {
    */
   additionalPayload?: Record<string, unknown>;
 }
-type CreateDeferredCredentialResponseOptions = {
-  credentials?: DeferredCredentialResponse['credentials'];
-  interval?: number;
+type CreateDeferredCredentialResponseOptions = ({
+  credentials: DeferredCredentialResponse['credentials'];
   notificationId?: string;
+  transactionId?: never;
+  interval?: never;
+} | {
+  /**
+   * The `transaction_id` used to identify the deferred issuance transaction.
+   */
+  transactionId: string;
+  interval: number;
+  credentials?: never;
+  notificationId?: never;
+}) & {
   /**
    * Additional payload to include in the deferred credential response
    */
@@ -3851,7 +3861,6 @@ declare class Openid4vciIssuer {
       [x: string]: unknown;
       batch_size: number;
     } | undefined;
-    signed_metadata?: string | undefined;
     display?: {
       [x: string]: unknown;
       name?: string | undefined;
@@ -4237,10 +4246,10 @@ declare class Openid4vciIssuer {
     credentials?: {
       credential: string | Record<string, any>;
     }[] | (string | Record<string, any>)[] | undefined;
-    interval?: number | undefined;
     notification_id?: string | undefined;
-    credential?: string | Record<string, any> | undefined;
     transaction_id?: string | undefined;
+    interval?: number | undefined;
+    credential?: string | Record<string, any> | undefined;
     c_nonce?: string | undefined;
     c_nonce_expires_in?: number | undefined;
   };
@@ -4252,8 +4261,9 @@ declare class Openid4vciIssuer {
     credentials?: {
       credential: string | Record<string, any>;
     }[] | (string | Record<string, any>)[] | undefined;
-    interval?: number | undefined;
     notification_id?: string | undefined;
+    transaction_id?: string | undefined;
+    interval?: number | undefined;
   };
   /**
    * @throws ValidationError - when validation of the nonce response fails

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { ContentType, Fetch, FetchHeaders, HttpMethod, InferOutputUnion, Oid4vcTsConfig, OrPromise, StringWithAutoCompletion, getGlobalConfig, setGlobalConfig } from "@openid4vc/utils";
-import * as _openid4vc_oauth20 from "@openid4vc/oauth2";
+import * as _openid4vc_oauth23 from "@openid4vc/oauth2";
 import { AuthorizationCodeGrantIdentifier, AuthorizationServerMetadata, CallbackContext, CreateAuthorizationRequestUrlOptions, CreateClientAttestationJwtOptions, CreatePkceReturn, Jwk, JwtSigner, PreAuthorizedCodeGrantIdentifier, RequestDpopOptions, ResourceRequestResponseNotOk, ResourceRequestResponseOk, RetrieveAuthorizationCodeAccessTokenOptions, RetrievePreAuthorizedCodeAccessTokenOptions, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "@openid4vc/oauth2";
 import * as zod0 from "zod";
 import z from "zod";
@@ -7,7 +7,7 @@ import * as zod_v4_core0 from "zod/v4/core";
 
 //#region src/version.d.ts
 declare enum Openid4vciDraftVersion {
-  Draft16 = "Draft16",
+  V1 = "V1",
   Draft15 = "Draft15",
   Draft14 = "Draft14",
   Draft11 = "Draft11",
@@ -1160,8 +1160,8 @@ declare const zCredentialIssuerMetadataDisplayEntry: z.ZodObject<{
   }, z.core.$loose>>;
 }, z.core.$loose>;
 type CredentialIssuerMetadataDisplayEntry = z.infer<typeof zCredentialIssuerMetadataDisplayEntry>;
-type CredentialIssuerMetadata = z.infer<typeof zCredentialIssuerMetadataDraft14Draft15Draft16>;
-declare const zCredentialIssuerMetadataDraft14Draft15Draft16: z.ZodObject<{
+type CredentialIssuerMetadata = z.infer<typeof zCredentialIssuerMetadataDraft14Draft15V1>;
+declare const zCredentialIssuerMetadataDraft14Draft15V1: z.ZodObject<{
   credential_issuer: z.ZodString;
   authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString>>;
   credential_endpoint: z.ZodString;
@@ -1176,7 +1176,6 @@ declare const zCredentialIssuerMetadataDraft14Draft15Draft16: z.ZodObject<{
   batch_credential_issuance: z.ZodOptional<z.ZodObject<{
     batch_size: z.ZodNumber;
   }, z.core.$loose>>;
-  signed_metadata: z.ZodOptional<z.ZodString>;
   display: z.ZodOptional<z.ZodArray<z.ZodObject<{
     name: z.ZodOptional<z.ZodString>;
