npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20251112081659 → 0.3.0-alpha-20251113095648 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20251112081659 → 0.3.0-alpha-20251113095648

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 import { ContentType, URL, URLSearchParams, ValidationError, arrayEqualsIgnoreOrder, createZodFetcher, dateToSeconds, encodeToBase64Url, formatZodError, getGlobalConfig, getQueryParams, isResponseContentType, joinUriParts, objectToQueryParams, parseWithErrorHandling, setGlobalConfig, zHttpsUrl, zInteger, zIs } from "@openid4vc/utils";
-import { InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtVerificationError, Oauth2ServerErrorResponseError, authorizationCodeGrantIdentifier, createClientAttestationJwt, decodeJwt, fetchAuthorizationServerMetadata, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, resourceRequest, verifyJwt, zAuthorizationServerMetadata, zCompactJwt, zJwk, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
+import { InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtVerificationError, Oauth2ServerErrorResponseError, authorizationCodeGrantIdentifier, createClientAttestationJwt, decodeJwt, fetchAuthorizationServerMetadata, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, getAuthorizationServerMetadataFromList, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, resourceRequest, verifyJwt, zAuthorizationServerMetadata, zCompactJwt, zJwk, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
 import z from "zod";
 //#region src/version.ts
@@ -235,7 +235,7 @@ const zCredentialConfigurationSupportedCommonDraft15 = z.object({
 	format: z.string(),
 	scope: z.string().optional(),
 	cryptographic_binding_methods_supported: z.array(z.string()).optional(),
-	credential_signing_alg_values_supported: z.array(z.string()).or(z.array(z.number())).optional(),
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	proof_types_supported: z.record(z.union([
 		z.literal("jwt"),
 		z.literal("attestation"),
@@ -257,6 +257,7 @@ const zMsoMdocFormatIdentifier = z.literal("mso_mdoc");
 const zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zMsoMdocFormatIdentifier,
 	doctype: z.string(),
+	credential_signing_alg_values_supported: z.array(z.number()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zMsoMdocIssuerMetadataClaimsDescription).optional() }).optional()
 });
 const zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
@@ -282,6 +283,7 @@ const zSdJwtDcFormatIdentifier = z.literal("dc+sd-jwt");
 const zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	vct: z.string(),
 	format: zSdJwtDcFormatIdentifier,
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
 const zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
@@ -307,6 +309,7 @@ const zLegacySdJwtVcCredentialIssuerMetadataV1 = zCredentialConfigurationSupport
 	vct: z.string(),
 	format: zLegacySdJwtVcFormatIdentifier,
 	order: z.optional(z.array(z.string())),
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
 	credential_definition: z.optional(z.never())
 });
@@ -364,6 +367,7 @@ const zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.ext
 const zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zJwtVcJsonFormatIdentifier,
 	credential_definition: zJwtVcJsonCredentialDefinition,
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
 const zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
@@ -424,6 +428,7 @@ const zJwtVcJsonLdFormatIdentifier = z.literal("jwt_vc_json-ld");
 const zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zJwtVcJsonLdFormatIdentifier,
 	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
 const zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
@@ -489,6 +494,7 @@ const zLdpVcFormatIdentifier = z.literal("ldp_vc");
 const zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zLdpVcFormatIdentifier,
 	credential_definition: zW3cVcJsonLdCredentialDefinition,
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional()
 });
 const zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
@@ -555,6 +561,7 @@ const zSdJwtW3VcCredentialDefinition = z.object({ type: z.tuple([z.string()], z.
