@openid4vc/openid4vci 0.3.0-alpha-20251120111954 → 0.3.0-alpha-20251121092537

package/dist/index.cjs

@@ -168,32 +168,53 @@ async function createCredentialOffer(options) {
 }
 
 //#endregion
-//#region src/metadata/credential-issuer/z-claims-description.ts
-const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
-	mandatory: zod.default.boolean().optional(),
-	value_type: zod.default.string().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
-const zClaimDescriptionPathValue = zod.default.union([
-	zod.default.string(),
-	zod.default.number().int().nonnegative(),
-	zod.default.null()
-]);
-const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
-const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], zod.default.string(), { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
-const zIssuerMetadataClaimsDescription = zod.default.object({
-	path: zClaimsDescriptionPath,
-	mandatory: zod.default.boolean().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
+//#region src/credential-request/credential-request-configurations.ts
+function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, issuerMetadata }) {
+	const knownCredentialConfigurations = issuerMetadata.knownCredentialConfigurations;
+	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
+		if (credentialConfiguration.format !== requestFormat.format) return false;
+		const r = requestFormat;
+		const c = credentialConfiguration;
+		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
+		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		if (c.format === "vc+sd-jwt" && r.format === c.format) {
+			if (r.vct && c.vct) return r.vct === c.vct;
+			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
+		}
+		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
+		return false;
+	}));
+}
+
+//#endregion
+//#region src/error/Openid4vciError.ts
+var Openid4vciError = class extends Error {
+	constructor(message, options) {
+		const errorMessage = message ?? "Unknown error occurred.";
+		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
+		super(`${errorMessage}${causeMessage}`);
+		this.cause = options?.cause;
+	}
+};
+
+//#endregion
+//#region src/error/Openid4vciRetrieveCredentialsError.ts
+var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
+	constructor(message, response, responseText) {
+		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
+		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
+		this.response = response;
+	}
+};
+
+//#endregion
+//#region src/error/Openid4vciSendNotificationError.ts
+var Openid4vciSendNotificationError = class extends Openid4vciError {
+	constructor(message, response) {
+		super(message);
+		this.response = response;
+	}
+};
 
 //#endregion
 //#region src/key-attestation/z-key-attestation.ts
@@ -222,18 +243,103 @@ const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
 	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
 }).loose();
 
