npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20251021081452 → 0.3.0-alpha-20251029091020 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20251021081452 → 0.3.0-alpha-20251029091020

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { ContentType, Fetch, FetchHeaders, HttpMethod, InferOutputUnion, Oid4vcTsConfig, OrPromise, StringWithAutoCompletion, getGlobalConfig, setGlobalConfig } from "@openid4vc/utils";
 import * as _openid4vc_oauth20 from "@openid4vc/oauth2";
-import { AuthorizationCodeGrantIdentifier, AuthorizationServerMetadata, CallbackContext, CreateAuthorizationRequestUrlOptions, CreateClientAttestationJwtOptions, CreatePkceReturn, Jwk, JwtSigner, PreAuthorizedCodeGrantIdentifier, RequestDpopOptions, ResourceRequestResponseNotOk, ResourceRequestResponseOk, RetrieveAuthorizationCodeAccessTokenOptions, RetrievePreAuthorizedCodeAccessTokenOptions, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "@openid4vc/oauth2";
+import { AuthorizationCodeGrantIdentifier, AuthorizationServerMetadata, CallbackContext, CreateAuthorizationRequestUrlOptions, CreateClientAttestationJwtOptions, CreatePkceReturn, DecodeJwtResult, Jwk, JwtSigner, JwtSignerWithJwk, PreAuthorizedCodeGrantIdentifier, RequestDpopOptions, ResourceRequestResponseNotOk, ResourceRequestResponseOk, RetrieveAuthorizationCodeAccessTokenOptions, RetrievePreAuthorizedCodeAccessTokenOptions, authorizationCodeGrantIdentifier, preAuthorizedCodeGrantIdentifier } from "@openid4vc/oauth2";
 import * as zod0 from "zod";
 import z from "zod";
 import * as zod_v4_core0 from "zod/v4/core";
@@ -1662,10 +1662,334 @@ declare const zCredentialConfigurationSupportedDraft11To16: z.ZodPipe<z.ZodPipe<
   credential_metadata?: undefined;
 }>>>;
 //#endregion
+//#region src/metadata/credential-issuer/z-signed-credential-issuer-metadata.d.ts
+declare const zSignedCredentialIssuerMetadataHeader: z.ZodObject<{
+  typ: z.ZodLiteral<"openidvci-issuer-metadata+jwt">;
+  alg: z.ZodString;
+  kid: z.ZodOptional<z.ZodString>;
+  jwk: z.ZodOptional<z.ZodObject<{
+    kty: z.ZodString;
+    crv: z.ZodOptional<z.ZodString>;
+    x: z.ZodOptional<z.ZodString>;
+    y: z.ZodOptional<z.ZodString>;
+    e: z.ZodOptional<z.ZodString>;
+    n: z.ZodOptional<z.ZodString>;
+    alg: z.ZodOptional<z.ZodString>;
+    d: z.ZodOptional<z.ZodString>;
+    dp: z.ZodOptional<z.ZodString>;
+    dq: z.ZodOptional<z.ZodString>;
+    ext: z.ZodOptional<z.ZodBoolean>;
+    k: z.ZodOptional<z.ZodString>;
+    key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    kid: z.ZodOptional<z.ZodString>;
+    oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+      d: z.ZodOptional<z.ZodString>;
+      r: z.ZodOptional<z.ZodString>;
+      t: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>>;
+    p: z.ZodOptional<z.ZodString>;
+    q: z.ZodOptional<z.ZodString>;
+    qi: z.ZodOptional<z.ZodString>;
+    use: z.ZodOptional<z.ZodString>;
+    x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    x5t: z.ZodOptional<z.ZodString>;
+    'x5t#S256': z.ZodOptional<z.ZodString>;
+    x5u: z.ZodOptional<z.ZodString>;
+  }, z.core.$loose>>;
+  x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
+  trust_chain: z.ZodOptional<z.ZodTuple<[z.ZodString], z.ZodString>>;
+}, z.core.$loose>;
+declare const zSignedCredentialIssuerMetadataPayload: z.ZodObject<{
+  credential_issuer: z.ZodString;
+  authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString>>;
+  credential_endpoint: z.ZodString;
