@openid4vc/openid4vp 0.3.0-alpha-20250324175730 → 0.3.0-alpha-20250324183425

package/dist/index.js

@@ -62,7 +62,7 @@ module.exports = __toCommonJS(src_exports);
 
 // src/client-identifier-scheme/parse-client-identifier-scheme.ts
 var import_oauth23 = require("@openid4vc/oauth2");
-var import_utils4 = require("@openid4vc/utils");
+var import_utils5 = require("@openid4vc/utils");
 
 // src/authorization-request/z-authorization-request-dc-api.ts
 var import_zod5 = require("zod");
@@ -230,6 +230,7 @@ function isOpenid4vpAuthorizationRequestDcApi(request) {
 }
 
 // src/client-identifier-scheme/z-client-id-scheme.ts
+var import_utils4 = require("@openid4vc/utils");
 var import_zod6 = require("zod");
 var zClientIdScheme = import_zod6.z.enum([
   "pre-registered",
@@ -243,7 +244,10 @@ var zClientIdScheme = import_zod6.z.enum([
 ]);
 var zClientIdToClientIdScheme = import_zod6.z.union(
   [
-    import_zod6.z.string({ message: "client_id MUST be a string" }).includes(":").transform((clientId) => clientId.split(":")[0]).pipe(zClientIdScheme.exclude(["pre-registered"])),
+    import_zod6.z.string({ message: "client_id MUST be a string" }).includes(":").transform((clientId) => {
+      const clientIdScheme = clientId.split(":")[0];
+      return clientIdScheme === "http" && (0, import_utils4.getGlobalConfig)().allowInsecureUrls ? "https" : clientIdScheme;
+    }).pipe(zClientIdScheme.exclude(["pre-registered"])),
     import_zod6.z.string().refine((clientId) => clientId.includes(":") === false).transform(() => "pre-registered")
   ],
   {
@@ -350,7 +354,7 @@ function validateOpenid4vpClientId(options, parserConfig) {
     });
   }
   if (clientIdScheme === "https") {
-    if (!import_utils4.zHttpsUrl.safeParse(clientId).success) {
+    if (!import_utils5.zHttpsUrl.safeParse(clientId).success) {
       throw new import_oauth23.Oauth2ServerErrorResponseError(
         {
           error: import_oauth23.Oauth2ErrorCodes.InvalidRequest,
@@ -474,7 +478,7 @@ function validateOpenid4vpClientId(options, parserConfig) {
       }
       if (!isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {
         const uri = authorizationRequestPayload.redirect_uri ?? authorizationRequestPayload.response_uri;
-        if (!uri || new import_utils4.URL(uri).hostname !== identifierPart) {
+        if (!uri || new import_utils5.URL(uri).hostname !== identifierPart) {
           throw new import_oauth23.Oauth2ServerErrorResponseError({
             error: import_oauth23.Oauth2ErrorCodes.InvalidRequest,
             error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
@@ -560,7 +564,7 @@ function extractJwksFromClientMetadata(clientMetadata) {
 
 // src/jarm/jarm-authorization-response/jarm-validate-authorization-response.ts
 var import_oauth25 = require("@openid4vc/oauth2");
-var import_utils5 = require("@openid4vc/utils");
+var import_utils6 = require("@openid4vc/utils");
 
 // src/jarm/jarm-authorization-response/z-jarm-authorization-response.ts
 var import_oauth24 = require("@openid4vc/oauth2");
@@ -592,7 +596,7 @@ var jarmAuthorizationResponseValidate = (options) => {
       `Invalid 'aud' claim in JARM authorization response. Expected '${expectedClientId}' received '${JSON.stringify(authorizationResponse.aud)}'.`
     );
   }
-  if (authorizationResponse.exp !== void 0 && authorizationResponse.exp < (0, import_utils5.dateToSeconds)()) {
+  if (authorizationResponse.exp !== void 0 && authorizationResponse.exp < (0, import_utils6.dateToSeconds)()) {
     throw new import_oauth25.Oauth2Error("Jarm auth response is expired.");
   }
 };
@@ -660,11 +664,11 @@ async function verifyJarmAuthorizationResponse(options) {
 
 // src/authorization-request/create-authorization-request.ts
 var import_oauth210 = require("@openid4vc/oauth2");
-var import_utils8 = require("@openid4vc/utils");
+var import_utils9 = require("@openid4vc/utils");
 
