npm - @openid4vc/openid4vci - Versions diffs - 0.3.0-alpha-20251120111517 → 0.3.0-alpha-20251120112059 - Mend

@openid4vc/openid4vci 0.3.0-alpha-20251120111517 → 0.3.0-alpha-20251120112059

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -168,32 +168,53 @@ async function createCredentialOffer(options) {
 }
 //#endregion
-//#region src/metadata/credential-issuer/z-claims-description.ts
-const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
-	mandatory: zod.default.boolean().optional(),
-	value_type: zod.default.string().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
-const zClaimDescriptionPathValue = zod.default.union([
-	zod.default.string(),
-	zod.default.number().int().nonnegative(),
-	zod.default.null()
-]);
-const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
-const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], zod.default.string(), { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
-const zIssuerMetadataClaimsDescription = zod.default.object({
-	path: zClaimsDescriptionPath,
-	mandatory: zod.default.boolean().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
+//#region src/credential-request/credential-request-configurations.ts
+function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, issuerMetadata }) {
+	const knownCredentialConfigurations = issuerMetadata.knownCredentialConfigurations;
+	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
+		if (credentialConfiguration.format !== requestFormat.format) return false;
+		const r = requestFormat;
+		const c = credentialConfiguration;
+		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
+		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		if (c.format === "vc+sd-jwt" && r.format === c.format) {
+			if (r.vct && c.vct) return r.vct === c.vct;
+			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		}
+		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
+		return false;
+	}));
+}
+//#endregion
+//#region src/error/Openid4vciError.ts
+var Openid4vciError = class extends Error {
+	constructor(message, options) {
+		const errorMessage = message ?? "Unknown error occurred.";
+		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
+		super(`${errorMessage}${causeMessage}`);
+		this.cause = options?.cause;
+	}
+};
+//#endregion
+//#region src/error/Openid4vciRetrieveCredentialsError.ts
+var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
+	constructor(message, response, responseText) {
+		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
+		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
+		this.response = response;
+	}
+};
+//#endregion
+//#region src/error/Openid4vciSendNotificationError.ts
+var Openid4vciSendNotificationError = class extends Openid4vciError {
+	constructor(message, response) {
+		super(message);
+		this.response = response;
+	}
+};
 //#endregion
 //#region src/key-attestation/z-key-attestation.ts
@@ -222,6 +243,91 @@ const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
 	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
 }).loose();
+//#endregion
+//#region src/key-attestation/key-attestation.ts
+async function createKeyAttestationJwt(options) {
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		typ: "keyattestation+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
+		nonce: options.nonce,
+		attested_keys: options.attestedKeys,
+		user_authentication: options.userAuthentication,
+		key_storage: options.keyStorage,
+		certification: options.certification,
+		...options.additionalPayload
+	});
+	const { jwt } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	return jwt;
+}
+function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
+	return (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: keyAttestationJwt,
+		headerSchema: zKeyAttestationJwtHeader,
+		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
+	});
+}
+async function verifyKeyAttestationJwt(options) {
+	const { header, payload } = parseKeyAttestationJwt({
+		keyAttestationJwt: options.keyAttestationJwt,
+		use: options.use
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.keyAttestationJwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying key attestation jwt",
+		expectedNonce: options.expectedNonce,
+		now: options.now
+	});
+	return {
+		header,
+		payload,
+		signer
+	};
+}
+//#endregion
+//#region src/metadata/credential-issuer/z-claims-description.ts
+const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).loose()).optional()
+}).loose();
+const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
+const zClaimDescriptionPathValue = zod.default.union([
+	zod.default.string(),
+	zod.default.number().int().nonnegative(),
+	zod.default.null()
+]);
+const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
+const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], zod.default.string(), { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
+const zIssuerMetadataClaimsDescription = zod.default.object({
+	path: zClaimsDescriptionPath,
+	mandatory: zod.default.boolean().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).loose()).optional()
+}).loose();
+const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
 //#endregion
 //#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
 const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
@@ -657,7 +763,7 @@ const zCredentialIssuerMetadataDraft14Draft15V1 = zod.default.object({
 	}).loose().optional(),
 	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).loose().optional(),