     locale: z.ZodOptional<z.ZodString>;
@@ -2337,10 +2336,10 @@ declare const zCredentialResponse: z.ZodObject<{
   credentials: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodObject<{
     credential: z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>;
   }, z.core.$strip>>, z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>]>>;
-  interval: z.ZodOptional<z.ZodNumber>;
   notification_id: z.ZodOptional<z.ZodString>;
-  credential: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>;
   transaction_id: z.ZodOptional<z.ZodString>;
+  interval: z.ZodOptional<z.ZodNumber>;
+  credential: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>;
   c_nonce: z.ZodOptional<z.ZodString>;
   c_nonce_expires_in: z.ZodOptional<z.ZodNumber>;
 }, z.core.$loose>;
@@ -2357,8 +2356,9 @@ declare const zDeferredCredentialResponse: z.ZodObject<{
   credentials: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodObject<{
     credential: z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>;
   }, z.core.$strip>>, z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>]>>;
-  interval: z.ZodOptional<z.ZodNumber>;
   notification_id: z.ZodOptional<z.ZodString>;
+  transaction_id: z.ZodOptional<z.ZodString>;
+  interval: z.ZodOptional<z.ZodNumber>;
 }, z.core.$loose>;
 type DeferredCredentialResponse = z.infer<typeof zDeferredCredentialResponse>;
 //#endregion
@@ -2725,7 +2725,7 @@ interface ParseKeyAttestationJwtOptions {
 declare function parseKeyAttestationJwt({
   keyAttestationJwt,
   use
-}: ParseKeyAttestationJwtOptions): _openid4vc_oauth20.DecodeJwtResult<zod0.ZodObject<{
+}: ParseKeyAttestationJwtOptions): _openid4vc_oauth23.DecodeJwtResult<zod0.ZodObject<{
   typ: zod0.ZodUnion<[zod0.ZodLiteral<"keyattestation+jwt">, zod0.ZodLiteral<"key-attestation+jwt">]>;
   alg: zod0.ZodString;
   kid: zod0.ZodOptional<zod0.ZodString>;
@@ -2997,7 +2997,7 @@ declare function verifyKeyAttestationJwt(options: VerifyKeyAttestationJwtOptions
     status?: Record<string, any> | undefined;
     trust_chain?: [string, ...string[]] | undefined;
   };
-  signer: _openid4vc_oauth20.JwtSignerWithJwk;
+  signer: _openid4vc_oauth23.JwtSignerWithJwk;
 }>;
 //#endregion
 //#region src/metadata/credential-issuer/credential-configurations.d.ts
@@ -3162,7 +3162,7 @@ declare class Openid4vciClient {
     };
     dpop: {
       nonce: string | undefined;
-      signer: _openid4vc_oauth20.JwtSignerJwk;
+      signer: _openid4vc_oauth23.JwtSignerJwk;
     } | undefined;
   }>;
   /**
@@ -3221,7 +3221,7 @@ declare class Openid4vciClient {
     issuerMetadata: IssuerMetadataResult;
   }): Promise<{
     authorizationServer: string;
-    accessTokenResponse: _openid4vc_oauth20.AccessTokenResponse;
+    accessTokenResponse: _openid4vc_oauth23.AccessTokenResponse;
     dpop?: RequestDpopOptions;
   }>;
   /**
@@ -3241,7 +3241,7 @@ declare class Openid4vciClient {
     issuerMetadata: IssuerMetadataResult;
   }): Promise<{
     authorizationServer: string;
-    accessTokenResponse: _openid4vc_oauth20.AccessTokenResponse;
+    accessTokenResponse: _openid4vc_oauth23.AccessTokenResponse;
     dpop?: RequestDpopOptions;
   }>;
   /**
@@ -3296,7 +3296,7 @@ declare class Openid4vciClient {
     additionalRequestPayload,
     accessToken,
     dpop
-  }: Pick<SendNotificationOptions, 'accessToken' | 'additionalRequestPayload' | 'issuerMetadata' | 'dpop' | 'notification'>): Promise<_openid4vc_oauth20.ResourceRequestResponseOk>;
+  }: Pick<SendNotificationOptions, 'accessToken' | 'additionalRequestPayload' | 'issuerMetadata' | 'dpop' | 'notification'>): Promise<_openid4vc_oauth23.ResourceRequestResponseOk>;
 }
 //#endregion
 //#region ../oauth2/src/common/jwk/z-jwk.d.ts
@@ -3680,10 +3680,20 @@ interface CreateCredentialResponseOptions {
    */
   additionalPayload?: Record<string, unknown>;
 }
-type CreateDeferredCredentialResponseOptions = {
-  credentials?: DeferredCredentialResponse['credentials'];
-  interval?: number;
+type CreateDeferredCredentialResponseOptions = ({
+  credentials: DeferredCredentialResponse['credentials'];