 // src/jar/create-jar-authorization-request.ts
 var import_oauth27 = require("@openid4vc/oauth2");
-var import_utils6 = require("@openid4vc/utils");
+var import_utils7 = require("@openid4vc/utils");
 async function createJarAuthorizationRequest(options) {
   const { jwtSigner, jweEncryptor, authorizationRequestPayload, requestUri, callbacks } = options;
   let authorizationRequestJwt;
@@ -673,8 +677,8 @@ async function createJarAuthorizationRequest(options) {
   const { jwt, signerJwk } = await callbacks.signJwt(jwtSigner, {
     header: { ...(0, import_oauth27.jwtHeaderFromJwtSigner)(jwtSigner), typ: "oauth-authz-req+jwt" },
     payload: {
-      iat: (0, import_utils6.dateToSeconds)(now),
-      exp: (0, import_utils6.dateToSeconds)((0, import_utils6.addSecondsToDate)(now, options.expiresInSeconds)),
+      iat: (0, import_utils7.dateToSeconds)(now),
+      exp: (0, import_utils7.dateToSeconds)((0, import_utils7.addSecondsToDate)(now, options.expiresInSeconds)),
       ...options.additionalJwtPayload,
       ...authorizationRequestPayload
     }
@@ -692,7 +696,7 @@ async function createJarAuthorizationRequest(options) {
 
 // src/authorization-request/validate-authorization-request.ts
 var import_oauth28 = require("@openid4vc/oauth2");
-var import_utils7 = require("@openid4vc/utils");
+var import_utils8 = require("@openid4vc/utils");
 var validateOpenid4vpAuthorizationRequestPayload = (options) => {
   const { params, walletVerificationOptions } = options;
   if (!params.redirect_uri && !params.response_uri) {
@@ -727,7 +731,7 @@ var validateOpenid4vpAuthorizationRequestPayload = (options) => {
       error_description: `The 'request_uri_method' parameter MUST be 'GET' or 'POST'. Current: ${params.request_uri_method}`
     });
   }
-  if (params.trust_chain && !import_utils7.zHttpsUrl.safeParse(params.client_id).success) {
+  if (params.trust_chain && !import_utils8.zHttpsUrl.safeParse(params.client_id).success) {
     throw new import_oauth28.Oauth2ServerErrorResponseError({
       error: import_oauth28.Oauth2ErrorCodes.InvalidRequest,
       error_description: 'The "trust_chain" parameter MUST NOT be present in the authorization request if the "client_id" is not an OpenId Federation Entity Identifier starting with http:// or https://.'
@@ -791,7 +795,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
   let additionalJwtPayload;
   let authorizationRequestPayload;
   if (isOpenid4vpAuthorizationRequestDcApi(options.authorizationRequestPayload)) {
-    authorizationRequestPayload = (0, import_utils8.parseWithErrorHandling)(
+    authorizationRequestPayload = (0, import_utils9.parseWithErrorHandling)(
       zOpenid4vpAuthorizationRequestDcApi,
       options.authorizationRequestPayload,
       "Invalid authorization request. Could not parse openid4vp dc_api authorization request."
@@ -807,7 +811,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
       disableOriginValidation: true
     });
   } else {
-    authorizationRequestPayload = (0, import_utils8.parseWithErrorHandling)(
+    authorizationRequestPayload = (0, import_utils9.parseWithErrorHandling)(
       zOpenid4vpAuthorizationRequest,
       options.authorizationRequestPayload,
       "Invalid authorization request. Could not parse openid4vp authorization request."
@@ -827,10 +831,10 @@ async function createOpenid4vpAuthorizationRequest(options) {
       additionalJwtPayload,
       callbacks
     });
-    const url2 = new import_utils8.URL(scheme);
-    url2.search = `?${new import_utils8.URLSearchParams([
+    const url2 = new import_utils9.URL(scheme);
+    url2.search = `?${new import_utils9.URLSearchParams([
       ...url2.searchParams.entries(),
-      ...(0, import_utils8.objectToQueryParams)(jarResult.jarAuthorizationRequest).entries(),
+      ...(0, import_utils9.objectToQueryParams)(jarResult.jarAuthorizationRequest).entries(),
       // Add client_id_scheme if defined for backwards compat
       ...authorizationRequestPayload.client_id_scheme ? [["client_id_scheme", authorizationRequestPayload.client_id_scheme]] : []
     ]).toString()}`;
@@ -841,10 +845,10 @@ async function createOpenid4vpAuthorizationRequest(options) {
       jar: { ...jar, ...jarResult }
     };
   }
-  const url = new import_utils8.URL(scheme);
-  url.search = `?${new import_utils8.URLSearchParams([
+  const url = new import_utils9.URL(scheme);
+  url.search = `?${new import_utils9.URLSearchParams([
     ...url.searchParams.entries(),
-    ...(0, import_utils8.objectToQueryParams)(authorizationRequestPayload).entries()
+    ...(0, import_utils9.objectToQueryParams)(authorizationRequestPayload).entries()
   ]).toString()}`;
   return {
     authorizationRequestPayload,
@@ -856,16 +860,16 @@ async function createOpenid4vpAuthorizationRequest(options) {
 