 	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
+	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedCommon)
 }).loose();
 const zCredentialConfigurationSupportedDraft11ToV1 = zod.default.object({
 	id: zod.default.string().optional(),
@@ -765,6 +871,37 @@ const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredential
 	originalDraftVersion: Openid4vciDraftVersion.Draft11
 }))]);
+//#endregion
+//#region src/metadata/credential-issuer/credential-configurations.ts
+function extractScopesForCredentialConfigurationIds(options) {
+	const scopes = /* @__PURE__ */ new Set();
+	for (const credentialConfigurationId of options.credentialConfigurationIds) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		const scope = credentialConfiguration.scope;
+		if (scope) scopes.add(scope);
+		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
+	}
+	return scopes.size > 0 ? Array.from(scopes) : void 0;
+}
+/**
+* Transforms draft 11 credentials supported syntax to credential configurations supported
+*
+* @throws if a credentials supported entry without id is passed
+* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+*/
+function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
+	const credentialConfigurationsSupported = {};
+	for (let index = 0; index < credentialsSupported.length; index++) {
+		const credentialSupported = credentialsSupported[index];
+		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
+		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
+		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
+		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
+	}
+	return credentialConfigurationsSupported;
+}
 //#endregion
 //#region src/metadata/credential-issuer/z-signed-credential-issuer-metadata.ts
 const zSignedCredentialIssuerMetadataHeader = zod.default.object({
@@ -838,161 +975,34 @@ async function fetchCredentialIssuerMetadata(credentialIssuer, options) {
 }
 /**
 * Extract credential configuration supported entries where the `format` is known to this
-* library. Should be ran only after verifying the credential issuer metadata structure, so
-* we can be certain that if the `format` matches the other format specific requirements are also met.
+* library and the configuration validates correctly. Should be ran only after verifying
+* the credential issuer metadata structure, so we can be certain that if the `format`
+* matches the other format specific requirements are also met.
 *
 * Validation is done when resolving issuer metadata, or when calling `createIssuerMetadata`.
 */
 function extractKnownCredentialConfigurationSupportedFormats(credentialConfigurationsSupported) {
-	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)));
-}
-function getCredentialConfigurationSupportedById(credentialConfigurations, credentialConfigurationId) {
-	const configuration = credentialConfigurations[credentialConfigurationId];
-	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
-	return configuration;
-}
-//#endregion
-//#region src/credential-request/credential-request-configurations.ts
-function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, credentialConfigurations }) {
-	const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
-	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
-		if (credentialConfiguration.format !== requestFormat.format) return false;
-		const r = requestFormat;
-		const c = credentialConfiguration;
-		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
-		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		if (c.format === "vc+sd-jwt" && r.format === c.format) {
-			if (r.vct && c.vct) return r.vct === c.vct;
-			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		}
-		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
-		return false;
+	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => {
+		const credentialConfiguration = zCredentialConfigurationSupportedWithFormats.safeParse(entry[1]);
+		if (!credentialConfiguration.success) return false;
+		return allCredentialIssuerMetadataFormatIdentifiers.includes(credentialConfiguration.data.format);
 	}));
 }
-//#endregion
-//#region src/error/Openid4vciError.ts
-var Openid4vciError = class extends Error {
-	constructor(message, options) {
-		const errorMessage = message ?? "Unknown error occurred.";
-		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
-		super(`${errorMessage}${causeMessage}`);
-		this.cause = options?.cause;
-	}
-};
-//#endregion
-//#region src/error/Openid4vciRetrieveCredentialsError.ts
-var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
-	constructor(message, response, responseText) {
-		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
-		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
-		this.response = response;
-	}
-};
-//#endregion
-//#region src/error/Openid4vciSendNotificationError.ts
-var Openid4vciSendNotificationError = class extends Openid4vciError {
-	constructor(message, response) {
-		super(message);
-		this.response = response;
-	}
-};
-//#endregion
-//#region src/key-attestation/key-attestation.ts
-async function createKeyAttestationJwt(options) {
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
-		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
-		typ: "keyattestation+jwt"
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
-		nonce: options.nonce,
-		attested_keys: options.attestedKeys,
-		user_authentication: options.userAuthentication,
-		key_storage: options.keyStorage,
-		certification: options.certification,