 const zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
 	format: zSdJwtW3VcFormatIdentifier,
 	credential_definition: zSdJwtW3VcCredentialDefinition,
+	credential_signing_alg_values_supported: z.array(z.string()).optional(),
 	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: z.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
 	vct: z.optional(z.never())
 });
@@ -628,7 +635,7 @@ const zCredentialIssuerMetadataDraft14Draft15V1 = z.object({
 	display: z.array(zCredentialIssuerMetadataDisplayEntry).optional(),
 	credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedWithFormats)
 }).loose();
-const zCredentialConfigurationSupportedDraft11To16 = z.object({
+const zCredentialConfigurationSupportedDraft11ToV1 = z.object({
 	id: z.string().optional(),
 	format: z.string(),
 	cryptographic_suites_supported: z.array(z.string()).optional(),
@@ -637,9 +644,10 @@ const zCredentialConfigurationSupportedDraft11To16 = z.object({
 		background_image: z.object({ url: z.url().optional() }).loose().optional()
 	}).loose()).optional(),
 	claims: z.any().optional()
-}).loose().transform(({ cryptographic_suites_supported, display, claims, id,...rest }) => ({
+}).loose().transform(({ cryptographic_suites_supported, display, claims, id, format,...rest }) => ({
 	...rest,
-	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: cryptographic_suites_supported } : {},
+	format,
+	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: format === zMsoMdocFormatIdentifier.value ? jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray(cryptographic_suites_supported) : cryptographic_suites_supported } : {},
 	...claims || display ? { credential_metadata: {
 		...claims ? { claims } : {},
 		...display ? { display: display.map(({ logo, background_image,...displayRest }) => ({
@@ -666,9 +674,10 @@ const zCredentialConfigurationSupportedDraft11To16 = z.object({
 const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata,...rest }) => ({
 	...credential_metadata,
 	...rest
-})).and(z.object({ id: z.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope,...rest }) => ({
+})).and(z.object({ id: z.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, format,...rest }) => ({
 	...rest,
-	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: credential_signing_alg_values_supported } : {},
+	format,
+	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: format === zMsoMdocFormatIdentifier.value && typeof credential_signing_alg_values_supported[0] === "number" ? fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray(credential_signing_alg_values_supported) : credential_signing_alg_values_supported } : {},
 	...display ? { display: display.map(({ logo, background_image,...displayRest }) => {
 		const { uri: logoUri,...logoRest } = logo ?? {};
 		const { uri: backgroundImageUri,...backgroundImageRest } = background_image ?? {};
@@ -695,7 +704,7 @@ const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSup
 		zJwtVcJsonLdFormatIdentifier.value
 	].includes(input)) }).loose()
 ]));
-const zCredentialIssuerMetadataDraft11To16 = z.object({
+const zCredentialIssuerMetadataDraft11ToV1 = z.object({
 	authorization_server: z.string().optional(),
 	credentials_supported: z.array(z.object({ id: z.string().optional() }).loose())
 }).loose().transform(({ authorization_server, credentials_supported,...rest }) => {
@@ -704,7 +713,7 @@ const zCredentialIssuerMetadataDraft11To16 = z.object({
 		...authorization_server ? { authorization_servers: [authorization_server] } : {},
 		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
 	};
-}).pipe(z.object({ credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedDraft11To16) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
+}).pipe(z.object({ credential_configurations_supported: z.record(z.string(), zCredentialConfigurationSupportedDraft11ToV1) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
 const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15V1.transform((issuerMetadata) => ({
 	...issuerMetadata,
 	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
@@ -713,7 +722,7 @@ const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Dra
 		id
 	}))
 })).pipe(zCredentialIssuerMetadataDraft14Draft15V1.extend({ credentials_supported: z.array(zCredentialConfigurationSupportedV1ToDraft11) }));
-const zCredentialIssuerMetadata = z.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11To16]);
+const zCredentialIssuerMetadata = z.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11ToV1]);
 const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMetadataDraft14Draft15V1.transform((credentialIssuerMetadata) => {
 	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
 	const isDraft15 = credentialConfigurations.some((configuration) => {
@@ -725,9 +734,9 @@ const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMeta
 	});
 	return {
 		credentialIssuerMetadata,
-		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
+		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata || configuration.format === "mso_mdoc" && configuration.credential_signing_alg_values_supported?.some((supported) => typeof supported === "number")) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
 	};
-}), zCredentialIssuerMetadataDraft11To16.transform((credentialIssuerMetadata) => ({
+}), zCredentialIssuerMetadataDraft11ToV1.transform((credentialIssuerMetadata) => ({
 	credentialIssuerMetadata,
 	originalDraftVersion: Openid4vciDraftVersion.Draft11
 }))]);
@@ -949,7 +958,7 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
 	for (let index = 0; index < credentialsSupported.length; index++) {
 		const credentialSupported = credentialsSupported[index];
 		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
-		const parseResult = zCredentialConfigurationSupportedDraft11To16.safeParse(credentialSupported);
+		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
 		if (!parseResult.success) throw new ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
 		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
 	}