+  deferred_credential_endpoint: z.ZodOptional<z.ZodString>;
+  notification_endpoint: z.ZodOptional<z.ZodString>;
+  nonce_endpoint: z.ZodOptional<z.ZodString>;
+  credential_response_encryption: z.ZodOptional<z.ZodObject<{
+    alg_values_supported: z.ZodArray<z.ZodString>;
+    enc_values_supported: z.ZodArray<z.ZodString>;
+    encryption_required: z.ZodBoolean;
+  }, z.core.$loose>>;
+  batch_credential_issuance: z.ZodOptional<z.ZodObject<{
+    batch_size: z.ZodNumber;
+  }, z.core.$loose>>;
+  display: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+    locale: z.ZodOptional<z.ZodString>;
+    logo: z.ZodOptional<z.ZodObject<{
+      uri: z.ZodOptional<z.ZodString>;
+      alt_text: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>;
+  }, z.core.$loose>>>;
+  credential_configurations_supported: z.ZodRecord<z.ZodString, z.ZodPipe<z.ZodUnion<readonly [z.ZodObject<{
+    format: z.ZodString;
+    scope: z.ZodOptional<z.ZodString>;
+    cryptographic_binding_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    credential_signing_alg_values_supported: z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString>, z.ZodArray<z.ZodNumber>]>>;
+    proof_types_supported: z.ZodOptional<z.ZodRecord<z.ZodUnion<readonly [z.ZodLiteral<"jwt">, z.ZodLiteral<"attestation">, z.ZodString]>, z.ZodObject<{
+      proof_signing_alg_values_supported: z.ZodArray<z.ZodString>;
+      key_attestations_required: z.ZodOptional<z.ZodObject<{
+        key_storage: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodEnum<{
+          iso_18045_high: "iso_18045_high";
+          iso_18045_moderate: "iso_18045_moderate";
+          "iso_18045_enhanced-basic": "iso_18045_enhanced-basic";
+          iso_18045_basic: "iso_18045_basic";
+        }>, z.ZodString]>>>;
+        user_authentication: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodEnum<{
+          iso_18045_high: "iso_18045_high";
+          iso_18045_moderate: "iso_18045_moderate";
+          "iso_18045_enhanced-basic": "iso_18045_enhanced-basic";
+          iso_18045_basic: "iso_18045_basic";
+        }>, z.ZodString]>>>;
+      }, z.core.$loose>>;
+    }, z.core.$strip>>>;
+    credential_metadata: z.ZodOptional<z.ZodObject<{
+      display: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        locale: z.ZodOptional<z.ZodString>;
+        logo: z.ZodOptional<z.ZodObject<{
+          uri: z.ZodOptional<z.ZodString>;
+          alt_text: z.ZodOptional<z.ZodString>;
+        }, z.core.$loose>>;
+        description: z.ZodOptional<z.ZodString>;
+        background_color: z.ZodOptional<z.ZodString>;
+        background_image: z.ZodOptional<z.ZodObject<{
+          uri: z.ZodOptional<z.ZodString>;
+        }, z.core.$loose>>;
+        text_color: z.ZodOptional<z.ZodString>;
+      }, z.core.$loose>>>;
+    }, z.core.$strip>>;
+    claims: z.ZodOptional<z.ZodNever>;
+  }, z.core.$loose>, z.ZodObject<{
+    format: z.ZodString;
+    scope: z.ZodOptional<z.ZodString>;
+    cryptographic_binding_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    credential_signing_alg_values_supported: z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString>, z.ZodArray<z.ZodNumber>]>>;
+    proof_types_supported: z.ZodOptional<z.ZodRecord<z.ZodUnion<readonly [z.ZodLiteral<"jwt">, z.ZodLiteral<"attestation">, z.ZodString]>, z.ZodObject<{
+      proof_signing_alg_values_supported: z.ZodArray<z.ZodString>;
+      key_attestations_required: z.ZodOptional<z.ZodObject<{
+        key_storage: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodEnum<{