 // src/authorization-request/parse-authorization-request-params.ts
 var import_oauth212 = require("@openid4vc/oauth2");
-var import_utils10 = require("@openid4vc/utils");
+var import_utils11 = require("@openid4vc/utils");
 var import_zod10 = __toESM(require("zod"));
 
 // src/jar/z-jar-authorization-request.ts
 var import_oauth211 = require("@openid4vc/oauth2");
-var import_utils9 = require("@openid4vc/utils");
+var import_utils10 = require("@openid4vc/utils");
 var import_zod9 = require("zod");
 var zJarAuthorizationRequest = import_zod9.z.object({
   request: import_zod9.z.optional(import_zod9.z.string()),
-  request_uri: import_zod9.z.optional(import_utils9.zHttpsUrl),
+  request_uri: import_zod9.z.optional(import_utils10.zHttpsUrl),
   request_uri_method: import_zod9.z.optional(import_zod9.z.string()),
   client_id: import_zod9.z.optional(import_zod9.z.string())
 }).passthrough();
@@ -896,7 +900,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
   let params;
   if (typeof authorizationRequest === "string") {
     if (authorizationRequest.includes("://")) {
-      params = (0, import_utils10.parseWithErrorHandling)(
+      params = (0, import_utils11.parseWithErrorHandling)(
         zOpenid4vpAuthorizationRequestFromUriParams,
         authorizationRequest,
         "Unable to parse openid4vp authorization request uri to a valid object"
@@ -910,7 +914,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
   } else {
     params = authorizationRequest;
   }
-  const parsedRequest = (0, import_utils10.parseWithErrorHandling)(
+  const parsedRequest = (0, import_utils11.parseWithErrorHandling)(
     import_zod10.default.union([zOpenid4vpAuthorizationRequest, zJarAuthorizationRequest, zOpenid4vpAuthorizationRequestDcApi]),
     params
   );
@@ -937,19 +941,19 @@ function parseOpenid4vpAuthorizationRequest(options) {
 
 // src/authorization-request/resolve-authorization-request.ts
 var import_oauth219 = require("@openid4vc/oauth2");
-var import_utils14 = require("@openid4vc/utils");
+var import_utils15 = require("@openid4vc/utils");
 var import_zod14 = __toESM(require("zod"));
 
 // src/fetch-client-metadata.ts
 var import_oauth213 = require("@openid4vc/oauth2");
-var import_utils11 = require("@openid4vc/utils");
+var import_utils12 = require("@openid4vc/utils");
 async function fetchClientMetadata(options) {
   const { fetch, clientMetadataUri } = options;
-  const fetcher = (0, import_utils11.createZodFetcher)(fetch);
-  const { result, response } = await fetcher(zClientMetadata, import_utils11.ContentType.Json, clientMetadataUri, {
+  const fetcher = (0, import_utils12.createZodFetcher)(fetch);
+  const { result, response } = await fetcher(zClientMetadata, import_utils12.ContentType.Json, clientMetadataUri, {
     method: "GET",
     headers: {
-      Accept: import_utils11.ContentType.Json
+      Accept: import_utils12.ContentType.Json
     }
   });
   if (!response.ok) {
@@ -1035,7 +1039,7 @@ function parseAuthorizationRequestVersion(request) {
 
