npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20251017122507 → 0.3.0-alpha-20251021081452 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20251017122507 → 0.3.0-alpha-20251021081452

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -4,7 +4,7 @@ import z from "zod";
 //#region src/version.ts
 let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
-	Openid4vciDraftVersion$1["Draft16"] = "Draft16";
+	Openid4vciDraftVersion$1["V1"] = "V1";
 	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
 	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
 	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
@@ -304,7 +304,7 @@ const zLegacySdJwtVcFormatIdentifier = z.literal("vc+sd-jwt");
 * of the OpenID for Verifiable Presentations specification. Please update your
 * implementations accordingly.
 */
-const zLegacySdJwtVcCredentialIssuerMetadataDraft16 = zCredentialConfigurationSupportedCommon.extend({
+const zLegacySdJwtVcCredentialIssuerMetadataV1 = zCredentialConfigurationSupportedCommon.extend({
 	vct: z.string(),
 	format: zLegacySdJwtVcFormatIdentifier,
 	order: z.optional(z.array(z.string())),
@@ -581,7 +581,7 @@ const allCredentialIssuerMetadataFormats = [
 	zJwtVcJsonCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadata,
 	zSdJwtW3VcCredentialIssuerMetadataDraft15,
-	zLegacySdJwtVcCredentialIssuerMetadataDraft16,
+	zLegacySdJwtVcCredentialIssuerMetadataV1,
 	zSdJwtDcCredentialIssuerMetadataDraft15,
 	zMsoMdocCredentialIssuerMetadataDraft15,
 	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
@@ -613,7 +613,7 @@ const zCredentialIssuerMetadataDisplayEntry = z.object({
 		alt_text: z.string().optional()
 	}).loose().optional()
 }).loose();
-const zCredentialIssuerMetadataDraft14Draft15Draft16 = z.object({
+const zCredentialIssuerMetadataDraft14Draft15V1 = z.object({
 	credential_issuer: zHttpsUrl,
 	authorization_servers: z.array(zHttpsUrl).optional(),
 	credential_endpoint: zHttpsUrl,
@@ -626,7 +626,6 @@ const zCredentialIssuerMetadataDraft14Draft15Draft16 = z.object({
 		encryption_required: z.boolean()
 	}).loose().optional(),
 	batch_credential_issuance: z.object({ batch_size: z.number().positive() }).loose().optional(),
-	signed_metadata: zCompactJwt.optional(),
 	display: z.array(zCredentialIssuerMetadataDisplayEntry).optional(),
 	credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedWithFormats)
 }).loose();
@@ -665,7 +664,7 @@ const zCredentialConfigurationSupportedDraft11To16 = z.object({
 	});
 	return z.NEVER;
 }).pipe(zCredentialConfigurationSupportedWithFormats);
-const zCredentialConfigurationSupportedDraft16To11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
+const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
 	...credential_metadata,
 	...rest
 })).and(z.object({ id: z.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
@@ -706,17 +705,17 @@ const zCredentialIssuerMetadataDraft11To16 = z.object({
 		...authorization_server ? { authorization_servers: [authorization_server] } : {},
 		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
 	};
-}).pipe(z.object({ credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16);
-const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15Draft16.transform((issuerMetadata) => ({
+}).pipe(z.object({ credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
+const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15V1.transform((issuerMetadata) => ({
 	...issuerMetadata,
 	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
 	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
 		...value,
 		id
 	}))
-})).pipe(zCredentialIssuerMetadataDraft14Draft15Draft16.extend({ credentials_supported: z.array(zCredentialConfigurationSupportedDraft16To11) }));
-const zCredentialIssuerMetadata = z.union([zCredentialIssuerMetadataDraft14Draft15Draft16, zCredentialIssuerMetadataDraft11To16]);
-const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMetadataDraft14Draft15Draft16.transform((credentialIssuerMetadata) => {
+})).pipe(zCredentialIssuerMetadataDraft14Draft15V1.extend({ credentials_supported: z.array(zCredentialConfigurationSupportedV1ToDraft11) }));
+const zCredentialIssuerMetadata = z.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMetadataDraft14Draft15V1.transform((credentialIssuerMetadata) => {
 	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
 	const isDraft15 = credentialConfigurations.some((configuration) => {
 		const knownConfiguration = configuration;
@@ -727,9 +726,7 @@ const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMeta
 	});
 	return {
 		credentialIssuerMetadata,
-		originalDraftVersion: credentialConfigurations.some((configuration) => {
-			return configuration.credential_metadata;
-		}) ? Openid4vciDraftVersion.Draft16 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
 	};
 }), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
 	credentialIssuerMetadata,
