npm - @openid4vc/openid4vci - Versions diffs - 0.3.1-alpha-20251124151046 → 0.4.0-alpha-20251127093634 - Mend

@openid4vc/openid4vci 0.3.1-alpha-20251124151046 → 0.4.0-alpha-20251127093634

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.cjs DELETED Viewed

@@ -1,2157 +0,0 @@
-//#region rolldown:runtime
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __copyProps = (to, from, except, desc) => {
-	if (from && typeof from === "object" || typeof from === "function") {
-		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
-			key = keys[i];
-			if (!__hasOwnProp.call(to, key) && key !== except) {
-				__defProp(to, key, {
-					get: ((k) => from[k]).bind(null, key),
-					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-				});
-			}
-		}
-	}
-	return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
-	value: mod,
-	enumerable: true
-}) : target, mod));
-//#endregion
-let __openid4vc_utils = require("@openid4vc/utils");
-let __openid4vc_oauth2 = require("@openid4vc/oauth2");
-let zod = require("zod");
-zod = __toESM(zod);
-//#region src/version.ts
-let Openid4vciDraftVersion = /* @__PURE__ */ function(Openid4vciDraftVersion$1) {
-	Openid4vciDraftVersion$1["V1"] = "V1";
-	Openid4vciDraftVersion$1["Draft15"] = "Draft15";
-	Openid4vciDraftVersion$1["Draft14"] = "Draft14";
-	Openid4vciDraftVersion$1["Draft11"] = "Draft11";
-	return Openid4vciDraftVersion$1;
-}({});
-//#endregion
-//#region src/credential-offer/z-credential-offer.ts
-const zTxCode = zod.default.object({
-	input_mode: zod.default.union([zod.default.literal("numeric"), zod.default.literal("text")]).optional(),
-	length: zod.default.number().int().optional(),
-	description: zod.default.string().max(300).optional()
-}).loose();
-const zCredentialOfferGrants = zod.default.object({
-	authorization_code: zod.default.object({
-		issuer_state: zod.default.string().optional(),
-		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
-	}).loose().optional(),
-	[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
-		"pre-authorized_code": zod.default.string(),
-		tx_code: zTxCode.optional(),
-		authorization_server: __openid4vc_utils.zHttpsUrl.optional()
-	}).loose().optional()
-}).loose();
-const zCredentialOfferObjectDraft14 = zod.default.object({
-	credential_issuer: __openid4vc_utils.zHttpsUrl,
-	credential_configuration_ids: zod.default.array(zod.default.string()),
-	grants: zod.default.optional(zCredentialOfferGrants)
-}).loose();
-const zCredentialOfferObjectDraft11To14 = zod.default.object({
-	credential_issuer: __openid4vc_utils.zHttpsUrl,
-	credentials: zod.default.array(zod.default.string({ message: "Only string credential identifiers are supported for draft 11 credential offers" })),
-	grants: zod.default.optional(zod.default.object({
-		authorization_code: zCredentialOfferGrants.shape.authorization_code,
-		[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: zod.default.object({
-			"pre-authorized_code": zod.default.string(),
-			user_pin_required: zod.default.optional(zod.default.boolean())
-		}).loose().optional()
-	}))
-}).loose().transform(({ credentials, grants, ...rest }) => {
-	const v14 = {
-		...rest,
-		credential_configuration_ids: credentials
-	};
-	if (grants) {
-		v14.grants = { ...grants };
-		if (grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) {
-			const { user_pin_required, ...restGrants } = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier];
-			v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = { ...restGrants };
-			if (user_pin_required) v14.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code = { input_mode: "text" };
-		}
-	}
-	return v14;
-}).pipe(zCredentialOfferObjectDraft14);
-const zCredentialOfferObject = zod.default.union([zCredentialOfferObjectDraft14, zCredentialOfferObjectDraft11To14]);
-//#endregion
-//#region src/credential-offer/credential-offer.ts
-/**
-* Resolve a credential offer, optionally fetching it if the credential_offer_uri is provided.
-*/
-async function resolveCredentialOffer(credentialOffer, options) {
-	const parsedQueryParams = (0, __openid4vc_utils.getQueryParams)(credentialOffer);
-	let credentialOfferParseResult;
-	if (parsedQueryParams.credential_offer_uri) {
-		const { response, result } = await (0, __openid4vc_utils.createZodFetcher)(options?.fetch)(zCredentialOfferObject, __openid4vc_utils.ContentType.Json, parsedQueryParams.credential_offer_uri);
-		if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Fetching credential offer from '${parsedQueryParams.credential_offer_uri}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
-		credentialOfferParseResult = result;
-	} else if (parsedQueryParams.credential_offer) {
-		let credentialOfferJson;
-		try {
-			credentialOfferJson = JSON.parse(decodeURIComponent(parsedQueryParams.credential_offer));
-		} catch (_error) {
-			throw new __openid4vc_oauth2.Oauth2Error(`Error parsing JSON from 'credential_offer' param in credential offer '${credentialOffer}'`);
-		}
-		credentialOfferParseResult = zCredentialOfferObject.safeParse(credentialOfferJson);
-	} else throw new __openid4vc_oauth2.Oauth2Error(`Credential offer did not contain either 'credential_offer' or 'credential_offer_uri' param.`);
-	if (credentialOfferParseResult.error) throw new __openid4vc_utils.ValidationError(`Error parsing credential offer in draft 11, 13 or 14 format extracted from credential offer '${credentialOffer}'`, credentialOfferParseResult.error);
-	return credentialOfferParseResult.data;
-}
-function determineAuthorizationServerForCredentialOffer(options) {
-	const authorizationServers = options.issuerMetadata.credentialIssuer.authorization_servers;
-	let authorizationServer;
-	if (options.grantAuthorizationServer) {
-		authorizationServer = options.grantAuthorizationServer;
-		if (!authorizationServers) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not have an 'authorization_servers' property to match the value against.`);
-		if (!authorizationServers.includes(authorizationServer)) throw new __openid4vc_oauth2.Oauth2Error(`Credential offer grant contains 'authorization_server' with value '${options.grantAuthorizationServer}' but credential issuer metadata does not include this authorization server. Available 'authorization_server' values are ${authorizationServers.join(", ")}.`);
-	} else if (!authorizationServers) authorizationServer = options.issuerMetadata.credentialIssuer.credential_issuer;
-	else {
-		if (authorizationServers.length === 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_servers' value with length of 0`);
-		if (authorizationServers.length > 1) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer metadata has 'authorization_server' with multiple entries, but the credential offer grant did not specify which authorization server to use.`);
-		authorizationServer = authorizationServers[0];
-	}
-	return authorizationServer;
-}
-async function createCredentialOffer(options) {
-	const { [__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]: preAuthorizedCodeGrant, [__openid4vc_oauth2.authorizationCodeGrantIdentifier]: authorizationCodeGrant, ...restGrants } = options.grants;
-	const grants = { ...restGrants };
-	if (authorizationCodeGrant) {
-		determineAuthorizationServerForCredentialOffer({
-			issuerMetadata: options.issuerMetadata,
-			grantAuthorizationServer: authorizationCodeGrant.authorization_server
-		});
-		grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier] = authorizationCodeGrant;
-	}
-	if (preAuthorizedCodeGrant) {
-		determineAuthorizationServerForCredentialOffer({
-			issuerMetadata: options.issuerMetadata,
-			grantAuthorizationServer: preAuthorizedCodeGrant.authorization_server
-		});
-		grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier] = {
-			...preAuthorizedCodeGrant,
-			"pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.generateRandom(32))
-		};
-		const txCode = grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code;
-		if (txCode && options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
-	}
-	const idsNotInMetadata = options.credentialConfigurationIds.filter((id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0);
-	if (idsNotInMetadata.length > 0) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`);
-	const credentialOfferScheme = options.credentialOfferScheme ?? "openid-credential-offer://";
-	const credentialOfferObject = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialOfferObject, {
-		credential_issuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-		credential_configuration_ids: options.credentialConfigurationIds,
-		grants,
-		...options.additionalPayload
-	});
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
-	const url = new __openid4vc_utils.URL(credentialOfferScheme);
-	url.search = `?${new __openid4vc_utils.URLSearchParams([...url.searchParams.entries(), ...(0, __openid4vc_utils.objectToQueryParams)({
-		credential_offer_uri: options.credentialOfferUri,
-		credential_offer: options.credentialOfferUri ? void 0 : credentialOfferObject
-	}).entries()]).toString()}`;
-	return {
-		credentialOffer: url.toString(),
-		credentialOfferObject
-	};
-}
-//#endregion
-//#region src/credential-request/credential-request-configurations.ts
-function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, issuerMetadata }) {
-	const knownCredentialConfigurations = issuerMetadata.knownCredentialConfigurations;
-	return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
-		if (credentialConfiguration.format !== requestFormat.format) return false;
-		const r = requestFormat;
-		const c = credentialConfiguration;
-		if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type) && (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition["@context"], c.credential_definition["@context"]);
-		if (c.format === "jwt_vc_json" && r.format === c.format) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		if (c.format === "vc+sd-jwt" && r.format === c.format) {
-			if (r.vct && c.vct) return r.vct === c.vct;
-			if (c.credential_definition && r.credential_definition) return (0, __openid4vc_utils.arrayEqualsIgnoreOrder)(r.credential_definition.type, c.credential_definition.type);
-		}
-		if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
-		return false;
-	}));
-}
-//#endregion
-//#region src/error/Openid4vciError.ts
-var Openid4vciError = class extends Error {
-	constructor(message, options) {
-		const errorMessage = message ?? "Unknown error occurred.";
-		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
-		super(`${errorMessage}${causeMessage}`);
-		this.cause = options?.cause;
-	}
-};
-//#endregion
-//#region src/error/Openid4vciRetrieveCredentialsError.ts
-var Openid4vciRetrieveCredentialsError = class extends Openid4vciError {
-	constructor(message, response, responseText) {
-		const errorData = response.credentialResponseResult?.data ?? response.credentialErrorResponseResult?.data ?? (response.credentialResponseResult?.error ? (0, __openid4vc_utils.formatZodError)(response.credentialResponseResult.error) : void 0) ?? responseText;
-		super(`${message}\n${JSON.stringify(errorData, null, 2)}`);
-		this.response = response;
-	}
-};
-//#endregion
-//#region src/error/Openid4vciSendNotificationError.ts
-var Openid4vciSendNotificationError = class extends Openid4vciError {
-	constructor(message, response) {
-		super(message);
-		this.response = response;
-	}
-};
-//#endregion
-//#region src/key-attestation/z-key-attestation.ts
-const zKeyAttestationJwtHeader = zod.default.object({
-	...__openid4vc_oauth2.zJwtHeader.shape,
-	typ: zod.default.literal("keyattestation+jwt").or(zod.default.literal("key-attestation+jwt"))
-}).loose().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
-const zIso18045 = zod.default.enum([
-	"iso_18045_high",
-	"iso_18045_moderate",
-	"iso_18045_enhanced-basic",
-	"iso_18045_basic"
-]);
-const zIso18045OrStringArray = zod.default.array(zod.default.union([zIso18045, zod.default.string()]));
-const zKeyAttestationJwtPayload = zod.default.object({
-	...__openid4vc_oauth2.zJwtPayload.shape,
-	iat: __openid4vc_utils.zInteger,
-	attested_keys: zod.default.array(__openid4vc_oauth2.zJwk),
-	key_storage: zod.default.optional(zIso18045OrStringArray),