+//#endregion
+//#region src/key-attestation/key-attestation.ts
+async function createKeyAttestationJwt(options) {
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
+		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
+		typ: "keyattestation+jwt"
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
+		nonce: options.nonce,
+		attested_keys: options.attestedKeys,
+		user_authentication: options.userAuthentication,
+		key_storage: options.keyStorage,
+		certification: options.certification,
+		...options.additionalPayload
+	});
+	const { jwt } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	return jwt;
+}
+function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
+	return (0, __openid4vc_oauth2.decodeJwt)({
+		jwt: keyAttestationJwt,
+		headerSchema: zKeyAttestationJwtHeader,
+		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
+	});
+}
+async function verifyKeyAttestationJwt(options) {
+	const { header, payload } = parseKeyAttestationJwt({
+		keyAttestationJwt: options.keyAttestationJwt,
+		use: options.use
+	});
+	const now = options.now?.getTime() ?? Date.now();
+	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
+	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
+		compact: options.keyAttestationJwt,
+		header,
+		payload,
+		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
+			header,
+			payload
+		}),
+		verifyJwtCallback: options.callbacks.verifyJwt,
+		errorMessage: "Error verifiying key attestation jwt",
+		expectedNonce: options.expectedNonce,
+		now: options.now
+	});
+	return {
+		header,
+		payload,
+		signer
+	};
+}
+
+//#endregion
+//#region src/metadata/credential-issuer/z-claims-description.ts
+const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
+	mandatory: zod.default.boolean().optional(),
+	value_type: zod.default.string().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).loose()).optional()
+}).loose();
+const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
+const zClaimDescriptionPathValue = zod.default.union([
+	zod.default.string(),
+	zod.default.number().int().nonnegative(),
+	zod.default.null()
+]);
+const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
+const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], zod.default.string(), { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
+const zIssuerMetadataClaimsDescription = zod.default.object({
+	path: zClaimsDescriptionPath,
+	mandatory: zod.default.boolean().optional(),
+	display: zod.default.array(zod.default.object({
+		name: zod.default.string().optional(),
+		locale: zod.default.string().optional()
+	}).loose()).optional()
+}).loose();
+const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
+
 //#endregion
 //#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
 const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
 	name: zod.default.string(),
 	locale: zod.default.string().optional(),
 	logo: zod.default.object({
-		uri: zod.default.string().optional(),
+		uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional(),
 		alt_text: zod.default.string().optional()
 	}).loose().optional(),
 	description: zod.default.string().optional(),
 	background_color: zod.default.string().optional(),
-	background_image: zod.default.object({ uri: zod.default.string().optional() }).loose().optional(),
+	background_image: zod.default.object({ uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional(),
 	text_color: zod.default.string().optional()
 }).loose();
 const zCredentialConfigurationSupportedCommonCredentialMetadata = zod.default.object({ display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional() }).loose();
@@ -639,7 +745,7 @@ const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
 	name: zod.default.string().optional(),
 	locale: zod.default.string().optional(),
 	logo: zod.default.object({
-		uri: zod.default.string().optional(),
+		uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional(),
 		alt_text: zod.default.string().optional()
 	}).loose().optional()
 }).loose();
@@ -657,15 +763,15 @@ const zCredentialIssuerMetadataDraft14Draft15V1 = zod.default.object({
 	}).loose().optional(),
 	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).loose().optional(),
 	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedWithFormats)
+	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedCommon)
 }).loose();
 const zCredentialConfigurationSupportedDraft11ToV1 = zod.default.object({
 	id: zod.default.string().optional(),
 	format: zod.default.string(),
 	cryptographic_suites_supported: zod.default.array(zod.default.string()).optional(),
 	display: zod.default.array(zod.default.object({
-		logo: zod.default.object({ url: zod.default.url().optional() }).loose().optional(),
-		background_image: zod.default.object({ url: zod.default.url().optional() }).loose().optional()
+		logo: zod.default.object({ url: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional(),
+		background_image: zod.default.object({ url: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional()
 	}).loose()).optional(),
 	claims: zod.default.any().optional()
 }).loose().transform(({ cryptographic_suites_supported, display, claims, id, format,...rest }) => ({
@@ -765,6 +871,37 @@ const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredential
 	originalDraftVersion: Openid4vciDraftVersion.Draft11
 }))]);
 