   notificationId?: string;
+  transactionId?: never;
+  interval?: never;
+} | {
+  /**
+   * The `transaction_id` used to identify the deferred issuance transaction.
+   */
+  transactionId: string;
+  interval: number;
+  credentials?: never;
+  notificationId?: never;
+}) & {
   /**
    * Additional payload to include in the deferred credential response
    */
@@ -3851,7 +3861,6 @@ declare class Openid4vciIssuer {
       [x: string]: unknown;
       batch_size: number;
     } | undefined;
-    signed_metadata?: string | undefined;
     display?: {
       [x: string]: unknown;
       name?: string | undefined;
@@ -3966,7 +3975,7 @@ declare class Openid4vciIssuer {
       status?: Record<string, any> | undefined;
       trust_chain?: [string, ...string[]] | undefined;
     };
-    signer: _openid4vc_oauth20.JwtSignerWithJwk;
+    signer: _openid4vc_oauth23.JwtSignerWithJwk;
     keyAttestation: {
       header: {
         [x: string]: unknown;
@@ -4088,7 +4097,7 @@ declare class Openid4vciIssuer {
         status?: Record<string, any> | undefined;
         trust_chain?: [string, ...string[]] | undefined;
       };
-      signer: _openid4vc_oauth20.JwtSignerWithJwk;
+      signer: _openid4vc_oauth23.JwtSignerWithJwk;
     } | undefined;
   }>;
   /**
@@ -4218,7 +4227,7 @@ declare class Openid4vciIssuer {
       status?: Record<string, any> | undefined;
       trust_chain?: [string, ...string[]] | undefined;
     };
-    signer: _openid4vc_oauth20.JwtSignerWithJwk;
+    signer: _openid4vc_oauth23.JwtSignerWithJwk;
   }>;
   /**
    * @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
@@ -4237,10 +4246,10 @@ declare class Openid4vciIssuer {
     credentials?: {
       credential: string | Record<string, any>;
     }[] | (string | Record<string, any>)[] | undefined;
-    interval?: number | undefined;
     notification_id?: string | undefined;
-    credential?: string | Record<string, any> | undefined;
     transaction_id?: string | undefined;
+    interval?: number | undefined;
+    credential?: string | Record<string, any> | undefined;
     c_nonce?: string | undefined;
     c_nonce_expires_in?: number | undefined;
   };
@@ -4252,8 +4261,9 @@ declare class Openid4vciIssuer {
     credentials?: {
       credential: string | Record<string, any>;
     }[] | (string | Record<string, any>)[] | undefined;
-    interval?: number | undefined;
     notification_id?: string | undefined;
+    transaction_id?: string | undefined;
+    interval?: number | undefined;
   };
   /**
    * @throws ValidationError - when validation of the nonce response fails
@@ -4353,7 +4363,7 @@ declare class Openid4vciIssuer {
         status?: Record<string, any> | undefined;
         trust_chain?: [string, ...string[]] | undefined;
       };
-      signer: _openid4vc_oauth20.JwtSignerWithJwk;
+      signer: _openid4vc_oauth23.JwtSignerWithJwk;
     };
     clientAttestationPop: {
       header: {
@@ -4442,7 +4452,7 @@ declare class Openid4vciIssuer {
         status?: Record<string, any> | undefined;
         trust_chain?: [string, ...string[]] | undefined;
       };
-      signer: _openid4vc_oauth20.JwtSignerWithJwk;
+      signer: _openid4vc_oauth23.JwtSignerWithJwk;
     };
   }>;
 }

package/dist/index.js

@@ -30,7 +30,7 @@ zod = __toESM(zod);
 
 //#region src/version.ts
 let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
-	Openid4vciDraftVersion$1["Draft16"] = "Draft16";
+	Openid4vciDraftVersion$1["V1"] = "V1";
 	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
 	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
 	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
@@ -330,7 +330,7 @@ const zLegacySdJwtVcFormatIdentifier = zod.default.literal("vc+sd-jwt");
 * of the OpenID for Verifiable Presentations specification. Please update your
 * implementations accordingly.
 */
-const zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+const zLegacySdJwtVcCredentialIssuerMetadataV1 = zCredentialConfigurationSupportedCommon.extend({
 	vct: zod.default.string(),
 	format: zLegacySdJwtVcFormatIdentifier,