-	user_authentication: zod.default.optional(zIso18045OrStringArray),
-	certification: zod.default.optional(zod.default.url())
-}).loose();
-const zKeyAttestationJwtPayloadForUse = (use) => zod.default.object({
-	...zKeyAttestationJwtPayload.shape,
-	nonce: use === "proof_type.attestation" ? zod.default.string({ message: `Nonce must be defined when key attestation is used as 'proof_type.attestation' directly` }) : zod.default.optional(zod.default.string()),
-	exp: use === "proof_type.jwt" ? __openid4vc_utils.zInteger : zod.default.optional(__openid4vc_utils.zInteger)
-}).loose();
-//#endregion
-//#region src/key-attestation/key-attestation.ts
-async function createKeyAttestationJwt(options) {
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtHeader, {
-		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
-		typ: "keyattestation+jwt"
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zKeyAttestationJwtPayloadForUse(options.use), {
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
-		nonce: options.nonce,
-		attested_keys: options.attestedKeys,
-		user_authentication: options.userAuthentication,
-		key_storage: options.keyStorage,
-		certification: options.certification,
-		...options.additionalPayload
-	});
-	const { jwt } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	return jwt;
-}
-function parseKeyAttestationJwt({ keyAttestationJwt, use }) {
-	return (0, __openid4vc_oauth2.decodeJwt)({
-		jwt: keyAttestationJwt,
-		headerSchema: zKeyAttestationJwtHeader,
-		payloadSchema: zKeyAttestationJwtPayloadForUse(use)
-	});
-}
-async function verifyKeyAttestationJwt(options) {
-	const { header, payload } = parseKeyAttestationJwt({
-		keyAttestationJwt: options.keyAttestationJwt,
-		use: options.use
-	});
-	const now = options.now?.getTime() ?? Date.now();
-	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for key attestation jwt expired");
-	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
-		compact: options.keyAttestationJwt,
-		header,
-		payload,
-		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
-			header,
-			payload
-		}),
-		verifyJwtCallback: options.callbacks.verifyJwt,
-		errorMessage: "Error verifiying key attestation jwt",
-		expectedNonce: options.expectedNonce,
-		now: options.now
-	});
-	return {
-		header,
-		payload,
-		signer
-	};
-}
-//#endregion
-//#region src/metadata/credential-issuer/z-claims-description.ts
-const zCredentialConfigurationSupportedClaimsDescriptionDraft14 = zod.default.object({
-	mandatory: zod.default.boolean().optional(),
-	value_type: zod.default.string().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zCredentialConfigurationSupportedClaimsDraft14 = zod.default.record(zod.default.string(), zod.default.union([zCredentialConfigurationSupportedClaimsDescriptionDraft14, zod.default.lazy(() => zCredentialConfigurationSupportedClaimsDraft14)]));
-const zClaimDescriptionPathValue = zod.default.union([
-	zod.default.string(),
-	zod.default.number().int().nonnegative(),
-	zod.default.null()
-]);
-const zClaimsDescriptionPath = zod.default.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
-const zMsoMdocClaimsDescriptionPath = zod.default.tuple([zod.default.string(), zod.default.string()], zod.default.string(), { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
-const zIssuerMetadataClaimsDescription = zod.default.object({
-	path: zClaimsDescriptionPath,
-	mandatory: zod.default.boolean().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zMsoMdocIssuerMetadataClaimsDescription = zIssuerMetadataClaimsDescription.extend({ path: zMsoMdocClaimsDescriptionPath });
-//#endregion
-//#region src/metadata/credential-issuer/z-credential-configuration-supported-common.ts
-const zCredentialConfigurationSupportedDisplayEntry = zod.default.object({
-	name: zod.default.string(),
-	locale: zod.default.string().optional(),
-	logo: zod.default.object({
-		uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional(),
-		alt_text: zod.default.string().optional()
-	}).loose().optional(),
-	description: zod.default.string().optional(),
-	background_color: zod.default.string().optional(),
-	background_image: zod.default.object({ uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional(),
-	text_color: zod.default.string().optional()
-}).loose();
-const zCredentialConfigurationSupportedCommonCredentialMetadata = zod.default.object({ display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional() }).loose();
-const zCredentialConfigurationSupportedCommon = zod.default.object({
-	format: zod.default.string(),
-	scope: zod.default.string().optional(),
-	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).or(zod.default.array(zod.default.number())).optional(),
-	proof_types_supported: zod.default.record(zod.default.union([
-		zod.default.literal("jwt"),
-		zod.default.literal("attestation"),
-		zod.default.string()
-	]), zod.default.object({
-		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
-		key_attestations_required: zod.default.object({
-			key_storage: zIso18045OrStringArray.optional(),
-			user_authentication: zIso18045OrStringArray.optional()
-		}).loose().optional()
-	})).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.optional()
-}).loose();
-const zCredentialConfigurationSupportedCommonDraft15 = zod.default.object({
-	format: zod.default.string(),
-	scope: zod.default.string().optional(),
-	cryptographic_binding_methods_supported: zod.default.array(zod.default.string()).optional(),
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	proof_types_supported: zod.default.record(zod.default.union([
-		zod.default.literal("jwt"),
-		zod.default.literal("attestation"),
-		zod.default.string()
-	]), zod.default.object({
-		proof_signing_alg_values_supported: zod.default.array(zod.default.string()),
-		key_attestations_required: zod.default.object({
-			key_storage: zIso18045OrStringArray.optional(),
-			user_authentication: zIso18045OrStringArray.optional()
-		}).loose().optional()
-	})).optional(),
-	display: zod.default.array(zCredentialConfigurationSupportedDisplayEntry).optional(),
-	credential_metadata: zod.default.optional(zod.default.never())
-}).loose();
-//#endregion
-//#region src/formats/credential/mso-mdoc/z-mso-mdoc.ts
-const zMsoMdocFormatIdentifier = zod.default.literal("mso_mdoc");
-const zMsoMdocCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	format: zMsoMdocFormatIdentifier,
-	doctype: zod.default.string(),
-	credential_signing_alg_values_supported: zod.default.array(zod.default.number()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional() }).optional()
-});
-const zMsoMdocCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zMsoMdocFormatIdentifier,
-	doctype: zod.default.string(),
-	claims: zod.default.array(zMsoMdocIssuerMetadataClaimsDescription).optional()
-});
-const zMsoMdocCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zMsoMdocFormatIdentifier,
-	doctype: zod.default.string(),
-	claims: zCredentialConfigurationSupportedClaimsDraft14.optional(),
-	order: zod.default.optional(zod.default.array(zod.default.string()))
-});
-const zMsoMdocCredentialRequestFormatDraft14 = zod.default.object({
-	format: zMsoMdocFormatIdentifier,
-	doctype: zod.default.string(),
-	claims: zCredentialConfigurationSupportedClaimsDraft14.optional()
-});
-//#endregion
-//#region src/formats/credential/sd-jwt-dc/z-sd-jwt-dc.ts
-const zSdJwtDcFormatIdentifier = zod.default.literal("dc+sd-jwt");
-const zSdJwtDcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	vct: zod.default.string(),
-	format: zSdJwtDcFormatIdentifier,
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
-});
-const zSdJwtDcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	vct: zod.default.string(),
-	format: zSdJwtDcFormatIdentifier,
-	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
-});
-//#endregion
-//#region src/formats/credential/sd-jwt-vc/z-sd-jwt-vc.ts
-/**
-* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
-* of the OpenID for Verifiable Presentations specification. Please update your
-* implementations accordingly.
-*/
-const zLegacySdJwtVcFormatIdentifier = zod.default.literal("vc+sd-jwt");
-/**
-* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
-* of the OpenID for Verifiable Presentations specification. Please update your
-* implementations accordingly.
-*/
-const zLegacySdJwtVcCredentialIssuerMetadataV1 = zCredentialConfigurationSupportedCommon.extend({
-	vct: zod.default.string(),
-	format: zLegacySdJwtVcFormatIdentifier,
-	order: zod.default.optional(zod.default.array(zod.default.string())),
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
-	credential_definition: zod.default.optional(zod.default.never())
-});
-/**
-* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
-* of the OpenID for Verifiable Presentations specification. Please update your
-* implementations accordingly.
-*/
-const zLegacySdJwtVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	vct: zod.default.string(),
-	format: zLegacySdJwtVcFormatIdentifier,
-	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-	order: zod.default.optional(zod.default.array(zod.default.string())),
-	credential_definition: zod.default.optional(zod.default.never())
-});
-/**
-* @deprecated format has been deprecated in favor of "dc+sd-jwt" since Draft 23
-* of the OpenID for Verifiable Presentations specification. Please update your
-* implementations accordingly.
-*/
-const zLegacySdJwtVcCredentialRequestFormatDraft14 = zod.default.object({
-	format: zLegacySdJwtVcFormatIdentifier,
-	vct: zod.default.string(),
-	claims: zod.default.optional(zCredentialConfigurationSupportedClaimsDraft14),
-	credential_definition: zod.default.optional(zod.default.never())
-});
-//#endregion
-//#region src/formats/credential/w3c-vc/z-w3c-vc-common.ts
-const zCredentialSubjectLeafTypeDraft14 = zod.default.object({
-	mandatory: zod.default.boolean().optional(),
-	value_type: zod.default.string().optional(),
-	display: zod.default.array(zod.default.object({
-		name: zod.default.string().optional(),
-		locale: zod.default.string().optional()
-	}).loose()).optional()
-}).loose();
-const zClaimValueSchemaDraft14 = zod.default.union([
-	zod.default.array(zod.default.any()),
-	zod.default.record(zod.default.string(), zod.default.any()),
-	zCredentialSubjectLeafTypeDraft14
-]);
-const zW3cVcCredentialSubjectDraft14 = zod.default.record(zod.default.string(), zClaimValueSchemaDraft14);
-const zW3cVcJsonLdCredentialDefinition = zod.default.object({
-	"@context": zod.default.array(zod.default.string()),
-	type: zod.default.tuple([zod.default.string()], zod.default.string())
-}).loose();
-const zW3cVcJsonLdCredentialDefinitionDraft14 = zW3cVcJsonLdCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
-//#endregion
-//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json.ts
-const zJwtVcJsonFormatIdentifier = zod.default.literal("jwt_vc_json");
-const zJwtVcJsonCredentialDefinition = zod.default.object({ type: zod.default.tuple([zod.default.string()], zod.default.string()) }).loose();
-const zJwtVcJsonCredentialDefinitionDraft14 = zJwtVcJsonCredentialDefinition.extend({ credentialSubject: zW3cVcCredentialSubjectDraft14.optional() });
-const zJwtVcJsonCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	format: zJwtVcJsonFormatIdentifier,
-	credential_definition: zJwtVcJsonCredentialDefinition,
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
-});
-const zJwtVcJsonCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zJwtVcJsonFormatIdentifier,
-	credential_definition: zJwtVcJsonCredentialDefinition,
-	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
-});
-const zJwtVcJsonCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zJwtVcJsonFormatIdentifier,
-	credential_definition: zJwtVcJsonCredentialDefinitionDraft14,
-	order: zod.default.array(zod.default.string()).optional()
-});
-const zJwtVcJsonCredentialIssuerMetadataDraft11 = zod.default.object({
-	format: zJwtVcJsonFormatIdentifier,
-	order: zod.default.array(zod.default.string()).optional(),
-	types: zod.default.tuple([zod.default.string()], zod.default.string()),
-	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).loose();
