@openid4vc/openid4vci 0.4.3-alpha-20251210081011 → 0.4.3-alpha-20251210143838
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +49 -9
- package/dist/index.mjs +77 -26
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -6,12 +6,16 @@ import z from "zod";
|
|
|
6
6
|
import * as zod_v4_core0 from "zod/v4/core";
|
|
7
7
|
|
|
8
8
|
//#region src/version.d.ts
|
|
9
|
-
declare enum
|
|
9
|
+
declare enum Openid4vciVersion {
|
|
10
10
|
V1 = "V1",
|
|
11
11
|
Draft15 = "Draft15",
|
|
12
12
|
Draft14 = "Draft14",
|
|
13
13
|
Draft11 = "Draft11",
|
|
14
14
|
}
|
|
15
|
+
/**
|
|
16
|
+
* @deprecated use `OpenId4vciVersion` instead
|
|
17
|
+
*/
|
|
18
|
+
declare const Openid4vciDraftVersion: typeof Openid4vciVersion;
|
|
15
19
|
//#endregion
|
|
16
20
|
//#region src/metadata/credential-issuer/z-claims-description.d.ts
|
|
17
21
|
declare const zCredentialConfigurationSupportedClaimsDescriptionDraft14: z.ZodObject<{
|
|
@@ -159,7 +163,7 @@ declare const allCredentialIssuerMetadataFormats: readonly [z.ZodObject<{
|
|
|
159
163
|
name: z.ZodOptional<z.ZodString>;
|
|
160
164
|
locale: z.ZodOptional<z.ZodString>;
|
|
161
165
|
}, z.core.$loose>>>;
|
|
162
|
-
path: z.ZodTuple<[z.ZodString, z.ZodString], z.ZodString
|
|
166
|
+
path: z.ZodTuple<[z.ZodString, z.ZodString], z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodNull]>>;
|
|
163
167
|
}, z.core.$loose>>>;
|
|
164
168
|
}, z.core.$loose>>;
|
|
165
169
|
}, z.core.$loose>, z.ZodObject<{
|
|
@@ -549,7 +553,7 @@ declare const allCredentialIssuerMetadataFormats: readonly [z.ZodObject<{
|
|
|
549
553
|
name: z.ZodOptional<z.ZodString>;
|
|
550
554
|
locale: z.ZodOptional<z.ZodString>;
|
|
551
555
|
}, z.core.$loose>>>;
|
|
552
|
-
path: z.ZodTuple<[z.ZodString, z.ZodString], z.ZodString
|
|
556
|
+
path: z.ZodTuple<[z.ZodString, z.ZodString], z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodNull]>>;
|
|
553
557
|
}, z.core.$loose>>>;
|
|
554
558
|
}, z.core.$loose>, z.ZodObject<{
|
|
555
559
|
scope: z.ZodOptional<z.ZodString>;
|
|
@@ -1195,7 +1199,16 @@ declare const zCredentialConfigurationSupportedDraft11ToV1: z.ZodPipe<z.ZodPipe<
|
|
|
1195
1199
|
url: z.ZodOptional<z.ZodUnion<[z.ZodURL, z.ZodString]>>;
|
|
1196
1200
|
}, z.core.$loose>>;
|
|
1197
1201
|
}, z.core.$loose>>>;
|
|
1198
|
-
claims: z.ZodOptional<z.ZodAny
|
|
1202
|
+
claims: z.ZodOptional<z.ZodPipe<z.ZodAny, z.ZodTransform<{
|
|
1203
|
+
[x: string]: unknown;
|
|
1204
|
+
path: [string | number | null, ...(string | number | null)[]];
|
|
1205
|
+
mandatory?: boolean | undefined;
|
|
1206
|
+
display?: {
|
|
1207
|
+
[x: string]: unknown;
|
|
1208
|
+
name?: string | undefined;
|
|
1209
|
+
locale?: string | undefined;
|
|
1210
|
+
}[] | undefined;
|
|
1211
|
+
}[] | undefined, any>>>;
|
|
1199
1212
|
}, z.core.$loose>, z.ZodTransform<{
|
|
1200
1213
|
credential_metadata?: {
|
|
1201
1214
|
display?: {
|
|
@@ -1206,7 +1219,16 @@ declare const zCredentialConfigurationSupportedDraft11ToV1: z.ZodPipe<z.ZodPipe<
|
|
|
1206
1219
|
uri: string;
|
|
1207
1220
|
} | undefined;
|
|
1208
1221
|
}[] | undefined;
|
|
1209
|
-
claims?:
|
|
1222
|
+
claims?: {
|
|
1223
|
+
[x: string]: unknown;
|
|
1224
|
+
path: [string | number | null, ...(string | number | null)[]];
|
|
1225
|
+
mandatory?: boolean | undefined;
|
|
1226
|
+
display?: {
|
|
1227
|
+
[x: string]: unknown;
|
|
1228
|
+
name?: string | undefined;
|
|
1229
|
+
locale?: string | undefined;