 	order: zod.default.optional(zod.default.array(zod.default.string())),
@@ -607,7 +607,7 @@ const allCredentialIssuerMetadataFormats = [
 	zJwtVcJsonCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadataDraft15,
-	zLegacySdJwtVcCredentialIssuerMetadataDraft16,
+	zLegacySdJwtVcCredentialIssuerMetadataV1,
 	zSdJwtDcCredentialIssuerMetadataDraft15,
 	zMsoMdocCredentialIssuerMetadataDraft15,
 	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -639,7 +639,7 @@ const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
 		alt_text: zod.default.string().optional()
 	}).loose().optional()
 }).loose();
-const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
+const zCredentialIssuerMetadataDraft14Draft15V1 = zod.default.object({
 	credential_issuer: __openid4vc_utils.zHttpsUrl,
 	authorization_servers: zod.default.array(__openid4vc_utils.zHttpsUrl).optional(),
 	credential_endpoint: __openid4vc_utils.zHttpsUrl,
@@ -652,7 +652,6 @@ const zCredentialIssuerMetadataDraft14Draft15Draft16 = zod.default.object({
 		encryption_required: zod.default.boolean()
 	}).loose().optional(),
 	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).loose().optional(),
-	signed_metadata: __openid4vc_oauth2.zCompactJwt.optional(),
 	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
 	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
 }).loose();
@@ -691,7 +690,7 @@ const zCredentialConfigurationSupportedDraft11To16 = zod.default.object({
 	});
 	return zod.default.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
-const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
+const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
 	...credential_metadata,
 	...rest
 })).and(zod.default.object({ id: zod.default.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
@@ -732,17 +731,17 @@ const zCredentialIssuerMetadataDraft11To16 = zod.default.object({
 		...authorization_server ? { authorization_servers: [authorization_server] } : {},
 		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
 	};
-}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
-const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
+}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
+const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15V1.transform((issuerMetadata) => ({
 	...issuerMetadata,
 	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
 	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
 		...value,
 		id
 	}))
-})).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedDraft16To11) }));
-const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16, zCredentialIssuerMetadataDraft11To16]);
-const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
+})).pipe(zCredentialIssuerMetadataDraft14Draft15V1.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedV1ToDraft11) }));
+const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1.transform((credentialIssuerMetadata) => {
 	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
 	const isDraft15 = credentialConfigurations.some((configuration) => {
 		const knownConfiguration = configuration;
@@ -753,9 +752,7 @@ const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredential
 	});
 	return {
 		credentialIssuerMetadata,
-		originalDraftVersion: credentialConfigurations.some((configuration) => {
-			return configuration.credential_metadata;
-		}) ? Openid4vciDraftVersion.Draft16 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
 	};
 }), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
 	credentialIssuerMetadata,
@@ -934,7 +931,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
 //#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
 	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
-	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
 		format: credentialConfiguration.format,
 		vct: credentialConfiguration.vct
 	};
@@ -1159,12 +1156,12 @@ const zOauth2ErrorResponse = zod.default.object({
 const zCredentialEncoding = zod.default.union([zod.default.string(), zod.default.record(zod.default.string(), zod.default.any())]);