+//#endregion
+//#region src/metadata/credential-issuer/credential-configurations.ts
+function extractScopesForCredentialConfigurationIds(options) {
+	const scopes = /* @__PURE__ */ new Set();
+	for (const credentialConfigurationId of options.credentialConfigurationIds) {
+		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
+		const scope = credentialConfiguration.scope;
+		if (scope) scopes.add(scope);
+		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
+	}
+	return scopes.size > 0 ? Array.from(scopes) : void 0;
+}
+/**
+* Transforms draft 11 credentials supported syntax to credential configurations supported
+*
+* @throws if a credentials supported entry without id is passed
+* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+*/
+function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
+	const credentialConfigurationsSupported = {};
+	for (let index = 0; index < credentialsSupported.length; index++) {
+		const credentialSupported = credentialsSupported[index];
+		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
+		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
+		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
+		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
+	}
+	return credentialConfigurationsSupported;
+}
+
 //#endregion
 //#region src/metadata/credential-issuer/z-signed-credential-issuer-metadata.ts
 const zSignedCredentialIssuerMetadataHeader = zod.default.object({
@@ -838,161 +975,34 @@ async function fetchCredentialIssuerMetadata(credentialIssuer, options) {
 }
 /**
 * Extract credential configuration supported entries where the `format` is known to this
-* library. Should be ran only after verifying the credential issuer metadata structure, so
-* we can be certain that if the `format` matches the other format specific requirements are also met.
+* library and the configuration validates correctly. Should be ran only after verifying
+* the credential issuer metadata structure, so we can be certain that if the `format`
+* matches the other format specific requirements are also met.
 *
 * Validation is done when resolving issuer metadata, or when calling `createIssuerMetadata`.
 */
 function extractKnownCredentialConfigurationSupportedFormats(credentialConfigurationsSupported) {
-	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => allCredentialIssuerMetadataFormatIdentifiers.includes(entry[1].format)));
-}
-function getCredentialConfigurationSupportedById(credentialConfigurations, credentialConfigurationId) {
-	const configuration = credentialConfigurations[credentialConfigurationId];
-	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
-	return configuration;
-}
-
-//#endregion
-//#region src/credential-request/credential-request-configurations.ts
-function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, credentialConfigurations }) {
-	const knownCredentialConfigurations = extractKnownCredentialConfigurationSupportedFormats(credentialConfigurations);
-	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
-		if (credentialConfiguration.format !== requestFormat.format) return false;
-		const r = requestFormat;
-		const c = credentialConfiguration;
-		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
-		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		if (c.format === "vc+sd-jwt" && r.format === c.format) {
-			if (r.vct && c.vct) return r.vct === c.vct;
-			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		}
-		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
-		return false;
+	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => {
+		const credentialConfiguration = zCredentialConfigurationSupportedWithFormats.safeParse(entry[1]);
+		if (!credentialConfiguration.success) return false;
+		return allCredentialIssuerMetadataFormatIdentifiers.includes(credentialConfiguration.data.format);
 	}));
 }
-
-//#endregion
-//#region src/error/Openid4vciError.ts
-var Openid4vciError = class extends Error {
-	constructor(message, options) {
-		const errorMessage = message ?? "Unknown error occurred.";
-		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
-		super(`${errorMessage}${causeMessage}`);
-		this.cause = options?.cause;
-	}
-};
-
-//#endregion
-//#region src/error/Openid4vciRetrieveCredentialsError.ts
-var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
-	constructor(message, response, responseText) {
-		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
-		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
-		this.response = response;
-	}
-};
-
-//#endregion
-//#region src/error/Openid4vciSendNotificationError.ts
-var Openid4vciSendNotificationError = class extends Openid4vciError {
-	constructor(message, response) {
-		super(message);
-		this.response = response;
-	}
-};
-
-//#endregion
-//#region src/key-attestation/key-attestation.ts
-async function createKeyAttestationJwt(options) {
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
-		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
-		typ: "keyattestation+jwt"
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
-		nonce: options.nonce,
-		attested_keys: options.attestedKeys,
-		user_authentication: options.userAuthentication,
-		key_storage: options.keyStorage,
-		certification: options.certification,
-		...options.additionalPayload
-	});
-	const { jwt } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	return jwt;
-}
-function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
-	return (0, __openid4vc_oauth2.decodeJwt)({
-		jwt: keyAttestationJwt,
-		headerSchema: zKeyAttestationJwtHeader,
-		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
-	});
-}
-async function verifyKeyAttestationJwt(options) {
-	const { header, payload } = parseKeyAttestationJwt({
-		keyAttestationJwt: options.keyAttestationJwt,
-		use: options.use
-	});
-	const now = options.now?.getTime() ?? Date.now();
-	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
-	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
-		compact: options.keyAttestationJwt,
-		header,
-		payload,
-		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
-			header,
-			payload
-		}),
-		verifyJwtCallback: options.callbacks.verifyJwt,
-		errorMessage: "Error verifiying key attestation jwt",
-		expectedNonce: options.expectedNonce,
-		now: options.now
-	});
-	return {
-		header,
-		payload,
-		signer
-	};
-}
-
-//#endregion
-//#region src/metadata/credential-issuer/credential-configurations.ts
-function extractScopesForCredentialConfigurationIds(options) {
-	const scopes = /* @__PURE__ */ new Set();
-	for (const credentialConfigurationId of options.credentialConfigurationIds) {
-		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
-		const scope = credentialConfiguration.scope;
-		if (scope) scopes.add(scope);
-		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
-	}
-	return scopes.size > 0 ? Array.from(scopes) : void 0;
-}
 /**
-* Transforms draft 11 credentials supported syntax to credential configurations supported
-*
-* @throws if a credentials supported entry without id is passed
-* @throws if a credentials supported entry with invalid structure or format specific properties is passed
+* Get a known credential configuration supported by its id, it will throw an error if the configuration
+* is not found or if its found but the credential configuration is invalid.
 */
-function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
-	const credentialConfigurationsSupported = {};
-	for (let index = 0; index < credentialsSupported.length; index++) {
-		const credentialSupported = credentialsSupported[index];
-		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
-		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
-		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
-		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
-	}
-	return credentialConfigurationsSupported;
+function getKnownCredentialConfigurationSupportedById(issuerMetadata, credentialConfigurationId) {
+	const configuration = issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
+	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
+	if (!issuerMetadata.knownCredentialConfigurations[credentialConfigurationId]) (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialConfigurationSupportedWithFormats, configuration, `Credential configuration with id '${credentialConfigurationId}' is not valid`);
+	return issuerMetadata.knownCredentialConfigurations[credentialConfigurationId];
 }
 