|
|
1230
|
+
}[] | undefined;
|
|
1231
|
+
}[] | undefined;
|
|
1210
1232
|
} | undefined;
|
|
1211
1233
|
credential_signing_alg_values_supported?: string[] | (-19 | -53 | -8 | -9 | -51 | -52 | -47 | -7 | -35 | -36 | -257 | -258 | -259 | -37 | -38 | -39)[] | undefined;
|
|
1212
1234
|
format: string;
|
|
@@ -1226,7 +1248,16 @@ declare const zCredentialConfigurationSupportedDraft11ToV1: z.ZodPipe<z.ZodPipe<
|
|
|
1226
1248
|
url?: string | undefined;
|
|
1227
1249
|
} | undefined;
|
|
1228
1250
|
}[] | undefined;
|
|
1229
|
-
claims?:
|
|
1251
|
+
claims?: {
|
|
1252
|
+
[x: string]: unknown;
|
|
1253
|
+
path: [string | number | null, ...(string | number | null)[]];
|
|
1254
|
+
mandatory?: boolean | undefined;
|
|
1255
|
+
display?: {
|
|
1256
|
+
[x: string]: unknown;
|
|
1257
|
+
name?: string | undefined;
|
|
1258
|
+
locale?: string | undefined;
|
|
1259
|
+
}[] | undefined;
|
|
1260
|
+
}[] | undefined;
|
|
1230
1261
|
}>>, z.ZodTransform<unknown, {
|
|
1231
1262
|
credential_metadata?: {
|
|
1232
1263
|
display?: {
|
|
@@ -1237,7 +1268,16 @@ declare const zCredentialConfigurationSupportedDraft11ToV1: z.ZodPipe<z.ZodPipe<
|
|
|
1237
1268
|
uri: string;
|
|
1238
1269
|
} | undefined;
|
|
1239
1270
|
}[] | undefined;
|
|
1240
|
-
claims?:
|
|
1271
|
+
claims?: {
|
|
1272
|
+
[x: string]: unknown;
|
|
1273
|
+
path: [string | number | null, ...(string | number | null)[]];
|
|
1274
|
+
mandatory?: boolean | undefined;
|
|
1275
|
+
display?: {
|
|
1276
|
+
[x: string]: unknown;
|
|
1277
|
+
name?: string | undefined;
|
|
1278
|
+
locale?: string | undefined;
|
|
1279
|
+
}[] | undefined;
|
|
1280
|
+
}[] | undefined;
|
|
1241
1281
|
} | undefined;
|
|
1242
1282
|
credential_signing_alg_values_supported?: string[] | (-19 | -53 | -8 | -9 | -51 | -52 | -47 | -7 | -35 | -36 | -257 | -258 | -259 | -37 | -38 | -39)[] | undefined;
|
|
1243
1283
|
format: string;
|
|
@@ -1569,7 +1609,7 @@ interface CredentialIssuerMetadataSigned {
|
|
|
1569
1609
|
//#endregion
|
|
1570
1610
|
//#region src/metadata/fetch-issuer-metadata.d.ts
|
|
1571
1611
|
interface IssuerMetadataResult {
|
|
1572
|
-
originalDraftVersion:
|
|
1612
|
+
originalDraftVersion: Openid4vciVersion;
|
|
1573
1613
|
credentialIssuer: CredentialIssuerMetadata;
|
|
1574
1614
|
/**
|
|
1575
1615
|
* Metadata about the signed credential issuer metadata,
|
|
@@ -4400,5 +4440,5 @@ declare class Openid4vciWalletProvider {
|
|
|
4400
4440
|
createKeyAttestationJwt(options: Omit<CreateKeyAttestationJwtOptions, 'callbacks'>): Promise<string>;
|
|
4401
4441
|
}
|
|
4402
4442
|
//#endregion
|
|
4403
|
-
export { AuthorizationFlow, type CreateKeyAttestationJwtOptions, type CredentialConfigurationSupported, type CredentialConfigurationSupportedWithFormats, type CredentialConfigurationsSupported, type CredentialConfigurationsSupportedWithFormats, type CredentialErrorResponse, type CredentialFormatIdentifier, type CredentialIssuerMetadata, type CredentialIssuerMetadataDisplayEntry, type CredentialOfferAuthorizationCodeGrant, type CredentialOfferGrants, type CredentialOfferObject, type CredentialOfferPreAuthorizedCodeGrant, type CredentialOfferPreAuthorizedCodeGrantTxCode, type CredentialRequest, type CredentialRequestFormatSpecific, type CredentialRequestJwtProofTypeHeader, type CredentialRequestJwtProofTypePayload, type CredentialRequestWithFormats, type CredentialResponse, type DeferredCredentialRequest, type