+          iso_18045_high: "iso_18045_high";
+          iso_18045_moderate: "iso_18045_moderate";
+          "iso_18045_enhanced-basic": "iso_18045_enhanced-basic";
+          iso_18045_basic: "iso_18045_basic";
+        }>, z.ZodString]>>>;
+        user_authentication: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodEnum<{
+          iso_18045_high: "iso_18045_high";
+          iso_18045_moderate: "iso_18045_moderate";
+          "iso_18045_enhanced-basic": "iso_18045_enhanced-basic";
+          iso_18045_basic: "iso_18045_basic";
+        }>, z.ZodString]>>>;
+      }, z.core.$loose>>;
+    }, z.core.$strip>>>;
+    display: z.ZodOptional<z.ZodArray<z.ZodObject<{
+      name: z.ZodString;
+      locale: z.ZodOptional<z.ZodString>;
+      logo: z.ZodOptional<z.ZodObject<{
+        uri: z.ZodOptional<z.ZodString>;
+        alt_text: z.ZodOptional<z.ZodString>;
+      }, z.core.$loose>>;
+      description: z.ZodOptional<z.ZodString>;
+      background_color: z.ZodOptional<z.ZodString>;
+      background_image: z.ZodOptional<z.ZodObject<{
+        uri: z.ZodOptional<z.ZodString>;
+      }, z.core.$loose>>;
+      text_color: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>>;
+    credential_metadata: z.ZodOptional<z.ZodNever>;
+  }, z.core.$loose>]>, z.ZodTransform<{
+    [x: string]: unknown;
+    format: string;
+    scope?: string | undefined;
+    cryptographic_binding_methods_supported?: string[] | undefined;
+    credential_signing_alg_values_supported?: string[] | number[] | undefined;
+    proof_types_supported?: Record<string, {
+      proof_signing_alg_values_supported: string[];
+      key_attestations_required?: {
+        [x: string]: unknown;
+        key_storage?: string[] | undefined;
+        user_authentication?: string[] | undefined;
+      } | undefined;
+    }> | undefined;
+    credential_metadata?: {
+      display?: {
+        [x: string]: unknown;
+        name: string;
+        locale?: string | undefined;
+        logo?: {
+          [x: string]: unknown;
+          uri?: string | undefined;
+          alt_text?: string | undefined;
+        } | undefined;
+        description?: string | undefined;
+        background_color?: string | undefined;
+        background_image?: {
+          [x: string]: unknown;
+          uri?: string | undefined;
+        } | undefined;
+        text_color?: string | undefined;
+      }[] | undefined;
+    } | undefined;
+    claims?: undefined;
+  } | {
+    [x: string]: unknown;
+    format: string;
+    scope?: string | undefined;
+    cryptographic_binding_methods_supported?: string[] | undefined;
+    credential_signing_alg_values_supported?: string[] | number[] | undefined;
+    proof_types_supported?: Record<string, {
+      proof_signing_alg_values_supported: string[];
+      key_attestations_required?: {
+        [x: string]: unknown;
+        key_storage?: string[] | undefined;
+        user_authentication?: string[] | undefined;
+      } | undefined;
+    }> | undefined;
+    display?: {
+      [x: string]: unknown;
+      name: string;
+      locale?: string | undefined;
+      logo?: {
+        [x: string]: unknown;
+        uri?: string | undefined;
+        alt_text?: string | undefined;
+      } | undefined;
+      description?: string | undefined;
+      background_color?: string | undefined;
+      background_image?: {
+        [x: string]: unknown;
+        uri?: string | undefined;
+      } | undefined;
+      text_color?: string | undefined;