 // src/jar/jar-request-object/fetch-jar-request-object.ts
 var import_oauth215 = require("@openid4vc/oauth2");
-var import_utils12 = require("@openid4vc/utils");
+var import_utils13 = require("@openid4vc/utils");
 async function fetchJarRequestObject(options) {
   const { requestUri, clientIdentifierScheme, method, wallet, fetch } = options;
   let requestBody = wallet.metadata ? { wallet_metadata: wallet.metadata, wallet_nonce: wallet.nonce } : void 0;
@@ -1043,12 +1047,12 @@ async function fetchJarRequestObject(options) {
     const { request_object_signing_alg_values_supported, ...rest } = requestBody.wallet_metadata;
     requestBody = { ...requestBody, wallet_metadata: { ...rest } };
   }
-  const response = await (0, import_utils12.createFetcher)(fetch)(requestUri, {
+  const response = await (0, import_utils13.createFetcher)(fetch)(requestUri, {
     method,
-    body: method === "POST" ? (0, import_utils12.objectToQueryParams)(wallet.metadata ?? {}) : void 0,
+    body: method === "POST" ? (0, import_utils13.objectToQueryParams)(wallet.metadata ?? {}) : void 0,
     headers: {
-      Accept: `${import_utils12.ContentType.OAuthAuthorizationRequestJwt}, ${import_utils12.ContentType.Jwt};q=0.9, text/plain`,
-      "Content-Type": import_utils12.ContentType.XWwwFormUrlencoded
+      Accept: `${import_utils13.ContentType.OAuthAuthorizationRequestJwt}, ${import_utils13.ContentType.Jwt};q=0.9, text/plain`,
+      "Content-Type": import_utils13.ContentType.XWwwFormUrlencoded
     }
   }).catch(() => {
     throw new import_oauth215.Oauth2ServerErrorResponseError({
@@ -1213,7 +1217,7 @@ async function verifyJarRequestObject(options) {
 
 // src/transaction-data/parse-transaction-data.ts
 var import_oauth218 = require("@openid4vc/oauth2");
-var import_utils13 = require("@openid4vc/utils");
+var import_utils14 = require("@openid4vc/utils");
 
 // src/transaction-data/z-transaction-data.ts
 var import_zod13 = require("zod");
@@ -1227,7 +1231,7 @@ var zTransactionData = import_zod13.z.array(zTransactionEntry);
 // src/transaction-data/parse-transaction-data.ts
 function parseTransactionData(options) {
   const { transactionData } = options;
-  const decoded = transactionData.map((tdEntry) => (0, import_utils13.parseIfJson)((0, import_utils13.encodeToUtf8String)((0, import_utils13.decodeBase64)(tdEntry))));
+  const decoded = transactionData.map((tdEntry) => (0, import_utils14.parseIfJson)((0, import_utils14.encodeToUtf8String)((0, import_utils14.decodeBase64)(tdEntry))));
   const parsedResult = zTransactionData.safeParse(decoded);
   if (!parsedResult.success) {
     throw new import_oauth218.Oauth2ServerErrorResponseError({
@@ -1246,7 +1250,7 @@ function parseTransactionData(options) {
 async function resolveOpenid4vpAuthorizationRequest(options) {
   const { wallet, callbacks, origin, disableOriginValidation } = options;
   let authorizationRequestPayload;
-  const parsed = (0, import_utils14.parseWithErrorHandling)(
+  const parsed = (0, import_utils15.parseWithErrorHandling)(
     import_zod14.default.union([zOpenid4vpAuthorizationRequestDcApi, zOpenid4vpAuthorizationRequest, zJarAuthorizationRequest]),
     options.authorizationRequestPayload,
     "Invalid authorization request. Could not parse openid4vp authorization request as openid4vp or jar auth request."
@@ -1254,7 +1258,7 @@ async function resolveOpenid4vpAuthorizationRequest(options) {
   let jar;
   if (isJarAuthorizationRequest(parsed)) {
     jar = await verifyJarRequest({ jarRequestParams: parsed, callbacks, wallet });
-    const parsedJarAuthorizationRequestPayload = (0, import_utils14.parseWithErrorHandling)(
+    const parsedJarAuthorizationRequestPayload = (0, import_utils15.parseWithErrorHandling)(
       import_zod14.default.union([zOpenid4vpAuthorizationRequestDcApi, zOpenid4vpAuthorizationRequest]),
       jar.authorizationRequestPayload,
       "Invalid authorization request. Could not parse jar request payload as openid4vp auth request."
@@ -1335,7 +1339,7 @@ function validateOpenId4vpAuthorizationRequestPayload(options) {
 