DeferredCredentialResponse, type ExtractScopesForCredentialConfigurationIdsOptions, type GetCredentialConfigurationsMatchingRequestFormatOptions, type IssuerMetadataResult, type JwtProofTypeIdentifier, type JwtVcJsonFormatIdentifier, type JwtVcJsonLdFormatIdentifier, type LdpVcFormatIdentifier, type LegacySdJwtVcFormatIdentifier, type MsoMdocFormatIdentifier, type NonceResponse, type NotificationErrorResponse, type NotificationEvent, type Oid4vcTsConfig, Openid4vciClient, type Openid4vciClientOptions, Openid4vciDraftVersion, Openid4vciError, type Openid4vciErrorOptions, Openid4vciIssuer, type Openid4vciIssuerOptions, Openid4vciRetrieveCredentialsError, Openid4vciSendNotificationError, Openid4vciWalletProvider, type Openid4vciWalletProviderOptions, type ParseCredentialRequestReturn, type ParseKeyAttestationJwtOptions, type ProofTypeIdentifier, type RetrieveCredentialsResponseNotOk, type RetrieveCredentialsResponseOk, type SendNotificationResponseNotOk, type SendNotificationResponseOk, type VerifyKeyAttestationJwtOptions, type VerifyKeyAttestationJwtReturn, createKeyAttestationJwt, credentialsSupportedToCredentialConfigurationsSupported, determineAuthorizationServerForCredentialOffer, extractScopesForCredentialConfigurationIds, getCredentialConfigurationsMatchingRequestFormat, getGlobalConfig, parseKeyAttestationJwt, setGlobalConfig, verifyKeyAttestationJwt };
|
|
4443
|
+
export { AuthorizationFlow, type CreateKeyAttestationJwtOptions, type CredentialConfigurationSupported, type CredentialConfigurationSupportedWithFormats, type CredentialConfigurationsSupported, type CredentialConfigurationsSupportedWithFormats, type CredentialErrorResponse, type CredentialFormatIdentifier, type CredentialIssuerMetadata, type CredentialIssuerMetadataDisplayEntry, type CredentialOfferAuthorizationCodeGrant, type CredentialOfferGrants, type CredentialOfferObject, type CredentialOfferPreAuthorizedCodeGrant, type CredentialOfferPreAuthorizedCodeGrantTxCode, type CredentialRequest, type CredentialRequestFormatSpecific, type CredentialRequestJwtProofTypeHeader, type CredentialRequestJwtProofTypePayload, type CredentialRequestWithFormats, type CredentialResponse, type DeferredCredentialRequest, type DeferredCredentialResponse, type ExtractScopesForCredentialConfigurationIdsOptions, type GetCredentialConfigurationsMatchingRequestFormatOptions, type IssuerMetadataResult, type JwtProofTypeIdentifier, type JwtVcJsonFormatIdentifier, type JwtVcJsonLdFormatIdentifier, type LdpVcFormatIdentifier, type LegacySdJwtVcFormatIdentifier, type MsoMdocFormatIdentifier, type NonceResponse, type NotificationErrorResponse, type NotificationEvent, type Oid4vcTsConfig, Openid4vciClient, type Openid4vciClientOptions, Openid4vciDraftVersion, Openid4vciError, type Openid4vciErrorOptions, Openid4vciIssuer, type Openid4vciIssuerOptions, Openid4vciRetrieveCredentialsError, Openid4vciSendNotificationError, Openid4vciVersion, Openid4vciWalletProvider, type Openid4vciWalletProviderOptions, type ParseCredentialRequestReturn, type ParseKeyAttestationJwtOptions, type ProofTypeIdentifier, type RetrieveCredentialsResponseNotOk, type RetrieveCredentialsResponseOk, type SendNotificationResponseNotOk, type SendNotificationResponseOk, type VerifyKeyAttestationJwtOptions, type VerifyKeyAttestationJwtReturn, createKeyAttestationJwt, credentialsSupportedToCredentialConfigurationsSupported, determineAuthorizationServerForCredentialOffer, extractScopesForCredentialConfigurationIds, getCredentialConfigurationsMatchingRequestFormat, getGlobalConfig, parseKeyAttestationJwt, setGlobalConfig, verifyKeyAttestationJwt };