-const zJwtVcJsonCredentialIssuerMetadataDraft11To14 = zJwtVcJsonCredentialIssuerMetadataDraft11.transform(({ types, credentialSubject, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		type: types,
-		...credentialSubject ? { credentialSubject } : {}
-	}
-}));
-const zJwtVcJsonCredentialIssuerMetadataDraft14To11 = zJwtVcJsonCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-	...rest,
-	types: type,
-	...credentialDefinition
-})).pipe(zJwtVcJsonCredentialIssuerMetadataDraft11);
-const zJwtVcJsonCredentialRequestFormatDraft14 = zod.default.object({
-	format: zJwtVcJsonFormatIdentifier,
-	credential_definition: zJwtVcJsonCredentialDefinition
-});
-const zJwtVcJsonCredentialRequestDraft11 = zod.default.object({
-	format: zJwtVcJsonFormatIdentifier,
-	types: zod.default.tuple([zod.default.string()], zod.default.string()),
-	credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
-}).loose();
-const zJwtVcJsonCredentialRequestDraft11To14 = zJwtVcJsonCredentialRequestDraft11.transform(({ types, credentialSubject, ...rest }) => {
-	return {
-		...rest,
-		credential_definition: {
-			type: types,
-			...credentialSubject ? { credentialSubject } : {}
-		}
-	};
-});
-const zJwtVcJsonCredentialRequestDraft14To11 = zJwtVcJsonCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-	...rest,
-	types: type,
-	...credentialDefinition
-})).pipe(zJwtVcJsonCredentialRequestDraft11);
-//#endregion
-//#region src/formats/credential/w3c-vc/z-w3c-jwt-vc-json-ld.ts
-const zJwtVcJsonLdFormatIdentifier = zod.default.literal("jwt_vc_json-ld");
-const zJwtVcJsonLdCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	format: zJwtVcJsonLdFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinition,
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
-});
-const zJwtVcJsonLdCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zJwtVcJsonLdFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinition,
-	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
-});
-const zJwtVcJsonLdCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zJwtVcJsonLdFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-	order: zod.default.optional(zod.default.array(zod.default.string()))
-});
-const zJwtVcJsonLdCredentialIssuerMetadataDraft11 = zod.default.object({
-	order: zod.default.array(zod.default.string()).optional(),
-	format: zJwtVcJsonLdFormatIdentifier,
-	"@context": zod.default.array(zod.default.string()),
-	types: zod.default.tuple([zod.default.string()], zod.default.string()),
-	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).loose();
-const zJwtVcJsonLdCredentialIssuerMetadataDraft11To14 = zJwtVcJsonLdCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		"@context": context,
-		type: types,
-		...credentialSubject ? { credentialSubject } : {}
-	}
-}));
-const zJwtVcJsonLdCredentialIssuerMetadataDraft14To11 = zJwtVcJsonLdCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-	...rest,
-	...credentialDefinition,
-	types: type
-})).pipe(zJwtVcJsonLdCredentialIssuerMetadataDraft11);
-const zJwtVcJsonLdCredentialRequestFormatDraft14 = zod.default.object({
-	format: zJwtVcJsonLdFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinition
-});
-const zJwtVcJsonLdCredentialRequestDraft11 = zod.default.object({
-	format: zJwtVcJsonLdFormatIdentifier,
-	credential_definition: zod.default.object({
-		"@context": zod.default.array(zod.default.string()),
-		types: zod.default.tuple([zod.default.string()], zod.default.string()),
-		credentialSubject: zod.default.optional(zW3cVcCredentialSubjectDraft14)
-	}).loose()
-}).loose();
-const zJwtVcJsonLdCredentialRequestDraft11To14 = zJwtVcJsonLdCredentialRequestDraft11.transform(({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		...restCredentialDefinition,
-		type: types
-	}
-}));
-const zJwtVcJsonLdCredentialRequestDraft14To11 = zJwtVcJsonLdCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		...restCredentialDefinition,
-		types: type
-	}
-})).pipe(zJwtVcJsonLdCredentialRequestDraft11);
-//#endregion
-//#region src/formats/credential/w3c-vc/z-w3c-ldp-vc.ts
-const zLdpVcFormatIdentifier = zod.default.literal("ldp_vc");
-const zLdpVcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	format: zLdpVcFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinition,
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional()
-});
-const zLdpVcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zLdpVcFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinition,
-	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional()
-});
-const zLdpVcCredentialIssuerMetadataDraft14 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zLdpVcFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14,
-	order: zod.default.array(zod.default.string()).optional()
-});
-const zLdpVcCredentialIssuerMetadataDraft11 = zod.default.object({
-	order: zod.default.array(zod.default.string()).optional(),
-	format: zLdpVcFormatIdentifier,
-	"@context": zod.default.array(zod.default.string()),
-	types: zod.default.tuple([zod.default.string()], zod.default.string()),
-	credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-}).loose();
-const zLdpVcCredentialIssuerMetadataDraft11To14 = zLdpVcCredentialIssuerMetadataDraft11.transform(({ "@context": context, types, credentialSubject, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		"@context": context,
-		type: types,
-		...credentialSubject ? { credentialSubject } : {}
-	}
-}));
-const zLdpVcCredentialIssuerMetadataDraft14To11 = zLdpVcCredentialIssuerMetadataDraft14.loose().transform(({ credential_definition: { type, ...credentialDefinition }, ...rest }) => ({
-	...rest,
-	...credentialDefinition,
-	types: type
-})).pipe(zLdpVcCredentialIssuerMetadataDraft11);
-const zLdpVcCredentialRequestFormatDraft14 = zod.default.object({
-	format: zLdpVcFormatIdentifier,
-	credential_definition: zW3cVcJsonLdCredentialDefinitionDraft14
-});
-const zLdpVcCredentialRequestDraft11 = zod.default.object({
-	format: zLdpVcFormatIdentifier,
-	credential_definition: zod.default.object({
-		"@context": zod.default.array(zod.default.string()),
-		types: zod.default.tuple([zod.default.string()], zod.default.string()),
-		credentialSubject: zW3cVcCredentialSubjectDraft14.optional()
-	})
-}).loose();
-const zLdpVcCredentialRequestDraft11To14 = zLdpVcCredentialRequestDraft11.transform(({ credential_definition: { types, ...restCredentialDefinition }, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		...restCredentialDefinition,
-		type: types
-	}
-}));
-const zLdpVcCredentialRequestDraft14To11 = zLdpVcCredentialRequestFormatDraft14.loose().transform(({ credential_definition: { type, ...restCredentialDefinition }, ...rest }) => ({
-	...rest,
-	credential_definition: {
-		...restCredentialDefinition,
-		types: type
-	}
-})).pipe(zLdpVcCredentialRequestDraft11);
-//#endregion
-//#region src/formats/credential/w3c-vc/z-w3c-sd-jwt-vc.ts
-const zSdJwtW3VcFormatIdentifier = zod.default.literal("vc+sd-jwt");
-const zSdJwtW3VcCredentialDefinition = zod.default.object({ type: zod.default.tuple([zod.default.string()], zod.default.string()) }).loose();
-const zSdJwtW3VcCredentialIssuerMetadata = zCredentialConfigurationSupportedCommon.extend({
-	format: zSdJwtW3VcFormatIdentifier,
-	credential_definition: zSdJwtW3VcCredentialDefinition,
-	credential_signing_alg_values_supported: zod.default.array(zod.default.string()).optional(),
-	credential_metadata: zCredentialConfigurationSupportedCommonCredentialMetadata.extend({ claims: zod.default.array(zIssuerMetadataClaimsDescription).optional() }).optional(),
-	vct: zod.default.optional(zod.default.never())
-});
-const zSdJwtW3VcCredentialIssuerMetadataDraft15 = zCredentialConfigurationSupportedCommonDraft15.extend({
-	format: zSdJwtW3VcFormatIdentifier,
-	credential_definition: zSdJwtW3VcCredentialDefinition,
-	claims: zod.default.array(zIssuerMetadataClaimsDescription).optional(),
-	vct: zod.default.optional(zod.default.never())
-});
-const zSdJwtW3VcCredentialRequestFormatDraft14 = zod.default.object({
-	format: zSdJwtW3VcFormatIdentifier,
-	credential_definition: zSdJwtW3VcCredentialDefinition,
-	vct: zod.default.optional(zod.default.never())
-});
-//#endregion
-//#region src/metadata/credential-issuer/z-credential-issuer-metadata.ts
-const allCredentialIssuerMetadataFormats = [
-	zSdJwtDcCredentialIssuerMetadata,
-	zMsoMdocCredentialIssuerMetadata,
-	zJwtVcJsonLdCredentialIssuerMetadata,
-	zLdpVcCredentialIssuerMetadata,
-	zJwtVcJsonCredentialIssuerMetadata,
-	zSdJwtW3VcCredentialIssuerMetadata,
-	zSdJwtW3VcCredentialIssuerMetadataDraft15,
-	zLegacySdJwtVcCredentialIssuerMetadataV1,
-	zSdJwtDcCredentialIssuerMetadataDraft15,
-	zMsoMdocCredentialIssuerMetadataDraft15,
-	zJwtVcJsonLdCredentialIssuerMetadataDraft15,
-	zLdpVcCredentialIssuerMetadataDraft15,
-	zJwtVcJsonCredentialIssuerMetadataDraft15,
-	zMsoMdocCredentialIssuerMetadataDraft14,
-	zLegacySdJwtVcCredentialIssuerMetadataDraft14,
-	zJwtVcJsonLdCredentialIssuerMetadataDraft14,
-	zLdpVcCredentialIssuerMetadataDraft14,
-	zJwtVcJsonCredentialIssuerMetadataDraft14
-];
-const allCredentialIssuerMetadataFormatIdentifiers = allCredentialIssuerMetadataFormats.map((format) => format.shape.format.value);
-const zCredentialConfigurationSupportedWithFormats = zod.default.union([zCredentialConfigurationSupportedCommon, zCredentialConfigurationSupportedCommonDraft15]).transform((data, ctx) => {
-	if (!allCredentialIssuerMetadataFormatIdentifiers.includes(data.format)) return data;
-	const validators = allCredentialIssuerMetadataFormats.filter((formatValidator) => formatValidator.shape.format.value === data.format);
-	const result = zod.default.object({}).loose().and(validators.length > 1 ? zod.default.union(validators) : validators[0]).safeParse(data);
-	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue({
-		...issue,
-		code: issue.code
-	});
-	return zod.default.NEVER;
-});
-const zCredentialIssuerMetadataDisplayEntry = zod.default.object({
-	name: zod.default.string().optional(),
-	locale: zod.default.string().optional(),
-	logo: zod.default.object({
-		uri: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional(),
-		alt_text: zod.default.string().optional()
-	}).loose().optional()
-}).loose();
-const zCredentialIssuerMetadataDraft14Draft15V1 = zod.default.object({
-	credential_issuer: __openid4vc_utils.zHttpsUrl,
-	authorization_servers: zod.default.array(__openid4vc_utils.zHttpsUrl).optional(),
-	credential_endpoint: __openid4vc_utils.zHttpsUrl,
-	deferred_credential_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
-	notification_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
-	nonce_endpoint: __openid4vc_utils.zHttpsUrl.optional(),
-	credential_response_encryption: zod.default.object({
-		alg_values_supported: zod.default.array(zod.default.string()),
-		enc_values_supported: zod.default.array(zod.default.string()),
-		encryption_required: zod.default.boolean()
-	}).loose().optional(),
-	batch_credential_issuance: zod.default.object({ batch_size: zod.default.number().positive() }).loose().optional(),
-	display: zod.default.array(zCredentialIssuerMetadataDisplayEntry).optional(),
-	credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedCommon)
-}).loose();
-const zCredentialConfigurationSupportedDraft11ToV1 = zod.default.object({
-	id: zod.default.string().optional(),
-	format: zod.default.string(),
-	cryptographic_suites_supported: zod.default.array(zod.default.string()).optional(),
-	display: zod.default.array(zod.default.object({
-		logo: zod.default.object({ url: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional(),
-		background_image: zod.default.object({ url: __openid4vc_utils.zHttpsUrl.or(__openid4vc_utils.zDataUrl).optional() }).loose().optional()
-	}).loose()).optional(),
-	claims: zod.default.any().optional()
-}).loose().transform(({ cryptographic_suites_supported, display, claims, id, format, ...rest }) => ({
-	...rest,
-	format,
-	...cryptographic_suites_supported ? { credential_signing_alg_values_supported: format === zMsoMdocFormatIdentifier.value ? (0, __openid4vc_oauth2.jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray)(cryptographic_suites_supported) : cryptographic_suites_supported } : {},