 // src/authorization-response/create-authorization-response.ts
 var import_oauth222 = require("@openid4vc/oauth2");
-var import_utils15 = require("@openid4vc/utils");
+var import_utils16 = require("@openid4vc/utils");
 
 // ../utils/src/date.ts
 function addSecondsToDate2(date, seconds) {
@@ -1484,7 +1488,7 @@ async function createOpenid4vpAuthorizationResponse(options) {
     additionalJwtPayload = {
       iss: jarm.authorizationServer,
       aud: jarm.audience,
-      exp: jarm.expiresInSeconds ?? (0, import_utils15.dateToSeconds)(addSecondsToDate2(/* @__PURE__ */ new Date(), 60 * 10))
+      exp: jarm.expiresInSeconds ?? (0, import_utils16.dateToSeconds)(addSecondsToDate2(/* @__PURE__ */ new Date(), 60 * 10))
       // default: 10 minutes
     };
   }
@@ -1516,25 +1520,25 @@ async function createOpenid4vpAuthorizationResponse(options) {
 
 // src/authorization-response/submit-authorization-response.ts
 var import_oauth224 = require("@openid4vc/oauth2");
-var import_utils17 = require("@openid4vc/utils");
 var import_utils18 = require("@openid4vc/utils");
+var import_utils19 = require("@openid4vc/utils");
 
 // src/jarm/jarm-authorizatino-response-send.ts
 var import_oauth223 = require("@openid4vc/oauth2");
-var import_utils16 = require("@openid4vc/utils");
+var import_utils17 = require("@openid4vc/utils");
 var jarmAuthorizationResponseSend = (options) => {
   const { authorizationRequestPayload, jarmAuthorizationResponseJwt, callbacks } = options;
   const responseEndpoint = authorizationRequestPayload.response_uri ?? authorizationRequestPayload.redirect_uri;
   if (!responseEndpoint) {
     throw new import_oauth223.Oauth2Error(`Either 'response_uri' or 'redirect_uri' MUST  be present in the authorization request`);
   }
-  const responseEndpointUrl = new import_utils16.URL(responseEndpoint);
+  const responseEndpointUrl = new import_utils17.URL(responseEndpoint);
   return handleDirectPostJwt(responseEndpointUrl, jarmAuthorizationResponseJwt, callbacks);
 };
 async function handleDirectPostJwt(responseEndpoint, responseJwt, callbacks) {
-  const response = await (0, import_utils16.createFetcher)(callbacks.fetch)(responseEndpoint, {
+  const response = await (0, import_utils17.createFetcher)(callbacks.fetch)(responseEndpoint, {
     method: "POST",
-    headers: { "Content-Type": import_utils16.ContentType.XWwwFormUrlencoded },
+    headers: { "Content-Type": import_utils17.ContentType.XWwwFormUrlencoded },
     body: `response=${responseJwt}`
   });
   return {
@@ -1559,13 +1563,13 @@ async function submitOpenid4vpAuthorizationResponse(options) {
       "Failed to submit OpenId4Vp Authorization Response. No redirect_uri or response_uri provided."
     );
   }
-  const fetch = (0, import_utils17.createFetcher)(callbacks.fetch);
-  const encodedResponse = (0, import_utils18.objectToQueryParams)(authorizationResponsePayload);
+  const fetch = (0, import_utils18.createFetcher)(callbacks.fetch);
+  const encodedResponse = (0, import_utils19.objectToQueryParams)(authorizationResponsePayload);
   const submissionResponse = await fetch(url, {
     method: "POST",
     body: encodedResponse.toString(),
     headers: {
-      "Content-Type": import_utils17.ContentType.XWwwFormUrlencoded
+      "Content-Type": import_utils18.ContentType.XWwwFormUrlencoded
     }
   });
   return {
@@ -1578,7 +1582,7 @@ async function submitOpenid4vpAuthorizationResponse(options) {
 var import_oauth225 = require("@openid4vc/oauth2");
 