-		...options.additionalPayload
-	});
-	const { jwt } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	return jwt;
-}
-function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
-	return (0, __openid4vc_oauth2.decodeJwt)({
-		jwt: keyAttestationJwt,
-		headerSchema: zKeyAttestationJwtHeader,
-		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
-	});
-}
-async function verifyKeyAttestationJwt(options) {
-	const { header, payload } = parseKeyAttestationJwt({
-		keyAttestationJwt: options.keyAttestationJwt,
-		use: options.use
-	});
-	const now = options.now?.getTime() ?? Date.now();
-	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
-	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
-		compact: options.keyAttestationJwt,
-		header,
-		payload,
-		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
-			header,
-			payload
-		}),
-		verifyJwtCallback: options.callbacks.verifyJwt,
-		errorMessage: "Error verifiying key attestation jwt",
-		expectedNonce: options.expectedNonce,
-		now: options.now
-	});
-	return {
-		header,
-		payload,
-		signer
-	};
-}
-//#endregion
-//#region src/metadata/credential-issuer/credential-configurations.ts
-function extractScopesForCredentialConfigurationIds(options) {
-	const scopes = /* @__PURE__ */ new Set();
-	for (const credentialConfigurationId of options.credentialConfigurationIds) {
-		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
-		const scope = credentialConfiguration.scope;
-		if (scope) scopes.add(scope);
-		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
-	}
-	return scopes.size > 0 ? Array.from(scopes) : void 0;
-}
 /**
-* Transforms draft 11 credentials supported syntax to credential configurations supported
-*
-* @throws if a credentials supported entry without id is passed
-* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+* Get a known credential configuration supported by its id, it will throw an error if the configuration
+* is not found or if its found but the credential configuration is invalid.
 */
-function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
-	const credentialConfigurationsSupported = {};
-	for (let index = 0; index < credentialsSupported.length; index++) {
-		const credentialSupported = credentialsSupported[index];
-		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
-		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
-		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
-		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
-	}
-	return credentialConfigurationsSupported;
+function getKnownCredentialConfigurationSupportedById(issuerMetadata, credentialConfigurationId) {
+	const configuration = issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
+	if (!issuerMetadata.knownCredentialConfigurations[credentialConfigurationId]) (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialConfigurationSupportedWithFormats, configuration, `Credential configuration with id '${credentialConfigurationId}' is not valid`);
+	return issuerMetadata.knownCredentialConfigurations[credentialConfigurationId];
 }
 //#endregion
 //#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
-	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	const credentialConfiguration = getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
 	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
 		format: credentialConfiguration.format,
 		vct: credentialConfiguration.vct
@@ -1270,7 +1280,7 @@ const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value,
 //#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
 	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
-	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
 	const credentialRequest = {
 		...options.additionalRequestPayload,
 		credential_configuration_id: options.credentialConfigurationId,
@@ -1481,7 +1491,8 @@ async function resolveIssuerMetadata(credentialIssuer, options) {
 		originalDraftVersion,
 		credentialIssuer: credentialIssuerMetadata,
 		signedCredentialIssuer: signed,
-		authorizationServers: authoriationServersMetadata
+		authorizationServers: authoriationServersMetadata,
+		knownCredentialConfigurations: extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported)
 	};
 }
@@ -1575,9 +1586,6 @@ var Openid4vciClient = class {
 		this.options = options;
 		this.oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
 	}
-	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
-	}
 	/**
 	* Resolve a credential offer into a credential offer object, handling both
 	* 'credential_offer' and 'credential_offer_uri' params.
@@ -1882,9 +1890,9 @@ function parseCredentialRequest(options) {
 	if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
 	else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
 	if (credentialRequest.credential_configuration_id) {
-		getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, credentialRequest.credential_configuration_id);
+		getKnownCredentialConfigurationSupportedById(options.issuerMetadata, credentialRequest.credential_configuration_id);
 		return {
-			credentialConfiguration: extractKnownCredentialConfigurationSupportedFormats(options.issuerMetadata.credentialIssuer.credential_configurations_supported)[credentialRequest.credential_configuration_id],
+			credentialConfiguration: options.issuerMetadata.knownCredentialConfigurations[credentialRequest.credential_configuration_id],
 			credentialConfigurationId: credentialRequest.credential_configuration_id,
 			credentialRequest,
 			proofs