|
|
4404
4444
|
//# sourceMappingURL=index.d.mts.map
|
package/dist/index.mjs
CHANGED
|
@@ -3,13 +3,17 @@ import { InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oau
|
|
|
3
3
|
import z from "zod";
|
|
4
4
|
|
|
5
5
|
//#region src/version.ts
|
|
6
|
-
let
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
return
|
|
6
|
+
let Openid4vciVersion = /* @__PURE__ */ function(Openid4vciVersion$1) {
|
|
7
|
+
Openid4vciVersion$1["V1"] = "V1";
|
|
8
|
+
Openid4vciVersion$1["Draft15"] = "Draft15";
|
|
9
|
+
Openid4vciVersion$1["Draft14"] = "Draft14";
|
|
10
|
+
Openid4vciVersion$1["Draft11"] = "Draft11";
|
|
11
|
+
return Openid4vciVersion$1;
|
|
12
12
|
}({});
|
|
13
|
+
/**
|
|
14
|
+
* @deprecated use `OpenId4vciVersion` instead
|
|
15
|
+
*/
|
|
16
|
+
const Openid4vciDraftVersion = Openid4vciVersion;
|
|
13
17
|
|
|
14
18
|
//#endregion
|
|
15
19
|
//#region src/credential-offer/z-credential-offer.ts
|
|
@@ -120,7 +124,7 @@ async function createCredentialOffer(options) {
|
|
|
120
124
|
"pre-authorized_code": preAuthorizedCodeGrant["pre-authorized_code"] ?? encodeToBase64Url(await options.callbacks.generateRandom(32))
|
|
121
125
|
};
|
|
122
126
|
const txCode = grants[preAuthorizedCodeGrantIdentifier].tx_code;
|
|
123
|
-
if (txCode && options.issuerMetadata.originalDraftVersion ===
|
|
127
|
+
if (txCode && options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft11) grants[preAuthorizedCodeGrantIdentifier].user_pin_required = txCode !== void 0;
|
|
124
128
|
}
|
|
125
129
|
const idsNotInMetadata = options.credentialConfigurationIds.filter((id) => options.issuerMetadata.credentialIssuer.credential_configurations_supported[id] === void 0);
|
|
126
130
|
if (idsNotInMetadata.length > 0) throw new Oauth2Error(`Credential configuration ids ${idsNotInMetadata} not found in the credential issuer metadata 'credential_configurations_supported'. Available ids are ${Object.keys(options.issuerMetadata.credentialIssuer.credential_configurations_supported).join(", ")}.`);
|
|
@@ -131,7 +135,7 @@ async function createCredentialOffer(options) {
|
|
|
131
135
|
grants,
|
|
132
136
|
...options.additionalPayload
|
|
133
137
|
});
|
|
134
|
-
if (options.issuerMetadata.originalDraftVersion ===
|
|
138
|
+
if (options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft11) credentialOfferObject.credentials = credentialOfferObject.credential_configuration_ids;
|
|
135
139
|
const url = new URL(credentialOfferScheme);
|
|
136
140
|
url.search = `?${new URLSearchParams([...url.searchParams.entries(), ...objectToQueryParams({
|
|
137
141
|
credential_offer_uri: options.credentialOfferUri,
|
|
@@ -148,14 +152,15 @@ async function createCredentialOffer(options) {
|
|
|
148
152
|
function getCredentialConfigurationsMatchingRequestFormat({ requestFormat, issuerMetadata }) {
|
|
149
153
|
const knownCredentialConfigurations = issuerMetadata.knownCredentialConfigurations;
|
|
150
154
|
return Object.fromEntries(Object.entries(knownCredentialConfigurations).filter(([, credentialConfiguration]) => {
|
|
151
|
-
|
|
155
|
+
const isSpecialVcToDcSdJwt = credentialConfiguration.format === "dc+sd-jwt" && requestFormat.format === "vc+sd-jwt";
|
|
156
|
+