-	...claims || display ? { credential_metadata: {
-		...claims ? { claims } : {},
-		...display ? { display: display.map(({ logo, background_image, ...displayRest }) => ({
-			...displayRest,
-			...logo?.url ? { logo: { uri: logo.url } } : {},
-			...background_image?.url ? { background_image: { uri: background_image.url } } : {}
-		})) } : {}
-	} } : {}
-})).transform((data, ctx) => {
-	const formatSpecificTransformations = {
-		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialIssuerMetadataDraft11To14,
-		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialIssuerMetadataDraft11To14,
-		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialIssuerMetadataDraft11To14
-	};
-	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-	const result = formatSpecificTransformations[data.format].safeParse(data);
-	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue({
-		...issue,
-		code: issue.code
-	});
-	return zod.default.NEVER;
-}).pipe(zCredentialConfigurationSupportedWithFormats);
-const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata, ...rest }) => ({
-	...credential_metadata,
-	...rest
-})).and(zod.default.object({ id: zod.default.string() }).loose()).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, format, ...rest }) => ({
-	...rest,
-	format,
-	...credential_signing_alg_values_supported ? { cryptographic_suites_supported: format === zMsoMdocFormatIdentifier.value && typeof credential_signing_alg_values_supported[0] === "number" ? (0, __openid4vc_oauth2.fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray)(credential_signing_alg_values_supported) : credential_signing_alg_values_supported } : {},
-	...display ? { display: display.map(({ logo, background_image, ...displayRest }) => {
-		const { uri: logoUri, ...logoRest } = logo ?? {};
-		const { uri: backgroundImageUri, ...backgroundImageRest } = background_image ?? {};
-		return {
-			...displayRest,
-			...logoUri ? { logo: {
-				url: logoUri,
-				...logoRest
-			} } : {},
-			...backgroundImageUri ? { logo: {
-				url: backgroundImageUri,
-				...backgroundImageRest
-			} } : {}
-		};
-	}) } : {},
-	id
-})).pipe(zod.default.union([
-	zLdpVcCredentialIssuerMetadataDraft14To11,
-	zJwtVcJsonCredentialIssuerMetadataDraft14To11,
-	zJwtVcJsonLdCredentialIssuerMetadataDraft14To11,
-	zod.default.object({ format: zod.default.string().refine((input) => ![
-		zLdpVcFormatIdentifier.value,
-		zJwtVcJsonFormatIdentifier.value,
-		zJwtVcJsonLdFormatIdentifier.value
-	].includes(input)) }).loose()
-]));
-const zCredentialIssuerMetadataDraft11ToV1 = zod.default.object({
-	authorization_server: zod.default.string().optional(),
-	credentials_supported: zod.default.array(zod.default.object({ id: zod.default.string().optional() }).loose())
-}).loose().transform(({ authorization_server, credentials_supported, ...rest }) => {
-	return {
-		...rest,
-		...authorization_server ? { authorization_servers: [authorization_server] } : {},
-		credential_configurations_supported: Object.fromEntries(credentials_supported.map((supported) => supported.id ? [supported.id, supported] : void 0).filter((i) => i !== void 0))
-	};
-}).pipe(zod.default.object({ credential_configurations_supported: zod.default.record(zod.default.string(), zCredentialConfigurationSupportedDraft11ToV1) }).loose()).pipe(zCredentialIssuerMetadataDraft14Draft15V1);
-const zCredentialIssuerMetadataWithDraft11 = zCredentialIssuerMetadataDraft14Draft15V1.transform((issuerMetadata) => ({
-	...issuerMetadata,
-	...issuerMetadata.authorization_servers ? { authorization_server: issuerMetadata.authorization_servers[0] } : {},
-	credentials_supported: Object.entries(issuerMetadata.credential_configurations_supported).map(([id, value]) => ({
-		...value,
-		id
-	}))
-})).pipe(zCredentialIssuerMetadataDraft14Draft15V1.extend({ credentials_supported: zod.default.array(zCredentialConfigurationSupportedV1ToDraft11) }));
-const zCredentialIssuerMetadata = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1, zCredentialIssuerMetadataDraft11ToV1]);
-const zCredentialIssuerMetadataWithDraftVersion = zod.default.union([zCredentialIssuerMetadataDraft14Draft15V1.transform((credentialIssuerMetadata) => {
-	const credentialConfigurations = Object.values(credentialIssuerMetadata.credential_configurations_supported);
-	const isDraft15 = credentialConfigurations.some((configuration) => {
-		const knownConfiguration = configuration;
-		if (knownConfiguration.format === zSdJwtDcFormatIdentifier.value) return true;
-		if (Array.isArray(knownConfiguration.claims)) return true;
-		if (Object.values(knownConfiguration.proof_types_supported ?? {}).some((proofType) => proofType.key_attestations_required !== void 0)) return true;
-		return false;
-	});
-	return {
-		credentialIssuerMetadata,
-		originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata || configuration.format === "mso_mdoc" && configuration.credential_signing_alg_values_supported?.some((supported) => typeof supported === "number")) ? Openid4vciDraftVersion.V1 : isDraft15 ? Openid4vciDraftVersion.Draft15 : Openid4vciDraftVersion.Draft14
-	};
-}), zCredentialIssuerMetadataDraft11ToV1.transform((credentialIssuerMetadata) => ({
-	credentialIssuerMetadata,
-	originalDraftVersion: Openid4vciDraftVersion.Draft11
-}))]);
-//#endregion
-//#region src/metadata/credential-issuer/credential-configurations.ts
-function extractScopesForCredentialConfigurationIds(options) {
-	const scopes = /* @__PURE__ */ new Set();
-	for (const credentialConfigurationId of options.credentialConfigurationIds) {
-		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-		if (!credentialConfiguration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in metadata from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
-		const scope = credentialConfiguration.scope;
-		if (scope) scopes.add(scope);
-		else if (!scope && options.throwOnConfigurationWithoutScope) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' does not have a 'scope' configured, and 'throwOnConfigurationWithoutScope' was enabled.`);
-	}
-	return scopes.size > 0 ? Array.from(scopes) : void 0;
-}
-/**
-* Transforms draft 11 credentials supported syntax to credential configurations supported
-*
-* @throws if a credentials supported entry without id is passed
-* @throws if a credentials supported entry with invalid structure or format specific properties is passed
-*/
-function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupported) {
-	const credentialConfigurationsSupported = {};
-	for (let index = 0; index < credentialsSupported.length; index++) {
-		const credentialSupported = credentialsSupported[index];
-		if (!credentialSupported.id) throw new Openid4vciError(`Credential supported at index '${index}' does not have an 'id' property. Credential configuration requires the 'id' property as key`);
-		const parseResult = zCredentialConfigurationSupportedDraft11ToV1.safeParse(credentialSupported);
-		if (!parseResult.success) throw new __openid4vc_utils.ValidationError(`Error transforming credential supported with id '${credentialSupported.id}' to credential configuration supported format`, parseResult.error);
-		credentialConfigurationsSupported[credentialSupported.id] = parseResult.data;
-	}
-	return credentialConfigurationsSupported;
-}
-//#endregion
-//#region src/metadata/credential-issuer/z-signed-credential-issuer-metadata.ts
-const zSignedCredentialIssuerMetadataHeader = zod.default.object({
-	...__openid4vc_oauth2.zJwtHeader.shape,
-	typ: zod.default.literal("openidvci-issuer-metadata+jwt")
-}).loose();
-const zSignedCredentialIssuerMetadataPayload = zod.default.object({
-	...__openid4vc_oauth2.zJwtPayload.shape,
-	iat: __openid4vc_utils.zInteger,
-	sub: zod.default.string(),
-	...zCredentialIssuerMetadataDraft14Draft15V1.shape
-}).loose();
-//#endregion
-//#region src/metadata/credential-issuer/credential-issuer-metadata.ts
-const wellKnownCredentialIssuerSuffix = ".well-known/openid-credential-issuer";
-/**
-* @inheritdoc {@link fetchWellKnownMetadata}
-*/
-async function fetchCredentialIssuerMetadata(credentialIssuer, options) {
-	const parsedIssuerUrl = new __openid4vc_utils.URL(credentialIssuer);
-	const legacyWellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(credentialIssuer, [wellKnownCredentialIssuerSuffix]);
-	const wellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(parsedIssuerUrl.origin, [wellKnownCredentialIssuerSuffix, parsedIssuerUrl.pathname]);
-	const acceptedContentType = options?.callbacks?.verifyJwt ? [__openid4vc_utils.ContentType.Jwt, __openid4vc_utils.ContentType.Json] : [__openid4vc_utils.ContentType.Json];
-	const responseSchema = zCredentialIssuerMetadataWithDraftVersion.or(__openid4vc_oauth2.zCompactJwt);
-	let result = await (0, __openid4vc_oauth2.fetchWellKnownMetadata)(wellKnownMetadataUrl, responseSchema, {
-		fetch: options?.callbacks?.fetch,
-		acceptedContentType
-	});
-	if (!result && legacyWellKnownMetadataUrl !== wellKnownMetadataUrl) result = await (0, __openid4vc_oauth2.fetchWellKnownMetadata)(legacyWellKnownMetadataUrl, responseSchema, {
-		fetch: options?.callbacks?.fetch,
-		acceptedContentType
-	});
-	let issuerMetadataWithVersion = null;
-	if (typeof result === "string") {
-		if (!options?.callbacks?.verifyJwt) throw new __openid4vc_oauth2.Oauth2Error(`Unable to verify signed credential issuer metadata, no 'verifyJwt' callback provided to fetch credential issuer metadata method.`);
-		const { header, payload, signature } = (0, __openid4vc_oauth2.decodeJwt)({
-			jwt: result,
-			headerSchema: zSignedCredentialIssuerMetadataHeader,
-			payloadSchema: zSignedCredentialIssuerMetadataPayload
-		});
-		if (payload.sub !== credentialIssuer) throw new __openid4vc_oauth2.Oauth2Error(`The 'sub' parameter '${payload.sub}' in the signed well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`);
-		const signer = (0, __openid4vc_oauth2.jwtSignerFromJwt)({
-			header,
-			payload
-		});
-		const verifyResult = await (0, __openid4vc_oauth2.verifyJwt)({
-			compact: result,
-			header,
-			payload,
-			verifyJwtCallback: options.callbacks.verifyJwt,
-			now: options.now,
-			signer,
-			errorMessage: "signed credential issuer metadata jwt verification failed"
-		});
-		issuerMetadataWithVersion = {
-			...(0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraftVersion, payload, "Unable to determine version for signed issuer metadata"),
-			signed: {
-				signer: verifyResult.signer,
-				jwt: {
-					header,
-					payload,
-					signature,
-					compact: result
-				}
-			}
-		};
-	} else if (result) issuerMetadataWithVersion = result;
-	if (issuerMetadataWithVersion && issuerMetadataWithVersion.credentialIssuerMetadata.credential_issuer !== credentialIssuer) throw new __openid4vc_oauth2.Oauth2Error(`The 'credential_issuer' parameter '${issuerMetadataWithVersion.credentialIssuerMetadata.credential_issuer}' in the well known credential issuer metadata at '${wellKnownMetadataUrl}' does not match the provided credential issuer '${credentialIssuer}'.`);
-	return issuerMetadataWithVersion;
-}
-/**
-* Extract credential configuration supported entries where the `format` is known to this
-* library and the configuration validates correctly. Should be ran only after verifying
-* the credential issuer metadata structure, so we can be certain that if the `format`
-* matches the other format specific requirements are also met.
-*
-* Validation is done when resolving issuer metadata, or when calling `createIssuerMetadata`.
-*/
-function extractKnownCredentialConfigurationSupportedFormats(credentialConfigurationsSupported) {
-	return Object.fromEntries(Object.entries(credentialConfigurationsSupported).filter((entry) => {
-		const credentialConfiguration = zCredentialConfigurationSupportedWithFormats.safeParse(entry[1]);
-		if (!credentialConfiguration.success) return false;
-		return allCredentialIssuerMetadataFormatIdentifiers.includes(credentialConfiguration.data.format);
-	}));
-}
-/**
-* Get a known credential configuration supported by its id, it will throw an error if the configuration
-* is not found or if its found but the credential configuration is invalid.