+    }[] | undefined;
+    credential_metadata?: undefined;
+  }, {
+    [x: string]: unknown;
+    format: string;
+    scope?: string | undefined;
+    cryptographic_binding_methods_supported?: string[] | undefined;
+    credential_signing_alg_values_supported?: string[] | number[] | undefined;
+    proof_types_supported?: Record<string, {
+      proof_signing_alg_values_supported: string[];
+      key_attestations_required?: {
+        [x: string]: unknown;
+        key_storage?: string[] | undefined;
+        user_authentication?: string[] | undefined;
+      } | undefined;
+    }> | undefined;
+    credential_metadata?: {
+      display?: {
+        [x: string]: unknown;
+        name: string;
+        locale?: string | undefined;
+        logo?: {
+          [x: string]: unknown;
+          uri?: string | undefined;
+          alt_text?: string | undefined;
+        } | undefined;
+        description?: string | undefined;
+        background_color?: string | undefined;
+        background_image?: {
+          [x: string]: unknown;
+          uri?: string | undefined;
+        } | undefined;
+        text_color?: string | undefined;
+      }[] | undefined;
+    } | undefined;
+    claims?: undefined;
+  } | {
+    [x: string]: unknown;
+    format: string;
+    scope?: string | undefined;
+    cryptographic_binding_methods_supported?: string[] | undefined;
+    credential_signing_alg_values_supported?: string[] | number[] | undefined;
+    proof_types_supported?: Record<string, {
+      proof_signing_alg_values_supported: string[];
+      key_attestations_required?: {
+        [x: string]: unknown;
+        key_storage?: string[] | undefined;
+        user_authentication?: string[] | undefined;
+      } | undefined;
+    }> | undefined;
+    display?: {
+      [x: string]: unknown;
+      name: string;
+      locale?: string | undefined;
+      logo?: {
+        [x: string]: unknown;
+        uri?: string | undefined;
+        alt_text?: string | undefined;
+      } | undefined;
+      description?: string | undefined;
+      background_color?: string | undefined;
+      background_image?: {
+        [x: string]: unknown;
+        uri?: string | undefined;
+      } | undefined;
+      text_color?: string | undefined;
+    }[] | undefined;
+    credential_metadata?: undefined;
+  }>>>;
+  iat: z.ZodNumber;
+  sub: z.ZodString;
+  iss: z.ZodOptional<z.ZodString>;
+  aud: z.ZodOptional<z.ZodString>;
+  exp: z.ZodOptional<z.ZodNumber>;
+  nbf: z.ZodOptional<z.ZodNumber>;
+  nonce: z.ZodOptional<z.ZodString>;
+  jti: z.ZodOptional<z.ZodString>;
+  cnf: z.ZodOptional<z.ZodObject<{
+    jwk: z.ZodOptional<z.ZodObject<{
+      kty: z.ZodString;
+      crv: z.ZodOptional<z.ZodString>;
+      x: z.ZodOptional<z.ZodString>;
+      y: z.ZodOptional<z.ZodString>;
+      e: z.ZodOptional<z.ZodString>;
+      n: z.ZodOptional<z.ZodString>;
+      alg: z.ZodOptional<z.ZodString>;
+      d: z.ZodOptional<z.ZodString>;
+      dp: z.ZodOptional<z.ZodString>;
+      dq: z.ZodOptional<z.ZodString>;
+      ext: z.ZodOptional<z.ZodBoolean>;
+      k: z.ZodOptional<z.ZodString>;
+      key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      kid: z.ZodOptional<z.ZodString>;
+      oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        d: z.ZodOptional<z.ZodString>;
+        r: z.ZodOptional<z.ZodString>;
+        t: z.ZodOptional<z.ZodString>;
+      }, z.core.$loose>>>;
+      p: z.ZodOptional<z.ZodString>;
+      q: z.ZodOptional<z.ZodString>;