if (credentialConfiguration.format !== requestFormat.format && !isSpecialVcToDcSdJwt) return false;
|
|
152
157
|
const r = requestFormat;
|
|
153
158
|
const c = credentialConfiguration;
|
|
154
159
|
if ((c.format === "ldp_vc" || c.format === "jwt_vc_json-ld") && r.format === c.format) return arrayEqualsIgnoreOrder(r.credential_definition.type, c.credential_definition.type) && arrayEqualsIgnoreOrder(r.credential_definition["@context"], c.credential_definition["@context"]);
|
|
155
160
|
if (c.format === "jwt_vc_json" && r.format === c.format) return arrayEqualsIgnoreOrder(r.credential_definition.type, c.credential_definition.type);
|
|
156
|
-
if (
|
|
161
|
+
if (r.format === "vc+sd-jwt" && (c.format === "vc+sd-jwt" || c.format === "dc+sd-jwt")) {
|
|
157
162
|
if (r.vct && c.vct) return r.vct === c.vct;
|
|
158
|
-
if (c.credential_definition && r.credential_definition) return arrayEqualsIgnoreOrder(r.credential_definition.type, c.credential_definition.type);
|
|
163
|
+
if (c.format === "vc+sd-jwt" && c.credential_definition && r.credential_definition) return arrayEqualsIgnoreOrder(r.credential_definition.type, c.credential_definition.type);
|
|
159
164
|
}
|
|
160
165
|
if (c.format === "mso_mdoc" && r.format === c.format) return r.doctype === c.doctype;
|
|
161
166
|
return false;
|
|
@@ -293,7 +298,7 @@ const zClaimDescriptionPathValue = z.union([
|
|
|
293
298
|
z.null()
|
|
294
299
|
]);
|
|
295
300
|
const zClaimsDescriptionPath = z.tuple([zClaimDescriptionPathValue], zClaimDescriptionPathValue);
|
|
296
|
-
const zMsoMdocClaimsDescriptionPath = z.tuple([z.string(), z.string()],
|
|
301
|
+
const zMsoMdocClaimsDescriptionPath = z.tuple([z.string(), z.string()], zClaimDescriptionPathValue, { message: "mso_mdoc claims description path MUST be an array with at least two string elements, pointing to the namespace and element identifier within an mdoc credential" });
|
|
297
302
|
const zIssuerMetadataClaimsDescription = z.object({
|
|
298
303
|
path: zClaimsDescriptionPath,
|
|
299
304
|
mandatory: z.boolean().optional(),
|
|
@@ -749,10 +754,10 @@ const zCredentialConfigurationSupportedDraft11ToV1 = z.object({
|
|
|
749
754
|
logo: z.object({ url: zHttpsUrl.or(zDataUrl).optional() }).loose().optional(),
|
|
750
755
|
background_image: z.object({ url: zHttpsUrl.or(zDataUrl).optional() }).loose().optional()
|
|
751
756
|
}).loose()).optional(),
|
|
752
|
-
claims: z.any().optional()
|
|
757
|
+
claims: z.any().transform((claims) => claimsObjectToClaimsArray(claims)).optional()
|
|
753
758
|
}).loose().transform(({ cryptographic_suites_supported, display, claims, id, format, ...rest }) => ({
|
|
754
759
|
...rest,
|
|
755
|
-
format,
|
|
760
|
+
format: format === "vc+sd-jwt" && rest.vct ? "dc+sd-jwt" : format,
|
|
756
761
|
...cryptographic_suites_supported ? { credential_signing_alg_values_supported: format === zMsoMdocFormatIdentifier.value ? jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray(cryptographic_suites_supported) : cryptographic_suites_supported } : {},
|
|
757
762
|
...claims || display ? { credential_metadata: {
|
|
758
763
|
...claims ? { claims } : {},
|
|
@@ -780,9 +785,25 @@ const zCredentialConfigurationSupportedDraft11ToV1 = z.object({
|
|
|
780
785
|
const zCredentialConfigurationSupportedV1ToDraft11 = zCredentialConfigurationSupportedWithFormats.transform(({ credential_metadata, ...rest }) => ({
|
|
781
786
|
...credential_metadata,
|
|
782
787
|
...rest
|
|
783
|
-
})).