-*/
-function getKnownCredentialConfigurationSupportedById(issuerMetadata, credentialConfigurationId) {
-	const configuration = issuerMetadata.credentialIssuer.credential_configurations_supported[credentialConfigurationId];
-	if (!configuration) throw new __openid4vc_oauth2.Oauth2Error(`Credential configuration with id '${credentialConfigurationId}' not found in credential configurations supported.`);
-	if (!issuerMetadata.knownCredentialConfigurations[credentialConfigurationId]) (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialConfigurationSupportedWithFormats, configuration, `Credential configuration with id '${credentialConfigurationId}' is not valid`);
-	return issuerMetadata.knownCredentialConfigurations[credentialConfigurationId];
-}
-//#endregion
-//#region src/credential-request/format-payload.ts
-function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
-	const credentialConfiguration = getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
-	if ((0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		vct: credentialConfiguration.vct
-	};
-	if ((0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		doctype: credentialConfiguration.doctype
-	};
-	if ((0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zLdpVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		credential_definition: {
-			"@context": credentialConfiguration.credential_definition["@context"],
-			type: credentialConfiguration.credential_definition.type
-		}
-	};
-	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonLdCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		credential_definition: {
-			"@context": credentialConfiguration.credential_definition["@context"],
-			type: credentialConfiguration.credential_definition.type
-		}
-	};
-	if ((0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadata, credentialConfiguration) || (0, __openid4vc_utils.zIs)(zJwtVcJsonCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		credential_definition: { type: credentialConfiguration.credential_definition.type }
-	};
-	if ((0, __openid4vc_utils.zIs)(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration)) throw new Openid4vciError(`Credential configuration id '${options.credentialConfigurationId}' with format ${zLegacySdJwtVcFormatIdentifier.value} does not support credential request based on 'format'. Use 'credential_configuration_id' directly.`);
-	if ((0, __openid4vc_utils.zIs)(zSdJwtW3VcCredentialIssuerMetadata, credentialConfiguration)) return {
-		format: credentialConfiguration.format,
-		credential_definition: { type: credentialConfiguration.credential_definition.type }
-	};
-	throw new Openid4vciError(`Unknown format '${credentialConfiguration.format}' in credential configuration with id '${options.credentialConfigurationId}' for credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
-}
-//#endregion
-//#region src/formats/proof-type/attestation/z-attestation-proof-type.ts
-const zAttestationProofTypeIdentifier = zod.default.literal("attestation");
-const attestationProofTypeIdentifier = zAttestationProofTypeIdentifier.value;
-const zCredentialRequestProofAttestation = zod.default.object({
-	proof_type: zAttestationProofTypeIdentifier,
-	attestation: __openid4vc_oauth2.zCompactJwt
-});
-const zCredentialRequestAttestationProofTypePayload = zKeyAttestationJwtPayloadForUse("proof_type.attestation");
-//#endregion
-//#region src/formats/proof-type/jwt/z-jwt-proof-type.ts
-const zJwtProofTypeIdentifier = zod.default.literal("jwt");
-const jwtProofTypeIdentifier = zJwtProofTypeIdentifier.value;
-const zCredentialRequestProofJwt = zod.default.object({
-	proof_type: zJwtProofTypeIdentifier,
-	jwt: __openid4vc_oauth2.zCompactJwt
-});
-const zCredentialRequestJwtProofTypeHeader = __openid4vc_oauth2.zJwtHeader.extend({
-	key_attestation: zod.default.optional(__openid4vc_oauth2.zCompactJwt),
-	typ: zod.default.literal("openid4vci-proof+jwt")
-}).loose().refine(({ kid, jwk }) => jwk === void 0 || kid === void 0, { message: `Both 'jwk' and 'kid' are defined. Only one is allowed` }).refine(({ trust_chain, kid }) => !trust_chain || !kid, { message: `When 'trust_chain' is provided, 'kid' is required` });
-const zCredentialRequestJwtProofTypePayload = zod.default.object({
-	...__openid4vc_oauth2.zJwtPayload.shape,
-	aud: zod.default.union([__openid4vc_utils.zHttpsUrl, zod.default.array(__openid4vc_utils.zHttpsUrl)]),
-	iat: __openid4vc_utils.zInteger
-}).loose();
-//#endregion
-//#region src/credential-request/z-credential-request-common.ts
-const zCredentialRequestProofCommon = zod.default.object({ proof_type: zod.default.string() }).loose();
-const allCredentialRequestProofs = [zCredentialRequestProofJwt, zCredentialRequestProofAttestation];
-const zCredentialRequestProof = zod.default.union([zCredentialRequestProofCommon, zod.default.discriminatedUnion("proof_type", allCredentialRequestProofs)]);
-const zCredentialRequestProofsCommon = zod.default.record(zod.default.string(), zod.default.array(zod.default.unknown()));
-const zCredentialRequestProofs = zod.default.object({
-	[zJwtProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofJwt.shape.jwt)),
-	[zAttestationProofTypeIdentifier.value]: zod.default.optional(zod.default.array(zCredentialRequestProofAttestation.shape.attestation))
-});
-const zCredentialRequestCommon = zod.default.object({
-	proof: zCredentialRequestProof.optional(),
-	proofs: zod.default.optional(zod.default.intersection(zCredentialRequestProofsCommon, zCredentialRequestProofs).refine((proofs) => Object.values(proofs).length === 1, { message: `The 'proofs' object in a credential request should contain exactly one attribute` })),
-	credential_response_encryption: zod.default.object({
-		jwk: __openid4vc_oauth2.zJwk,
-		alg: zod.default.string(),
-		enc: zod.default.string()
-	}).loose().optional()
-}).loose().refine(({ proof, proofs }) => !(proof !== void 0 && proofs !== void 0), { message: `Both 'proof' and 'proofs' are defined. Only one is allowed` });
-//#endregion
-//#region src/credential-request/z-credential-request.ts
-const allCredentialRequestFormats = [
-	zSdJwtW3VcCredentialRequestFormatDraft14,
-	zMsoMdocCredentialRequestFormatDraft14,
-	zLdpVcCredentialRequestFormatDraft14,
-	zJwtVcJsonLdCredentialRequestFormatDraft14,
-	zJwtVcJsonCredentialRequestFormatDraft14,
-	zLegacySdJwtVcCredentialRequestFormatDraft14
-];
-const allCredentialRequestFormatIdentifiers = allCredentialRequestFormats.map((format) => format.shape.format.value);
-const zCredentialRequestCredentialConfigurationId = zod.default.object({
-	credential_configuration_id: zod.default.string(),
-	format: zod.default.never({ message: "'format' cannot be defined when 'credential_configuration_id' is set." }).optional(),
-	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'credential_configuration_id' is set." }).optional()
-});
-const zAuthorizationDetailsCredentialRequest = zod.default.object({
-	credential_identifier: zod.default.string(),
-	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'credential_identifier' is set." }).optional(),
-	format: zod.default.never({ message: "'format' cannot be defined when 'credential_identifier' is set." }).optional()
-});
-const zCredentialRequestFormat = zod.default.object({
-	format: zod.default.string(),
-	credential_identifier: zod.default.never({ message: "'credential_identifier' cannot be defined when 'format' is set." }).optional(),
-	credential_configuration_id: zod.default.never({ message: "'credential_configuration_id' cannot be defined when 'format' is set." }).optional()
-}).loose();
-const zCredentialRequestDraft14WithFormat = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-	if (!allCredentialRequestFormatIdentifiers.includes(data.format)) return data;
-	const result = zod.default.object({}).loose().and(zod.default.union(allCredentialRequestFormats)).safeParse(data);
-	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue({
-		...issue,
-		code: issue.code
-	});
-	return zod.default.NEVER;
-});
-const zCredentialRequestDraft15 = zod.default.union([zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest), zCredentialRequestCommon.and(zCredentialRequestCredentialConfigurationId)]);
-const zCredentialRequestDraft14 = zod.default.union([zCredentialRequestDraft14WithFormat, zCredentialRequestCommon.and(zAuthorizationDetailsCredentialRequest)]);
-const zCredentialRequestDraft11To14 = zCredentialRequestCommon.and(zCredentialRequestFormat).transform((data, ctx) => {
-	const formatSpecificTransformations = {
-		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft11To14,
-		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft11To14,
-		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft11To14
-	};
-	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-	const result = formatSpecificTransformations[data.format].safeParse(data);
-	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue({
-		...issue,
-		code: issue.code
-	});
-	return zod.default.NEVER;
-}).pipe(zCredentialRequestDraft14);
-const zCredentialRequestDraft14To11 = zCredentialRequestDraft14.transform((data, ctx) => {
-	if (data.credential_identifier !== void 0) {
-		ctx.addIssue({
-			code: "custom",
-			continue: false,
-			message: `'credential_identifier' is not supported in OpenID4VCI draft 11`,
-			path: ["credential_identifier"]
-		});
-		return zod.default.NEVER;
-	}
-	const formatSpecificTransformations = {
-		[zLdpVcFormatIdentifier.value]: zLdpVcCredentialRequestDraft14To11,
-		[zJwtVcJsonFormatIdentifier.value]: zJwtVcJsonCredentialRequestDraft14To11,
-		[zJwtVcJsonLdFormatIdentifier.value]: zJwtVcJsonLdCredentialRequestDraft14To11
-	};
-	if (!Object.keys(formatSpecificTransformations).includes(data.format)) return data;
-	const result = formatSpecificTransformations[data.format].safeParse(data);
-	if (result.success) return result.data;
-	for (const issue of result.error.issues) ctx.addIssue({
-		...issue,
-		code: issue.code
-	});
-	return zod.default.NEVER;
-});
-const zCredentialRequest = zod.default.union([
-	zCredentialRequestDraft15,
-	zCredentialRequestDraft14,
-	zCredentialRequestDraft11To14
-]);
-const zDeferredCredentialRequest = zod.default.object({
-	transaction_id: zod.default.string().nonempty(),
-	credential_response_encryption: zod.default.object({
-		jwk: __openid4vc_oauth2.zJwk,
-		alg: zod.default.string(),
-		enc: zod.default.string()
-	}).loose().optional()
-});
-//#endregion
-//#region ../oauth2/src/common/z-oauth2-error.ts
-let Oauth2ErrorCodes$2 = /* @__PURE__ */ function(Oauth2ErrorCodes$3) {
-	Oauth2ErrorCodes$3["ServerError"] = "server_error";
-	Oauth2ErrorCodes$3["InvalidTarget"] = "invalid_target";
-	Oauth2ErrorCodes$3["InvalidRequest"] = "invalid_request";
-	Oauth2ErrorCodes$3["InvalidToken"] = "invalid_token";
-	Oauth2ErrorCodes$3["InsufficientScope"] = "insufficient_scope";
-	Oauth2ErrorCodes$3["InvalidGrant"] = "invalid_grant";
-	Oauth2ErrorCodes$3["InvalidClient"] = "invalid_client";
-	Oauth2ErrorCodes$3["UnauthorizedClient"] = "unauthorized_client";
-	Oauth2ErrorCodes$3["UnsupportedGrantType"] = "unsupported_grant_type";
-	Oauth2ErrorCodes$3["InvalidScope"] = "invalid_scope";
-	Oauth2ErrorCodes$3["InvalidDpopProof"] = "invalid_dpop_proof";
-	Oauth2ErrorCodes$3["UseDpopNonce"] = "use_dpop_nonce";
-	Oauth2ErrorCodes$3["RedirectToWeb"] = "redirect_to_web";
-	Oauth2ErrorCodes$3["InvalidSession"] = "invalid_session";
-	Oauth2ErrorCodes$3["InsufficientAuthorization"] = "insufficient_authorization";
-	Oauth2ErrorCodes$3["InvalidCredentialRequest"] = "invalid_credential_request";
-	Oauth2ErrorCodes$3["CredentialRequestDenied"] = "credential_request_denied";
-	Oauth2ErrorCodes$3["InvalidProof"] = "invalid_proof";
-	Oauth2ErrorCodes$3["InvalidNonce"] = "invalid_nonce";
-	Oauth2ErrorCodes$3["InvalidEncryptionParameters"] = "invalid_encryption_parameters";
-	Oauth2ErrorCodes$3["UnknownCredentialConfiguration"] = "unknown_credential_configuration";
-	Oauth2ErrorCodes$3["UnknownCredentialIdentifier"] = "unknown_credential_identifier";
-	Oauth2ErrorCodes$3["InvalidTransactionId"] = "invalid_transaction_id";
-	Oauth2ErrorCodes$3["UnsupportedCredentialType"] = "unsupported_credential_type";
-	Oauth2ErrorCodes$3["UnsupportedCredentialFormat"] = "unsupported_credential_format";
-	Oauth2ErrorCodes$3["InvalidRequestUri"] = "invalid_request_uri";
-	Oauth2ErrorCodes$3["InvalidRequestObject"] = "invalid_request_object";
-	Oauth2ErrorCodes$3["RequestNotSupported"] = "request_not_supported";
-	Oauth2ErrorCodes$3["RequestUriNotSupported"] = "request_uri_not_supported";
-	Oauth2ErrorCodes$3["VpFormatsNotSupported"] = "vp_formats_not_supported";
-	Oauth2ErrorCodes$3["AccessDenied"] = "access_denied";
-	Oauth2ErrorCodes$3["InvalidPresentationDefinitionUri"] = "invalid_presentation_definition_uri";
-	Oauth2ErrorCodes$3["InvalidPresentationDefinitionReference"] = "invalid_presentation_definition_reference";
-	Oauth2ErrorCodes$3["InvalidRequestUriMethod"] = "invalid_request_uri_method";
-	Oauth2ErrorCodes$3["InvalidTransactionData"] = "invalid_transaction_data";
-	Oauth2ErrorCodes$3["WalletUnavailable"] = "wallet_unavailable";
-	return Oauth2ErrorCodes$3;
-}({});
-const zOauth2ErrorResponse = zod.default.object({
-	error: zod.default.union([zod.default.enum(Oauth2ErrorCodes$2), zod.default.string()]),
-	error_description: zod.default.string().optional(),
-	error_uri: zod.default.string().optional()
-}).loose();
-//#endregion
-//#region src/credential-request/z-credential-response.ts
-const zCredentialEncoding = zod.default.union([zod.default.string(), zod.default.record(zod.default.string(), zod.default.any())]);
-const zBaseCredentialResponse = zod.default.object({
-	credentials: zod.default.union([zod.default.array(zod.default.object({ credential: zCredentialEncoding })), zod.default.array(zCredentialEncoding)]).optional(),
-	notification_id: zod.default.string().optional(),
-	transaction_id: zod.default.string().optional(),
-	interval: zod.default.number().int().positive().optional()
-}).loose();
-const zCredentialResponse = zBaseCredentialResponse.extend({
-	credential: zod.default.optional(zCredentialEncoding),
-	c_nonce: zod.default.string().optional(),
-	c_nonce_expires_in: zod.default.number().int().optional()
-}).loose().superRefine((value, ctx) => {
-	const { credential, credentials, transaction_id, interval, notification_id } = value;
-	if ([
-		credential,
-		credentials,
-		transaction_id
-	].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
-		code: "custom",
-		message: `Exactly one of 'credential', 'credentials', or 'transaction_id' MUST be defined.`
-	});
-	if (transaction_id && !interval) ctx.addIssue({
-		code: "custom",
-		message: `'interval' MUST be defined when 'transaction_id' is defined.`
-	});
-	if (notification_id && !(credentials || credential)) ctx.addIssue({