 //#endregion
 //#region src/credential-request/format-payload.ts
 function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
-	const credentialConfiguration = getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	const credentialConfiguration = getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
 	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
 		format: credentialConfiguration.format,
 		vct: credentialConfiguration.vct
@@ -1270,7 +1280,7 @@ const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value,
 //#region src/credential-request/retrieve-credentials.ts
 async function retrieveCredentialsWithCredentialConfigurationId(options) {
 	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
-	getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, options.credentialConfigurationId);
+	getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
 	const credentialRequest = {
 		...options.additionalRequestPayload,
 		credential_configuration_id: options.credentialConfigurationId,
@@ -1481,7 +1491,8 @@ async function resolveIssuerMetadata(credentialIssuer, options) {
 		originalDraftVersion,
 		credentialIssuer: credentialIssuerMetadata,
 		signedCredentialIssuer: signed,
-		authorizationServers: authoriationServersMetadata
+		authorizationServers: authoriationServersMetadata,
+		knownCredentialConfigurations: extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported)
 	};
 }
 
@@ -1575,9 +1586,6 @@ var Openid4vciClient = class {
 		this.options = options;
 		this.oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
 	}
-	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
-	}
 	/**
 	* Resolve a credential offer into a credential offer object, handling both
 	* 'credential_offer' and 'credential_offer_uri' params.
@@ -1882,9 +1890,9 @@ function parseCredentialRequest(options) {
 	if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
 	else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
 	if (credentialRequest.credential_configuration_id) {
-		getCredentialConfigurationSupportedById(options.issuerMetadata.credentialIssuer.credential_configurations_supported, credentialRequest.credential_configuration_id);
+		getKnownCredentialConfigurationSupportedById(options.issuerMetadata, credentialRequest.credential_configuration_id);
 		return {
-			credentialConfiguration: extractKnownCredentialConfigurationSupportedFormats(options.issuerMetadata.credentialIssuer.credential_configurations_supported)[credentialRequest.credential_configuration_id],
+			credentialConfiguration: options.issuerMetadata.knownCredentialConfigurations[credentialRequest.credential_configuration_id],
 			credentialConfigurationId: credentialRequest.credential_configuration_id,
 			credentialRequest,
 			proofs