|
|
788
|
+
})).transform((configuration, ctx) => {
|
|
789
|
+
if (!configuration.id || typeof configuration.id !== "string") {
|
|
790
|
+
ctx.addIssue({
|
|
791
|
+
code: "invalid_type",
|
|
792
|
+
expected: "string",
|
|
793
|
+
input: configuration.id,
|
|
794
|
+
path: ["id"],
|
|
795
|
+
message: "Missing required id field"
|
|
796
|
+
});
|
|
797
|
+
return z.NEVER;
|
|
798
|
+
}
|
|
799
|
+
return {
|
|
800
|
+
...configuration,
|
|
801
|
+
id: configuration.id,
|
|
802
|
+
claims: void 0
|
|
803
|
+
};
|
|
804
|
+
}).transform(({ id, credential_signing_alg_values_supported, display, proof_types_supported, scope, format, claims, ...rest }) => ({
|
|
784
805
|
...rest,
|
|
785
|
-
format,
|
|
806
|
+
format: format === "dc+sd-jwt" ? "vc+sd-jwt" : format,
|
|
786
807
|
...credential_signing_alg_values_supported ? { cryptographic_suites_supported: format === zMsoMdocFormatIdentifier.value && typeof credential_signing_alg_values_supported[0] === "number" ? fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray(credential_signing_alg_values_supported) : credential_signing_alg_values_supported } : {},
|
|
787
808
|
...display ? { display: display.map(({ logo, background_image, ...displayRest }) => {
|
|
788
809
|
const { uri: logoUri, ...logoRest } = logo ?? {};
|
|
@@ -840,11 +861,11 @@ const zCredentialIssuerMetadataWithDraftVersion = z.union([zCredentialIssuerMeta
|
|
|
840
861
|
});
|
|
841
862
|
return {
|
|
842
863
|
credentialIssuerMetadata,
|
|
843
|
-
originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata || configuration.format === "mso_mdoc" && configuration.credential_signing_alg_values_supported?.some((supported) => typeof supported === "number")) ?
|
|
864
|
+
originalDraftVersion: credentialConfigurations.some((configuration) => configuration.credential_metadata || configuration.format === "mso_mdoc" && configuration.credential_signing_alg_values_supported?.some((supported) => typeof supported === "number")) ? Openid4vciVersion.V1 : isDraft15 ? Openid4vciVersion.Draft15 : Openid4vciVersion.Draft14
|
|
844
865
|
};
|
|
845
866
|
}), zCredentialIssuerMetadataDraft11ToV1.transform((credentialIssuerMetadata) => ({
|
|
846
867
|
credentialIssuerMetadata,
|
|
847
|
-
originalDraftVersion:
|
|
868
|
+
originalDraftVersion: Openid4vciVersion.Draft11
|
|
848
869
|
}))]);
|
|
849
870
|
|
|
850
871
|
//#endregion
|
|
@@ -877,6 +898,36 @@ function credentialsSupportedToCredentialConfigurationsSupported(credentialsSupp
|
|
|
877
898
|
}
|
|
878
899
|
return credentialConfigurationsSupported;
|
|
879
900
|
}
|
|
901
|
+
/**
|
|
902
|
+
* Transforms draft 14 claims object syntax to the new array-based claims description syntax
|
|
903
|
+
*
|
|
904
|
+
* @param claims - The claims object in draft 14 format
|
|
905
|
+
* @returns Array of claims descriptions or undefined if validation fails
|
|
906
|
+
*/
|
|
907
|
+
function claimsObjectToClaimsArray(claims) {
|
|
908
|
+
const parseResult = zCredentialConfigurationSupportedClaimsDraft14.safeParse(claims);
|
|
909
|
+
if (!parseResult.success) return;
|
|
910
|
+
const result = [];
|
|
911
|
+
/**
|
|
912
|
+
* Recursively process claims object, building up the path from parent keys
|
|
913
|
+
*/
|
|
914
|
+
function processClaimsObject(claimsObj, parentPath = []) {
|
|
915
|
+
for (const [key, value] of Object.entries(claimsObj)) {
|
|
916
|
+
const currentPath = [...parentPath, key];
|
|
917
|
+
if (value && typeof value === "object" && !Array.isArray(value) && ("mandatory" in value || "value_type" in value || "display" in value)) {
|
|
918
|
+
const claimValue = value;
|
|
919
|
+
const claimDescription = { path: currentPath };