-		code: "custom",
-		message: `'notification_id' MUST NOT be defined when 'credential' or 'credentials' are not defined.`
-	});
-});
-const zCredentialErrorResponse = zod.default.object({
-	...zOauth2ErrorResponse.shape,
-	c_nonce: zod.default.string().optional(),
-	c_nonce_expires_in: zod.default.number().int().optional()
-}).loose();
-const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value, ctx) => {
-	const { credentials, transaction_id, interval, notification_id } = value;
-	if ([credentials, transaction_id].filter((i) => i !== void 0).length !== 1) ctx.addIssue({
-		code: "custom",
-		message: `Exactly one of 'credentials', or 'transaction_id' MUST be defined.`
-	});
-	if (transaction_id && !interval) ctx.addIssue({
-		code: "custom",
-		message: `'interval' MUST be defined when 'transaction_id' is defined.`
-	});
-	if (notification_id && credentials) ctx.addIssue({
-		code: "custom",
-		message: `'notification_id' MUST NOT be defined when 'credentials' is not defined.`
-	});
-});
-//#endregion
-//#region src/credential-request/retrieve-credentials.ts
-async function retrieveCredentialsWithCredentialConfigurationId(options) {
-	if (options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
-	getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
-	const credentialRequest = {
-		...options.additionalRequestPayload,
-		credential_configuration_id: options.credentialConfigurationId,
-		proof: options.proof,
-		proofs: options.proofs
-	};
-	return retrieveCredentials({
-		callbacks: options.callbacks,
-		credentialRequest,
-		issuerMetadata: options.issuerMetadata,
-		accessToken: options.accessToken,
-		dpop: options.dpop
-	});
-}
-async function retrieveCredentialsWithFormat(options) {
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) throw new Openid4vciError("Requesting credentials based on format is not supported on OpenID4VCI above draft 15. Provide the credential configuration id directly in the request.");
-	const credentialRequest = {
-		...options.formatPayload,
-		...options.additionalRequestPayload,
-		proof: options.proof,
-		proofs: options.proofs
-	};
-	return retrieveCredentials({
-		callbacks: options.callbacks,
-		credentialRequest,
-		issuerMetadata: options.issuerMetadata,
-		accessToken: options.accessToken,
-		dpop: options.dpop
-	});
-}
-/**
-* internal method
-*/
-async function retrieveCredentials(options) {
-	const credentialEndpoint = options.issuerMetadata.credentialIssuer.credential_endpoint;
-	let credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
-	if (credentialRequest.proofs) {
-		const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
-		if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`);
-		const proofs = Object.values(credentialRequest.proofs)[0];
-		if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`);
-	}
-	if (options.issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft11) credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestDraft14To11, credentialRequest, `Error transforming credential request from ${Openid4vciDraftVersion.Draft14} to ${Openid4vciDraftVersion.Draft11}`);
-	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
-		dpop: options.dpop,
-		accessToken: options.accessToken,
-		callbacks: options.callbacks,
-		url: credentialEndpoint,
-		requestOptions: {
-			method: "POST",
-			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
-			body: JSON.stringify(credentialRequest)
-		}
-	});
-	if (!resourceResponse.ok) {
-		const credentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-		return {
-			...resourceResponse,
-			credentialErrorResponseResult
-		};
-	}
-	const credentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-	if (!credentialResponseResult?.success) return {
-		...resourceResponse,
-		ok: false,
-		credentialResponseResult
-	};
-	return {
-		...resourceResponse,
-		credentialResponse: credentialResponseResult.data
-	};
-}
-async function retrieveDeferredCredentials(options) {
-	const credentialEndpoint = options.issuerMetadata.credentialIssuer.deferred_credential_endpoint;
-	if (!credentialEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support deferred credential retrieval.`);
-	const deferredCredentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, {
-		transaction_id: options.transactionId,
-		...options.additionalRequestPayload
-	}, "Error validating deferred credential request");
-	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
-		dpop: options.dpop,
-		accessToken: options.accessToken,
-		callbacks: options.callbacks,
-		url: credentialEndpoint,
-		requestOptions: {
-			method: "POST",
-			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
-			body: JSON.stringify(deferredCredentialRequest)
-		}
-	});
-	if (!resourceResponse.ok) {
-		const deferredCredentialErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zCredentialErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-		return {
-			...resourceResponse,
-			deferredCredentialErrorResponseResult
-		};
-	}
-	const deferredCredentialResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zDeferredCredentialResponse.refine((response) => response.credentials || response.transaction_id === options.transactionId, { error: `Transaction id in deferred credential response does not match transaction id in deferred credential request '${options.transactionId}'` }).safeParse(await resourceResponse.response.clone().json()) : void 0;
-	if (!deferredCredentialResponseResult?.success) return {
-		...resourceResponse,
-		ok: false,
-		deferredCredentialResponseResult
-	};
-	return {
-		...resourceResponse,
-		deferredCredentialResponse: deferredCredentialResponseResult.data
-	};
-}
-//#endregion
-//#region src/formats/proof-type/jwt/jwt-proof-type.ts
-async function createCredentialRequestJwtProof(options) {
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypeHeader, {
-		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
-		key_attestation: options.keyAttestationJwt,
-		typ: "openid4vci-proof+jwt"
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequestJwtProofTypePayload, {
-		nonce: options.nonce,
-		aud: options.credentialIssuer,
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		iss: options.clientId
-	});
-	const { jwt, signerJwk } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	if (options.keyAttestationJwt) {
-		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
-			jwk: signerJwk,
-			jwks: (0, __openid4vc_oauth2.decodeJwt)({
-				jwt: options.keyAttestationJwt,
-				headerSchema: zKeyAttestationJwtHeader,
-				payloadSchema: zKeyAttestationJwtPayload
-			}).payload.attested_keys,
-			callbacks: options.callbacks
-		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
-	}
-	return jwt;
-}
-async function verifyCredentialRequestJwtProof(options) {
-	const { header, payload } = (0, __openid4vc_oauth2.decodeJwt)({
-		jwt: options.jwt,
-		headerSchema: zCredentialRequestJwtProofTypeHeader,
-		payloadSchema: zCredentialRequestJwtProofTypePayload
-	});
-	const now = options.now?.getTime() ?? Date.now();
-	if (options.nonceExpiresAt && now > options.nonceExpiresAt.getTime()) throw new Openid4vciError("Nonce used for credential request proof expired");
-	const { signer } = await (0, __openid4vc_oauth2.verifyJwt)({
-		compact: options.jwt,
-		header,
-		payload,
-		signer: (0, __openid4vc_oauth2.jwtSignerFromJwt)({
-			header,
-			payload
-		}),
-		verifyJwtCallback: options.callbacks.verifyJwt,
-		errorMessage: "Error verifiying credential request proof jwt.",
-		expectedNonce: options.expectedNonce,
-		expectedAudience: options.credentialIssuer,
-		expectedIssuer: options.clientId,
-		now: options.now
-	});
-	let keyAttestationResult;
-	if (header.key_attestation) {
-		keyAttestationResult = await verifyKeyAttestationJwt({
-			callbacks: options.callbacks,
-			keyAttestationJwt: header.key_attestation,
-			use: "proof_type.jwt"
-		});
-		if (!await (0, __openid4vc_oauth2.isJwkInSet)({
-			jwk: signer.publicJwk,
-			jwks: keyAttestationResult.payload.attested_keys,
-			callbacks: options.callbacks
-		})) throw new Openid4vciError(`Credential request jwt proof is not signed with a key in the 'key_attestation' jwt payload 'attested_keys'`);
-	}
-	return {
-		header,
-		payload,
-		signer,
-		keyAttestation: keyAttestationResult
-	};
-}
-//#endregion
-//#region src/metadata/fetch-issuer-metadata.ts
-async function resolveIssuerMetadata(credentialIssuer, options) {
-	const allowAuthorizationMetadataFromCredentialIssuerMetadata = options?.allowAuthorizationMetadataFromCredentialIssuerMetadata ?? true;
-	const credentialIssuerMetadataWithDraftVersion = await fetchCredentialIssuerMetadata(credentialIssuer, {
-		callbacks: options?.callbacks,
-		now: options?.now
-	});
-	if (!credentialIssuerMetadataWithDraftVersion) throw new __openid4vc_oauth2.Oauth2Error(`Well known credential issuer metadata for issuer '${credentialIssuer}' not found.`);
-	const { credentialIssuerMetadata, originalDraftVersion, signed } = credentialIssuerMetadataWithDraftVersion;
-	const authorizationServers = credentialIssuerMetadata.authorization_servers ?? [credentialIssuer];
-	const authoriationServersMetadata = [];
-	for (const authorizationServer of authorizationServers) {
-		if (options?.restrictToAuthorizationServers && !options.restrictToAuthorizationServers.includes(authorizationServer)) continue;
-		let authorizationServerMetadata = await (0, __openid4vc_oauth2.fetchAuthorizationServerMetadata)(authorizationServer, options?.callbacks.fetch);
-		if (!authorizationServerMetadata && authorizationServer === credentialIssuer && allowAuthorizationMetadataFromCredentialIssuerMetadata) authorizationServerMetadata = (0, __openid4vc_utils.parseWithErrorHandling)(__openid4vc_oauth2.zAuthorizationServerMetadata, {
-			token_endpoint: credentialIssuerMetadata.token_endpoint,
-			issuer: credentialIssuer
-		}, `Well known authorization server metadata for authorization server '${authorizationServer}' not found, and could also not extract required values from the credential issuer metadata as a fallback.`);
-		if (!authorizationServerMetadata) throw new __openid4vc_oauth2.Oauth2Error(`Well known openid configuration or authorization server metadata for authorization server '${authorizationServer}' not found.`);
-		authoriationServersMetadata.push(authorizationServerMetadata);
-	}
-	return {
-		originalDraftVersion,
-		credentialIssuer: credentialIssuerMetadata,
-		signedCredentialIssuer: signed,
-		authorizationServers: authoriationServersMetadata,
-		knownCredentialConfigurations: extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported)
-	};
-}
-//#endregion
-//#region src/nonce/z-nonce.ts
-const zNonceResponse = zod.default.object({
-	c_nonce: zod.default.string(),
-	c_nonce_expires_in: zod.default.optional(__openid4vc_utils.zInteger)
-}).loose();
-//#endregion
-//#region src/nonce/nonce-request.ts
-/**
-* Request a nonce from the `nonce_endpoint`
-*
-* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
-* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
-* @throws ValidationError - if validating the nonce response failed
-*/
-async function requestNonce(options) {
-	const fetchWithZod = (0, __openid4vc_utils.createZodFetcher)(options?.fetch);
-	const nonceEndpoint = options.issuerMetadata.credentialIssuer.nonce_endpoint;
-	if (!nonceEndpoint) throw new Openid4vciError(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a nonce endpoint.`);
-	const { response, result } = await fetchWithZod(zNonceResponse, __openid4vc_utils.ContentType.Json, nonceEndpoint, { method: "POST" });
-	if (!response.ok || !result) throw new __openid4vc_oauth2.InvalidFetchResponseError(`Requesting nonce from '${nonceEndpoint}' resulted in an unsuccessful response with status '${response.status}'`, await response.clone().text(), response);
-	if (!result.success) throw new __openid4vc_utils.ValidationError("Error parsing nonce response", result.error);
-	return result.data;
-}
-function createNonceResponse(options) {
-	return (0, __openid4vc_utils.parseWithErrorHandling)(zNonceResponse, {
-		c_nonce: options.cNonce,
-		c_nonce_expires_in: options.cNonceExpiresIn,
-		...options.additionalPayload
-	});
-}
-//#endregion
-//#region src/notification/z-notification.ts
-const zNotificationEvent = zod.default.enum([
-	"credential_accepted",
-	"credential_failure",
-	"credential_deleted"
-]);
-const zNotificationRequest = zod.default.object({
-	notification_id: zod.default.string(),
-	event: zNotificationEvent,
-	event_description: zod.default.optional(zod.default.string())
-}).loose();
-const zNotificationErrorResponse = zod.default.object({ error: zod.default.enum(["invalid_notification_id", "invalid_notification_request"]) }).loose();
-//#endregion
-//#region src/notification/notification.ts
-async function sendNotification(options) {
-	const notificationEndpoint = options.issuerMetadata.credentialIssuer.notification_endpoint;
-	if (!notificationEndpoint) throw new __openid4vc_oauth2.Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not have a notification endpiont configured.`);
-	const notificationRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zNotificationRequest, {
-		event: options.notification.event,
-		notification_id: options.notification.notificationId,
-		event_description: options.notification.eventDescription
-	}, "Error validating notification request");
-	const resourceResponse = await (0, __openid4vc_oauth2.resourceRequest)({
-		dpop: options.dpop,
-		accessToken: options.accessToken,
-		callbacks: options.callbacks,
-		url: notificationEndpoint,
-		requestOptions: {
-			method: "POST",
-			headers: { "Content-Type": __openid4vc_utils.ContentType.Json },
-			body: JSON.stringify(notificationRequest)
-		}
-	});
-	if (!resourceResponse.ok) {
-		const notificationErrorResponseResult = (0, __openid4vc_utils.isResponseContentType)(__openid4vc_utils.ContentType.Json, resourceResponse.response) ? zNotificationErrorResponse.safeParse(await resourceResponse.response.clone().json()) : void 0;
-		return {
-			...resourceResponse,
-			notificationErrorResponseResult
-		};
-	}
-	return resourceResponse;
-}
-//#endregion
-//#region src/Openid4vciClient.ts
-let AuthorizationFlow = /* @__PURE__ */ function(AuthorizationFlow$1) {
-	AuthorizationFlow$1["Oauth2Redirect"] = "Oauth2Redirect";
-	AuthorizationFlow$1["PresentationDuringIssuance"] = "PresentationDuringIssuance";
-	return AuthorizationFlow$1;
-}({});
-var Openid4vciClient = class {
-	constructor(options) {
-		this.options = options;
-		this.oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
-	}
-	/**
-	* Resolve a credential offer into a credential offer object, handling both
-	* 'credential_offer' and 'credential_offer_uri' params.