@@ -908,7 +905,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
 //#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
 	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
-	if (zIs(zLegacySdJwtVcCredentialIssuerMetadataDraft16, credentialConfiguration) || zIs(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
+	if (zIs(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || zIs(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
 		format: credentialConfiguration.format,
 		vct: credentialConfiguration.vct
 	};
@@ -1133,12 +1130,12 @@ const zOauth2ErrorResponse = z.object({
 const zCredentialEncoding = z.union([z.string(), z.record(z.string(), z.any())]);
 const zBaseCredentialResponse = z.object({
 	credentials: z.union([z.array(z.object({ credential: zCredentialEncoding })), z.array(zCredentialEncoding)]).optional(),
-	interval: z.number().int().positive().optional(),
-	notification_id: z.string().optional()
+	notification_id: z.string().optional(),
+	transaction_id: z.string().optional(),
+	interval: z.number().int().positive().optional()
 }).loose();
 const zCredentialResponse = zBaseCredentialResponse.extend({
 	credential: z.optional(zCredentialEncoding),
-	transaction_id: z.string().optional(),
 	c_nonce: z.string().optional(),
 	c_nonce_expires_in: z.number().int().optional()
 }).loose().superRefine((value, ctx) => {
@@ -1165,15 +1162,26 @@ const zCredentialErrorResponse = z.object({
 	c_nonce: z.string().optional(),
 	c_nonce_expires_in: z.number().int().optional()
 }).loose();
-const zDeferredCredentialResponse = zBaseCredentialResponse.refine((value) => {
-	const { credentials, interval } = value;
-	return [credentials, interval].filter((i) => i !== void 0).length === 1;
-}, { message: `Exactly one of 'credentials' or 'interval' MUST be defined.` });
+const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value, ctx) => {
+	const { credentials, transaction_id, interval, notification_id } = value;
+	if ([credentials, transaction_id].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
+		code: "custom",
+		message: `Exactly one of 'credentials', or 'transaction_id' MUST be defined.`
+	});
+	if (transaction_id && !interval) ctx.addIssue({
+		code: "custom",
+		message: `'interval' MUST be defined when 'transaction_id' is defined.`
+	});
+	if (notification_id && credentials) ctx.addIssue({
+		code: "custom",
+		message: `'notification_id' MUST NOT be defined when 'credentials' is not defined.`
+	});
+});
 //#endregion
 //#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
-	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
+	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
 	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
 	const credentialRequest = {
 		...options.additionalRequestPayload,
@@ -1190,7 +1198,7 @@ async function retrieveCredentialsWithCredentialConfigurationId(options) {
 	});
 }
 async function retrieveCredentialsWithFormat(options) {
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) throw new Openid4vciError("Requesting credentials based on format is not supported in OpenID4VCI draft 15. Provide the credential configuration id directly in the request.");
+	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on format is not supported on OpenID4VCI above draft 15. Provide the credential configuration id directly in the request.");
 	const credentialRequest = {
 		...options.formatPayload,
 		...options.additionalRequestPayload,
@@ -1272,7 +1280,7 @@ async function retrieveDeferredCredentials(options) {
 			deferredCredentialErrorResponseResult
 		};
 	}
-	const deferredCredentialResponseResult = isResponseContentType(ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
+	const deferredCredentialResponseResult = isResponseContentType(ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.refine((response) => response.credentials || response.transaction_id === options.transactionId, { error: `Transaction id in deferred credential response does not match transaction id in deferred credential request '${options.transactionId}'` }).safeParse(await resourceResponse.response.clone().json()) : void 0;
 	if (!deferredCredentialResponseResult?.success) return {
 		...resourceResponse,
 		ok: false,
@@ -1690,7 +1698,7 @@ var Openid4vciClient = class {
 	*/
 	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
 		let credentialResponse;
-		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft16) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
+		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
 			accessToken,
 			credentialConfigurationId,
 			issuerMetadata,
@@ -1765,6 +1773,7 @@ function createDeferredCredentialResponse(options) {
 	return parseWithErrorHandling(zDeferredCredentialResponse, {
 		credentials: options.credentials,
 		notification_id: options.notificationId,
+		transaction_id: options.transactionId,
 		interval: options.interval,
 		...options.additionalPayload
 	});