|
|
920
|
+
if (typeof claimValue.mandatory === "boolean") claimDescription.mandatory = claimValue.mandatory;
|
|
921
|
+
if (Array.isArray(claimValue.display)) claimDescription.display = claimValue.display;
|
|
922
|
+
result.push(claimDescription);
|
|
923
|
+
const nestedClaims = Object.entries(claimValue).filter(([k]) => k !== "mandatory" && k !== "value_type" && k !== "display");
|
|
924
|
+
if (nestedClaims.length > 0) processClaimsObject(Object.fromEntries(nestedClaims), currentPath);
|
|
925
|
+
} else if (value && typeof value === "object" && !Array.isArray(value)) processClaimsObject(value, currentPath);
|
|
926
|
+
}
|
|
927
|
+
}
|
|
928
|
+
processClaimsObject(parseResult.data);
|
|
929
|
+
return result;
|
|
930
|
+
}
|
|
880
931
|
|
|
881
932
|
//#endregion
|
|
882
933
|
//#region src/metadata/credential-issuer/z-signed-credential-issuer-metadata.ts
|
|
@@ -990,8 +1041,8 @@ function getKnownCredentialConfigurationSupportedById(issuerMetadata, credential
|
|
|
990
1041
|
//#region src/credential-request/format-payload.ts
|
|
991
1042
|
function getCredentialRequestFormatPayloadForCredentialConfigurationId(options) {
|
|
992
1043
|
const credentialConfiguration = getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
|
|
993
|
-
if (zIs(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || zIs(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
|
|
994
|
-
format:
|
|
1044
|
+
if (zIs(zLegacySdJwtVcCredentialIssuerMetadataV1, credentialConfiguration) || zIs(zLegacySdJwtVcCredentialIssuerMetadataDraft14, credentialConfiguration) || zIs(zSdJwtDcCredentialIssuerMetadata, credentialConfiguration) && (options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft11 || options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft14)) return {
|
|
1045
|
+
format: "vc+sd-jwt",
|
|
995
1046
|
vct: credentialConfiguration.vct
|
|
996
1047
|
};
|
|
997
1048
|
if (zIs(zMsoMdocCredentialIssuerMetadata, credentialConfiguration) || zIs(zMsoMdocCredentialIssuerMetadataDraft14, credentialConfiguration)) return {
|
|
@@ -1260,7 +1311,7 @@ const zDeferredCredentialResponse = zBaseCredentialResponse.superRefine((value,
|
|
|
1260
1311
|
//#endregion
|
|
1261
1312
|
//#region src/credential-request/retrieve-credentials.ts
|
|
1262
1313
|
async function retrieveCredentialsWithCredentialConfigurationId(options) {
|
|
1263
|
-
if (options.issuerMetadata.originalDraftVersion !==
|
|
1314
|
+
if (options.issuerMetadata.originalDraftVersion !== Openid4vciVersion.Draft15 && options.issuerMetadata.originalDraftVersion !== Openid4vciVersion.V1) throw new Openid4vciError("Requesting credentials based on credential configuration ID is not supported in OpenID4VCI below draft 15. Make sure to provide the format and format specific claims in the request.");
|
|
1264
1315
|
getKnownCredentialConfigurationSupportedById(options.issuerMetadata, options.credentialConfigurationId);
|
|
1265
1316
|
const credentialRequest = {
|
|
1266
1317
|
...options.additionalRequestPayload,
|
|
@@ -1277,7 +1328,7 @@ async function retrieveCredentialsWithCredentialConfigurationId(options) {
|
|
|
1277
1328
|
});
|
|
1278
1329
|
}
|
|
1279
1330
|
async function retrieveCredentialsWithFormat(options) {
|
|
1280
|
-
if (options.issuerMetadata.originalDraftVersion ===
|
|
1331
|
+
if (options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft15 || options.issuerMetadata.originalDraftVersion === Openid4vciVersion.V1) throw new Openid4vciError("Requesting credentials based on format is not supported on OpenID4VCI above draft 15. Provide the credential configuration id directly in the request.");
|
|
1281
1332
|