-	*/
-	async resolveCredentialOffer(credentialOffer) {
-		return resolveCredentialOffer(credentialOffer, { fetch: this.options.callbacks.fetch });
-	}
-	async resolveIssuerMetadata(credentialIssuer) {
-		return resolveIssuerMetadata(credentialIssuer, { callbacks: this.options.callbacks });
-	}
-	/**
-	* Retrieve an authorization code for a presentation during issuance session
-	*
-	* This can only be called if an authorization challenge was performed before and returned a
-	* `presentation` parameter along with an `auth_session`. If the presentation response included
-	* an `presentation_during_issuance_session` parameter it MUST be included in this request as well.
-	*/
-	async retrieveAuthorizationCodeUsingPresentation(options) {
-		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
-		const authorizationServer = determineAuthorizationServerForCredentialOffer({
-			issuerMetadata: options.issuerMetadata,
-			grantAuthorizationServer: authorizationCodeGrant.authorization_server
-		});
-		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
-		const { authorizationChallengeResponse, dpop } = await new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks }).sendAuthorizationChallengeRequest({
-			authorizationServerMetadata,
-			authSession: options.authSession,
-			presentationDuringIssuanceSession: options.presentationDuringIssuanceSession,
-			dpop: options.dpop
-		});
-		return {
-			authorizationChallengeResponse,
-			dpop
-		};
-	}
-	/**
-	* Initiates authorization for credential issuance. It handles the following cases:
-	* - Authorization Challenge
-	* - Pushed Authorization Request
-	* - Regular Authorization url
-	*
-	* In case the authorization challenge request returns an error with `insufficient_authorization`
-	* with a `presentation` field it means the authorization server expects presentation of credentials
-	* before issuance of credentials. If this is the case, the value in `presentation` should be treated
-	* as an openid4vp authorization request and submitted to the verifier. Once the presentation response
-	* has been submitted, the RP will respond with a `presentation_during_issuance_session` parameter.
-	* Together with the `auth_session` parameter returned in this call you can retrieve an `authorization_code`
-	* using
-	*/
-	async initiateAuthorization(options) {
-		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
-		const authorizationServer = determineAuthorizationServerForCredentialOffer({
-			issuerMetadata: options.issuerMetadata,
-			grantAuthorizationServer: authorizationCodeGrant.authorization_server
-		});
-		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
-		const oauth2Client = new __openid4vc_oauth2.Oauth2Client({ callbacks: this.options.callbacks });
-		try {
-			return {
-				...await oauth2Client.initiateAuthorization({
-					clientId: options.clientId,
-					pkceCodeVerifier: options.pkceCodeVerifier,
-					redirectUri: options.redirectUri,
-					scope: options.scope,
-					additionalRequestPayload: {
-						...options.additionalRequestPayload,
-						issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-					},
-					dpop: options.dpop,
-					resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-					authorizationServerMetadata
-				}),
-				authorizationFlow: AuthorizationFlow.Oauth2Redirect,
-				authorizationServer: authorizationServerMetadata.issuer
-			};
-		} catch (error) {
-			if (error instanceof __openid4vc_oauth2.Oauth2ClientAuthorizationChallengeError && error.errorResponse.error === __openid4vc_oauth2.Oauth2ErrorCodes.InsufficientAuthorization && error.errorResponse.presentation) {
-				if (!error.errorResponse.auth_session) throw new Openid4vciError(`Expected 'auth_session' to be defined with authorization challenge response error '${error.errorResponse.error}' and 'presentation' parameter`);
-				return {
-					authorizationFlow: AuthorizationFlow.PresentationDuringIssuance,
-					openid4vpRequestUrl: error.errorResponse.presentation,
-					authSession: error.errorResponse.auth_session,
-					authorizationServer: authorizationServerMetadata.issuer
-				};
-			}
-			throw error;
-		}
-	}
-	/**
-	* Convenience method around {@link Oauth2Client.createAuthorizationRequestUrl}
-	* but specifically focused on a credential offer
-	*/
-	async createAuthorizationRequestUrlFromOffer(options) {
-		if (!options.credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`Provided credential offer does not include the 'authorization_code' grant.`);
-		const authorizationCodeGrant = options.credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier];
-		const authorizationServer = determineAuthorizationServerForCredentialOffer({
-			issuerMetadata: options.issuerMetadata,
-			grantAuthorizationServer: authorizationCodeGrant.authorization_server
-		});
-		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(options.issuerMetadata.authorizationServers, authorizationServer);
-		const { authorizationRequestUrl, pkce, dpop } = await this.oauth2Client.createAuthorizationRequestUrl({
-			authorizationServerMetadata,
-			clientId: options.clientId,
-			additionalRequestPayload: {
-				...options.additionalRequestPayload,
-				issuer_state: options.credentialOffer?.grants?.authorization_code?.issuer_state
-			},
-			resource: options.issuerMetadata.credentialIssuer.credential_issuer,
-			redirectUri: options.redirectUri,
-			scope: options.scope,
-			pkceCodeVerifier: options.pkceCodeVerifier,
-			dpop: options.dpop
-		});
-		return {
-			authorizationRequestUrl,
-			pkce,
-			dpop,
-			authorizationServer: authorizationServerMetadata.issuer
-		};
-	}
-	/**
-	* Convenience method around {@link Oauth2Client.retrievePreAuthorizedCodeAccessToken}
-	* but specifically focused on a credential offer
-	*/
-	async retrievePreAuthorizedCodeAccessTokenFromOffer({ credentialOffer, issuerMetadata, additionalRequestPayload, txCode, dpop }) {
-		if (!credentialOffer.grants?.[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier}' grant.`);
-		if (credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].tx_code && !txCode) throw new __openid4vc_oauth2.Oauth2Error(`Retrieving access token requires a 'tx_code' in the request, but the 'txCode' parameter was not provided.`);
-		const preAuthorizedCode = credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier]["pre-authorized_code"];
-		const authorizationServer = determineAuthorizationServerForCredentialOffer({
-			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.preAuthorizedCodeGrantIdentifier].authorization_server,
-			issuerMetadata
-		});
-		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
-		return {
-			...await this.oauth2Client.retrievePreAuthorizedCodeAccessToken({
-				authorizationServerMetadata,
-				preAuthorizedCode,
-				txCode,
-				resource: issuerMetadata.credentialIssuer.credential_issuer,
-				additionalRequestPayload,
-				dpop
-			}),
-			authorizationServer
-		};
-	}
-	/**
-	* Convenience method around {@link Oauth2Client.retrieveAuthorizationCodeAccessTokenFrom}
-	* but specifically focused on a credential offer
-	*/
-	async retrieveAuthorizationCodeAccessTokenFromOffer({ issuerMetadata, additionalRequestPayload, credentialOffer, authorizationCode, pkceCodeVerifier, redirectUri, dpop }) {
-		if (!credentialOffer.grants?.[__openid4vc_oauth2.authorizationCodeGrantIdentifier]) throw new __openid4vc_oauth2.Oauth2Error(`The credential offer does not contain the '${__openid4vc_oauth2.authorizationCodeGrantIdentifier}' grant.`);
-		const authorizationServer = determineAuthorizationServerForCredentialOffer({
-			grantAuthorizationServer: credentialOffer.grants[__openid4vc_oauth2.authorizationCodeGrantIdentifier].authorization_server,
-			issuerMetadata
-		});
-		const authorizationServerMetadata = (0, __openid4vc_oauth2.getAuthorizationServerMetadataFromList)(issuerMetadata.authorizationServers, authorizationServer);
-		return {
-			...await this.oauth2Client.retrieveAuthorizationCodeAccessToken({
-				authorizationServerMetadata,
-				authorizationCode,
-				pkceCodeVerifier,
-				additionalRequestPayload,
-				dpop,
-				redirectUri,
-				resource: issuerMetadata.credentialIssuer.credential_issuer
-			}),
-			authorizationServer
-		};
-	}
-	/**
-	* Request a nonce to be used in credential request proofs from the `nonce_endpoint`
-	*
-	* @throws Openid4vciError - if no `nonce_endpoint` is configured in the issuer metadata
-	* @throws InvalidFetchResponseError - if the nonce endpoint did not return a successful response
-	* @throws ValidationError - if validating the nonce response failed
-	*/
-	async requestNonce(options) {
-		return requestNonce({
-			...options,
-			fetch: this.options.callbacks.fetch
-		});
-	}
-	/**
-	* Creates the jwt proof payload and header to be included in a credential request.