+      qi: z.ZodOptional<z.ZodString>;
+      use: z.ZodOptional<z.ZodString>;
+      x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      x5t: z.ZodOptional<z.ZodString>;
+      'x5t#S256': z.ZodOptional<z.ZodString>;
+      x5u: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>;
+    jkt: z.ZodOptional<z.ZodString>;
+  }, z.core.$loose>>;
+  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+  trust_chain: z.ZodOptional<z.ZodTuple<[z.ZodString], z.ZodString>>;
+}, z.core.$loose>;
+//#endregion
+//#region src/metadata/credential-issuer/credential-issuer-metadata.d.ts
+interface CredentialIssuerMetadataSigned {
+  jwt: DecodeJwtResult<typeof zSignedCredentialIssuerMetadataHeader, typeof zSignedCredentialIssuerMetadataPayload>;
+  signer: JwtSignerWithJwk;
+}
+//#endregion
 //#region src/metadata/fetch-issuer-metadata.d.ts
 interface IssuerMetadataResult {
-  originalDraftVersion?: Openid4vciDraftVersion;
+  originalDraftVersion: Openid4vciDraftVersion;
   credentialIssuer: CredentialIssuerMetadata;
+  /**
+   * Metadata about the signed credential issuer metadata,
+   * if the issuer metadata was signed
+   */
+  signedCredentialIssuer?: CredentialIssuerMetadataSigned;
   authorizationServers: AuthorizationServerMetadata[];
 }
 //#endregion
@@ -3715,6 +4039,39 @@ interface ParseDeferredCredentialRequestReturn {
 //#region src/formats/proof-type/attestation/attestation-proof-type.d.ts
 interface VerifyCredentialRequestAttestationProofOptions extends Omit<VerifyKeyAttestationJwtOptions, 'use'> {}
 //#endregion
+//#region src/metadata/credential-issuer/signed-credential-issuer-metadata.d.ts
+interface CreateSignedCredentialIssuerMetadataJwtOptions {
+  /**
+   * The credential issuer metadata to include in the jwt
+   */
+  credentialIssuerMetadata: CredentialIssuerMetadata;
+  /**
+   * The date when the credential issuer metadata was issued. If not provided the current time will be used.
+   */
+  issuedAt?: Date;
+  /**
+   * The date when the credential issuer metadata will expire.
+   */
+  expiresAt?: Date;
+  /**
+   * Signer of the credential issuer metadata jwt
+   */
+  signer: JwtSigner;
+  /**
+   * The issuer of the issuer metadata jwt. This field is optional
+   */
+  issuer?: string;
+  /**
+   * Callbacks used for creating the credential issuer metadata jwt
+   */
+  callbacks: Pick<CallbackContext, 'signJwt'>;
+  /**
+   * Additional payload to include in the credential issuer metadata jwt payload. Will be applied after
+   * any default claims that are included, so add claims with caution.
+   */
+  additionalPayload?: Record<string, unknown>;
+}
+//#endregion
 //#region src/Openid4vciIssuer.d.ts
 interface Openid4vciIssuerOptions {
   /**
@@ -3877,6 +4234,10 @@ declare class Openid4vciIssuer {
    * Create issuer metadata and validates the structure is correct
    */
   createCredentialIssuerMetadata(credentialIssuerMetadata: CredentialIssuerMetadata): CredentialIssuerMetadata;
+  /**
+   * Validates credential issuer metadata structure is correct and creates signed credential issuer metadata JWT
+   */
+  createSignedCredentialIssuerMetadataJwt(options: Omit<CreateSignedCredentialIssuerMetadataJwtOptions, 'callbacks'>): Promise<string>;
   createCredentialOffer(options: Pick<CreateCredentialOfferOptions, 'issuerMetadata' | 'additionalPayload' | 'grants' | 'credentialOfferUri' | 'credentialOfferScheme' | 'credentialConfigurationIds'>): Promise<{
     credentialOffer: string;
     credentialOfferObject: CredentialOfferObject;