 const zBaseCredentialResponse = zod.default.object({
 	credentials: zod.default.union([zod.default.array(zod.default.object({ credential: zCredentialEncoding })), zod.default.array(zCredentialEncoding)]).optional(),
-	interval: zod.default.number().int().positive().optional(),
-	notification_id: zod.default.string().optional()
+	notification_id: zod.default.string().optional(),
+	transaction_id: zod.default.string().optional(),
+	interval: zod.default.number().int().positive().optional()
 }).loose();
 const zCredentialResponse = zBaseCredentialResponse.extend({
 	credential: zod.default.optional(zCredentialEncoding),
-	transaction_id: zod.default.string().optional(),
 	c_nonce: zod.default.string().optional(),
 	c_nonce_expires_in: zod.default.number().int().optional()
 }).loose().superRefine((value, ctx) => {
@@ -1191,15 +1188,26 @@ const zCredentialErrorResponse = zod.default.object({
 	c_nonce: zod.default.string().optional(),
 	c_nonce_expires_in: zod.default.number().int().optional()
 }).loose();
-const zDeferredCredentialResponse = zBaseCredentialResponse.refine((value) => {
-	const { credentials, interval } = value;
-	return [credentials, interval].filter((i) => i !== void 0).length === 1;
-}, { message: `Exactly one of 'credentials' or 'interval' MUST be defined.` });
+const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value, ctx) => {
+	const { credentials, transaction_id, interval, notification_id } = value;
+	if ([credentials, transaction_id].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
+		code: "custom",
+		message: `Exactly one of 'credentials', or 'transaction_id' MUST be defined.`
+	});
+	if (transaction_id && !interval) ctx.addIssue({
+		code: "custom",
+		message: `'interval' MUST be defined when 'transaction_id' is defined.`
+	});
+	if (notification_id && credentials) ctx.addIssue({
+		code: "custom",
+		message: `'notification_id' MUST NOT be defined when 'credentials' is not defined.`
+	});
+});
 
 //#endregion
 //#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
-	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
+	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
 	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
 	const credentialRequest = {
 		...options.additionalRequestPayload,
@@ -1216,7 +1224,7 @@ async function retrieveCredentialsWithCredentialConfigurationId(options) {
 	});
 }
 async function retrieveCredentialsWithFormat(options) {
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request.");
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on format is not supported on OpenID4VCI above draft 15. Provide the credential configuration id directly in the request.");
 	const credentialRequest = {
 		...options.formatPayload,
 		...options.additionalRequestPayload,
@@ -1298,7 +1306,7 @@ async function retrieveDeferredCredentials(options) {
 			deferredCredentialErrorResponseResult
 		};
 	}
-	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.refine((response) => response.credentials || response.transaction_id === options.transactionId, { error: `Transaction id in deferred credential response does not match transaction id in deferred credential request '${options.transactionId}'` }).safeParse(await resourceResponse.response.clone().json()) : void 0;
 	if (!deferredCredentialResponseResult?.success) return {
 		...resourceResponse,
 		ok: false,
@@ -1716,7 +1724,7 @@ var Openid4vciClient = class {
 	*/
 	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
 		let credentialResponse;
-		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
+		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
 			accessToken,
 			credentialConfigurationId,
 			issuerMetadata,
@@ -1791,6 +1799,7 @@ function createDeferredCredentialResponse(options) {
 	return (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialResponse, {
 		credentials: options.credentials,
 		notification_id: options.notificationId,
+		transaction_id: options.transactionId,
 		interval: options.interval,
 		...options.additionalPayload
 	});