-	*/
-	async createCredentialRequestJwtProof(options) {
-		const credentialConfiguration = options.issuerMetadata.credentialIssuer.credential_configurations_supported[options.credentialConfigurationId];
-		if (!credentialConfiguration) throw new Openid4vciError(`Credential configuration with '${options.credentialConfigurationId}' not found in 'credential_configurations_supported' from credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}'`);
-		if (credentialConfiguration.proof_types_supported) {
-			if (!credentialConfiguration.proof_types_supported.jwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the 'jwt' proof type.`);
-			if (!credentialConfiguration.proof_types_supported.jwt.proof_signing_alg_values_supported.includes(options.signer.alg)) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' does not support the '${options.signer.alg}' alg for 'jwt' proof type.`);
-			if (credentialConfiguration.proof_types_supported.jwt.key_attestations_required && !options.keyAttestationJwt) throw new Openid4vciError(`Credential configuration with id '${options.credentialConfigurationId}' requires key attestations for 'jwt' proof type but no 'keyAttestationJwt' was provided`);
-		}
-		return { jwt: await createCredentialRequestJwtProof({
-			credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-			signer: options.signer,
-			clientId: options.clientId,
-			issuedAt: options.issuedAt,
-			nonce: options.nonce,
-			keyAttestationJwt: options.keyAttestationJwt,
-			callbacks: this.options.callbacks
-		}) };
-	}
-	/**
-	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-	* @throws ValidationError - if validation of the credential request failed
-	* @throws Openid4vciError - if the `credentialConfigurationId` couldn't be found, or if the the format specific request couldn't be constructed
-	*/
-	async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
-		let credentialResponse;
-		if (issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciDraftVersion.V1) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
-			accessToken,
-			credentialConfigurationId,
-			issuerMetadata,
-			additionalRequestPayload,
-			proof,
-			proofs,
-			callbacks: this.options.callbacks,
-			dpop
-		});
-		else credentialResponse = await retrieveCredentialsWithFormat({
-			accessToken,
-			formatPayload: getCredentialRequestFormatPayloadForCredentialConfigurationId({
-				credentialConfigurationId,
-				issuerMetadata
-			}),
-			issuerMetadata,
-			additionalRequestPayload,
-			proof,
-			proofs,
-			callbacks: this.options.callbacks,
-			dpop
-		});
-		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving credentials from '${issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
-		return credentialResponse;
-	}
-	/**
-	* @throws Openid4vciRetrieveCredentialsError - if an unsuccessful response or the response couldn't be parsed as credential response
-	* @throws ValidationError - if validation of the credential request failed
-	*/
-	async retrieveDeferredCredentials(options) {
-		const credentialResponse = await retrieveDeferredCredentials({
-			...options,
-			callbacks: this.options.callbacks
-		});
-		if (!credentialResponse.ok) throw new Openid4vciRetrieveCredentialsError(`Error retrieving deferred credentials from '${options.issuerMetadata.credentialIssuer.credential_issuer}'`, credentialResponse, await credentialResponse.response.clone().text());
-		return credentialResponse;
-	}
-	/**
-	* @throws Openid4vciSendNotificationError - if an unsuccessful response
-	* @throws ValidationError - if validation of the notification request failed
-	*/
-	async sendNotification({ issuerMetadata, notification, additionalRequestPayload, accessToken, dpop }) {
-		const notificationResponse = await sendNotification({
-			accessToken,
-			issuerMetadata,
-			additionalRequestPayload,
-			callbacks: this.options.callbacks,
-			dpop,
-			notification
-		});
-		if (!notificationResponse.ok) throw new Openid4vciSendNotificationError(`Error sending notification to '${issuerMetadata.credentialIssuer.credential_issuer}'`, notificationResponse);
-		return notificationResponse;
-	}
-};
-//#endregion
-//#region src/credential-request/credential-response.ts
-function createCredentialResponse(options) {
-	return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialResponse, {
-		c_nonce: options.cNonce,
-		c_nonce_expires_in: options.cNonceExpiresInSeconds,
-		credential: options.credential,
-		credentials: options.credentials,
-		notification_id: options.notificationId,
-		transaction_id: options.transactionId,
-		interval: options.interval,
-		format: options.credentialRequest.format?.format,
-		...options.additionalPayload
-	});
-}
-function createDeferredCredentialResponse(options) {
-	return (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialResponse, {
-		credentials: options.credentials,
-		notification_id: options.notificationId,
-		transaction_id: options.transactionId,
-		interval: options.interval,
-		...options.additionalPayload
-	});
-}
-//#endregion
-//#region src/credential-request/parse-credential-request.ts
-function parseCredentialRequest(options) {
-	const credentialRequest = (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialRequest, options.credentialRequest, "Error validating credential request");
-	let proofs;
-	const knownProofs = zCredentialRequestProofs.strict().safeParse(credentialRequest.proofs);
-	if (knownProofs.success) proofs = knownProofs.data;
-	const knownProof = zod.default.union(allCredentialRequestProofs).safeParse(credentialRequest.proof);
-	if (knownProof.success && knownProof.data.proof_type === jwtProofTypeIdentifier) proofs = { [jwtProofTypeIdentifier]: [knownProof.data.jwt] };
-	else if (knownProof.success && knownProof.data.proof_type === attestationProofTypeIdentifier) proofs = { [attestationProofTypeIdentifier]: [knownProof.data.attestation] };
-	if (credentialRequest.credential_configuration_id) {
-		getKnownCredentialConfigurationSupportedById(options.issuerMetadata, credentialRequest.credential_configuration_id);
-		return {
-			credentialConfiguration: options.issuerMetadata.knownCredentialConfigurations[credentialRequest.credential_configuration_id],
-			credentialConfigurationId: credentialRequest.credential_configuration_id,
-			credentialRequest,
-			proofs
-		};
-	}
-	if (credentialRequest.credential_identifier) return {
-		credentialIdentifier: credentialRequest.credential_identifier,
-		credentialRequest,
-		proofs
-	};
-	if (credentialRequest.format && allCredentialRequestFormatIdentifiers.includes(credentialRequest.format)) return {
-		format: (0, __openid4vc_utils.parseWithErrorHandling)(zod.default.union(allCredentialRequestFormats), credentialRequest, "Unable to validate format specific properties from credential request"),
-		credentialRequest,
-		proofs
-	};
-	return {
-		credentialRequest,
-		proofs
-	};
-}
-//#endregion
-//#region src/credential-request/parse-deferred-credential-request.ts
-function parseDeferredCredentialRequest(options) {
-	return { deferredCredentialRequest: (0, __openid4vc_utils.parseWithErrorHandling)(zDeferredCredentialRequest, options.deferredCredentialRequest, "Error validating credential request") };
-}
-//#endregion
-//#region src/formats/proof-type/attestation/attestation-proof-type.ts
-async function verifyCredentialRequestAttestationProof(options) {
-	return await verifyKeyAttestationJwt({
-		...options,
-		use: "proof_type.attestation"
-	});
-}
-//#endregion
-//#region src/metadata/credential-issuer/signed-credential-issuer-metadata.ts
-async function createSignedCredentialIssuerMetadataJwt(options) {
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zSignedCredentialIssuerMetadataHeader, {
-		...(0, __openid4vc_oauth2.jwtHeaderFromJwtSigner)(options.signer),
-		typ: "openidvci-issuer-metadata+jwt"
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zSignedCredentialIssuerMetadataPayload, {
-		...options.credentialIssuerMetadata,
-		sub: options.credentialIssuerMetadata.credential_issuer,
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		exp: options.expiresAt ? (0, __openid4vc_utils.dateToSeconds)(options.expiresAt) : void 0,
-		iss: options.issuer,
-		...options.additionalPayload
-	});
-	const { jwt } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	return jwt;
-}
-//#endregion
-//#region src/Openid4vciIssuer.ts
-var Openid4vciIssuer = class {
-	constructor(options) {
-		this.options = options;
-	}
-	getCredentialIssuerMetadataDraft11(credentialIssuerMetadata) {
-		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadataWithDraft11, credentialIssuerMetadata);
-	}
-	getKnownCredentialConfigurationsSupported(credentialIssuerMetadata) {
-		return extractKnownCredentialConfigurationSupportedFormats(credentialIssuerMetadata.credential_configurations_supported);
-	}
-	/**
-	* Create issuer metadata and validates the structure is correct
-	*/
-	createCredentialIssuerMetadata(credentialIssuerMetadata) {
-		return (0, __openid4vc_utils.parseWithErrorHandling)(zCredentialIssuerMetadata, credentialIssuerMetadata, "Error validating credential issuer metadata");
-	}
-	/**
-	* Validates credential issuer metadata structure is correct and creates signed credential issuer metadata JWT
-	*/
-	createSignedCredentialIssuerMetadataJwt(options) {
-		return createSignedCredentialIssuerMetadataJwt({
-			callbacks: this.options.callbacks,
-			...options
-		});
-	}
-	async createCredentialOffer(options) {
-		return createCredentialOffer({
-			callbacks: this.options.callbacks,
-			credentialConfigurationIds: options.credentialConfigurationIds,
-			grants: options.grants,
-			issuerMetadata: options.issuerMetadata,
-			additionalPayload: options.additionalPayload,
-			credentialOfferScheme: options.credentialOfferScheme,
-			credentialOfferUri: options.credentialOfferUri
-		});
-	}
-	/**
-	* @throws Oauth2ServerErrorResponseError - if verification of the jwt failed. You can extract
-	*  the credential error response from this.
-	*/
-	async verifyCredentialRequestJwtProof(options) {
-		try {
-			return await verifyCredentialRequestJwtProof({
-				callbacks: this.options.callbacks,
-				credentialIssuer: options.issuerMetadata.credentialIssuer.credential_issuer,
-				expectedNonce: options.expectedNonce,
-				nonceExpiresAt: options.nonceExpiresAt,
-				jwt: options.jwt,
-				clientId: options.clientId,
-				now: options.now
-			});
-		} catch (error) {
-			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
-				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-			}, {
-				internalMessage: "Error verifying credential request proof jwt",
-				cause: error
-			});
-		}
-	}
-	/**
-	* @throws Oauth2ServerErrorResponseError - if verification of the key attestation failed. You can extract
-	*  the credential error response from this.
-	*/
-	async verifyCredentialRequestAttestationProof(options) {
-		try {
-			return await verifyCredentialRequestAttestationProof({
-				callbacks: this.options.callbacks,
-				expectedNonce: options.expectedNonce,
-				keyAttestationJwt: options.keyAttestationJwt,
-				nonceExpiresAt: options.nonceExpiresAt,
-				now: options.now
-			});
-		} catch (error) {
-			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidProof,
-				error_description: error instanceof __openid4vc_oauth2.Oauth2JwtVerificationError || error instanceof Openid4vciError ? error.message : "Invalid proof"
-			}, {
-				internalMessage: "Error verifying credential request proof attestation",
-				cause: error
-			});
-		}
-	}
-	/**
-	* @throws Oauth2ServerErrorResponseError - when validation of the credential request fails
-	*  You can extract the credential error response from this.
-	*/
-	parseCredentialRequest(options) {
-		try {
-			return parseCredentialRequest(options);
-		} catch (error) {
-			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
-				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
-			}, {
-				internalMessage: "Error verifying credential request proof jwt",
-				cause: error
-			});
-		}
-	}
-	/**
-	* @throws Oauth2ServerErrorResponseError - when validation of the deferred credential request fails
-	*/
-	parseDeferredCredentialRequest(options) {
-		try {
-			return parseDeferredCredentialRequest(options);
-		} catch (error) {
-			throw new __openid4vc_oauth2.Oauth2ServerErrorResponseError({
-				error: __openid4vc_oauth2.Oauth2ErrorCodes.InvalidCredentialRequest,
-				error_description: error instanceof __openid4vc_utils.ValidationError ? error.message : "Invalid request"
-			}, {
-				internalMessage: "Error parsing deferred credential request",
-				cause: error
-			});
-		}
-	}
-	/**
-	* @throws ValidationError - when validation of the credential response fails
-	*/
-	createCredentialResponse(options) {
-		return createCredentialResponse(options);
-	}
-	/**
-	* @throws ValidationError - when validation of the credential response fails
-	*/
-	createDeferredCredentialResponse(options) {
-		return createDeferredCredentialResponse(options);
-	}
-	/**
-	* @throws ValidationError - when validation of the nonce response fails
-	*/
-	createNonceResponse(options) {
-		return createNonceResponse(options);
-	}
-	async verifyWalletAttestation(options) {
-		return new __openid4vc_oauth2.Oauth2AuthorizationServer({ callbacks: this.options.callbacks }).verifyClientAttestation(options);
-	}
-};
-//#endregion
-//#region src/Openid4vciWalletProvider.ts
-var Openid4vciWalletProvider = class {
-	constructor(options) {
-		this.options = options;
-	}
-	async createWalletAttestationJwt(options) {
-		const additionalPayload = options.additionalPayload ? {
-			wallet_name: options.walletName,
-			wallet_link: options.walletLink,
-			...options.additionalPayload
-		} : {
-			wallet_name: options.walletName,
-			wallet_link: options.walletLink
-		};
-		return await (0, __openid4vc_oauth2.createClientAttestationJwt)({
-			...options,
-			callbacks: this.options.callbacks,
-			additionalPayload
-		});
-	}
-	async createKeyAttestationJwt(options) {
-		return await createKeyAttestationJwt({
-			callbacks: this.options.callbacks,
-			...options
-		});
-	}
-};
-//#endregion
-exports.AuthorizationFlow = AuthorizationFlow;
-exports.Openid4vciClient = Openid4vciClient;
-exports.Openid4vciDraftVersion = Openid4vciDraftVersion;
-exports.Openid4vciError = Openid4vciError;
-exports.Openid4vciIssuer = Openid4vciIssuer;
-exports.Openid4vciRetrieveCredentialsError = Openid4vciRetrieveCredentialsError;
-exports.Openid4vciSendNotificationError = Openid4vciSendNotificationError;
-exports.Openid4vciWalletProvider = Openid4vciWalletProvider;
-exports.createKeyAttestationJwt = createKeyAttestationJwt;
-exports.credentialsSupportedToCredentialConfigurationsSupported = credentialsSupportedToCredentialConfigurationsSupported;
-exports.determineAuthorizationServerForCredentialOffer = determineAuthorizationServerForCredentialOffer;
-exports.extractScopesForCredentialConfigurationIds = extractScopesForCredentialConfigurationIds;
-exports.getCredentialConfigurationsMatchingRequestFormat = getCredentialConfigurationsMatchingRequestFormat;
-Object.defineProperty(exports, 'getGlobalConfig', {
-  enumerable: true,
-  get: function () {
-    return __openid4vc_utils.getGlobalConfig;
-  }
-});
-exports.parseKeyAttestationJwt = parseKeyAttestationJwt;
-Object.defineProperty(exports, 'setGlobalConfig', {
-  enumerable: true,
-  get: function () {
-    return __openid4vc_utils.setGlobalConfig;
-  }
-});
-exports.verifyKeyAttestationJwt = verifyKeyAttestationJwt;
-//# sourceMappingURL=index.cjs.map