const credentialRequest = {
|
|
1282
1333
|
...options.formatPayload,
|
|
1283
1334
|
...options.additionalRequestPayload,
|
|
@@ -1300,11 +1351,11 @@ async function retrieveCredentials(options) {
|
|
|
1300
1351
|
let credentialRequest = parseWithErrorHandling(zCredentialRequest, options.credentialRequest, "Error validating credential request");
|
|
1301
1352
|
if (credentialRequest.proofs) {
|
|
1302
1353
|
const { batch_credential_issuance } = options.issuerMetadata.credentialIssuer;
|
|
1303
|
-
if (options.issuerMetadata.originalDraftVersion ===
|
|
1354
|
+
if (options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft11) throw new Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' does not support batch credential issuance using the 'proofs' request property. Only 'proof' is supported.`);
|
|
1304
1355
|
const proofs = Object.values(credentialRequest.proofs)[0];
|
|
1305
1356
|
if (proofs.length > (batch_credential_issuance?.batch_size ?? 1)) throw new Oauth2Error(`Credential issuer '${options.issuerMetadata.credentialIssuer.credential_issuer}' supports batch issuance, but the max batch size is '${batch_credential_issuance?.batch_size ?? 1}'. A total of '${proofs.length}' proofs were provided.`);
|
|
1306
1357
|
}
|
|
1307
|
-
if (options.issuerMetadata.originalDraftVersion ===
|
|
1358
|
+
if (options.issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft11) credentialRequest = parseWithErrorHandling(zCredentialRequestDraft14To11, credentialRequest, `Error transforming credential request from ${Openid4vciVersion.Draft14} to ${Openid4vciVersion.Draft11}`);
|
|
1308
1359
|
const resourceResponse = await resourceRequest({
|
|
1309
1360
|
dpop: options.dpop,
|
|
1310
1361
|
accessToken: options.accessToken,
|
|
@@ -1779,7 +1830,7 @@ var Openid4vciClient = class {
|
|
|
1779
1830
|
*/
|
|
1780
1831
|
async retrieveCredentials({ issuerMetadata, proof, proofs, credentialConfigurationId, additionalRequestPayload, accessToken, dpop }) {
|
|
1781
1832
|
let credentialResponse;
|
|
1782
|
-
if (issuerMetadata.originalDraftVersion ===
|
|
1833
|
+
if (issuerMetadata.originalDraftVersion === Openid4vciVersion.Draft15 || issuerMetadata.originalDraftVersion === Openid4vciVersion.V1) credentialResponse = await retrieveCredentialsWithCredentialConfigurationId({
|
|
1783
1834
|
accessToken,
|
|
1784
1835
|
credentialConfigurationId,
|
|
1785
1836
|
issuerMetadata,
|
|
@@ -2104,5 +2155,5 @@ var Openid4vciWalletProvider = class {
|
|
|
2104
2155
|
};
|
|
2105
2156
|
|
|
2106
2157
|
//#endregion
|
|
2107
|
-
export { AuthorizationFlow, Openid4vciClient, Openid4vciDraftVersion, Openid4vciError, Openid4vciIssuer, Openid4vciRetrieveCredentialsError, Openid4vciSendNotificationError, Openid4vciWalletProvider, createKeyAttestationJwt, credentialsSupportedToCredentialConfigurationsSupported, determineAuthorizationServerForCredentialOffer, extractScopesForCredentialConfigurationIds, getCredentialConfigurationsMatchingRequestFormat, getGlobalConfig, parseKeyAttestationJwt, setGlobalConfig, verifyKeyAttestationJwt };
|
|
2158
|
+
export { AuthorizationFlow, Openid4vciClient, Openid4vciDraftVersion, Openid4vciError, Openid4vciIssuer, Openid4vciRetrieveCredentialsError, Openid4vciSendNotificationError, Openid4vciVersion, Openid4vciWalletProvider, createKeyAttestationJwt, credentialsSupportedToCredentialConfigurationsSupported, determineAuthorizationServerForCredentialOffer, extractScopesForCredentialConfigurationIds, getCredentialConfigurationsMatchingRequestFormat, getGlobalConfig, parseKeyAttestationJwt, setGlobalConfig, verifyKeyAttestationJwt };
|
|
2108
2159
|
//# sourceMappingURL=index.mjs.map
|