 // src/vp-token/parse-vp-token.ts
-var import_utils19 = require("@openid4vc/utils");
+var import_utils20 = require("@openid4vc/utils");
 
 // src/vp-token/z-vp-token.ts
 var import_zod16 = require("zod");
@@ -1598,17 +1602,17 @@ var zVpToken = zVpTokenDcql.or(zVpTokenPex);
 
 // src/vp-token/parse-vp-token.ts
 function parsePexVpToken(vpToken) {
-  const parsedVpToken = (0, import_utils19.parseWithErrorHandling)(
+  const parsedVpToken = (0, import_utils20.parseWithErrorHandling)(
     zVpTokenPex,
-    (0, import_utils19.parseIfJson)(vpToken),
+    (0, import_utils20.parseIfJson)(vpToken),
     "Could not parse presentation exchange vp_token. Expected a string or an array of strings"
   );
   return Array.isArray(parsedVpToken) ? parsedVpToken : [parsedVpToken];
 }
 function parseDcqlVpToken(vpToken) {
-  return (0, import_utils19.parseWithErrorHandling)(
+  return (0, import_utils20.parseWithErrorHandling)(
     zVpTokenDcql,
-    (0, import_utils19.parseIfJson)(vpToken),
+    (0, import_utils20.parseIfJson)(vpToken),
     "Could not parse dcql vp_token. Expected an object where the values are encoded presentations"
   );
 }
@@ -1661,10 +1665,10 @@ function validateOpenid4vpAuthorizationResponsePayload(options) {
 var import_oauth227 = require("@openid4vc/oauth2");
 
 // src/authorization-response/parse-authorization-response-payload.ts
-var import_utils21 = require("@openid4vc/utils");
+var import_utils22 = require("@openid4vc/utils");
 
 // src/authorization-response/z-authorization-response.ts
-var import_utils20 = require("@openid4vc/utils");
+var import_utils21 = require("@openid4vc/utils");
 var import_zod18 = require("zod");
 
 // src/models/z-pex.ts
@@ -1677,7 +1681,7 @@ var zOpenid4vpAuthorizationResponse = import_zod18.z.object({
   state: import_zod18.z.string().optional(),
   id_token: import_zod18.z.string().optional(),
   vp_token: zVpToken,
-  presentation_submission: zPexPresentationSubmission.or(import_utils20.zStringToJson).optional(),
+  presentation_submission: zPexPresentationSubmission.or(import_utils21.zStringToJson).optional(),
   refresh_token: import_zod18.z.string().optional(),
   token_type: import_zod18.z.string().optional(),
   access_token: import_zod18.z.string().optional(),
@@ -1686,7 +1690,7 @@ var zOpenid4vpAuthorizationResponse = import_zod18.z.object({
 
 // src/authorization-response/parse-authorization-response-payload.ts
 function parseOpenid4VpAuthorizationResponsePayload(payload) {
-  return (0, import_utils21.parseWithErrorHandling)(
+  return (0, import_utils22.parseWithErrorHandling)(
     zOpenid4vpAuthorizationResponse,
     payload,
     "Failed to parse openid4vp authorization response."
@@ -1695,11 +1699,11 @@ function parseOpenid4VpAuthorizationResponsePayload(payload) {
 
 // src/authorization-response/parse-jarm-authorization-response.ts
 var import_oauth226 = require("@openid4vc/oauth2");
-var import_utils22 = require("@openid4vc/utils");
+var import_utils23 = require("@openid4vc/utils");
 var import_zod19 = __toESM(require("zod"));
 async function parseJarmAuthorizationResponse(options) {
   const { jarmResponseJwt, callbacks, authorizationRequestPayload, expectedClientId } = options;
-  const jarmAuthorizationResponseJwt = (0, import_utils22.parseWithErrorHandling)(
+  const jarmAuthorizationResponseJwt = (0, import_utils23.parseWithErrorHandling)(
     import_zod19.default.union([import_oauth226.zCompactJwt, import_oauth226.zCompactJwe]),
     jarmResponseJwt,
     "Invalid jarm authorization response jwt."
@@ -1798,7 +1802,7 @@ var Openid4vpClient = class {
 
 // src/transaction-data/verify-transaction-data.ts
 var import_oauth228 = require("@openid4vc/oauth2");
-var import_utils23 = require("@openid4vc/utils");
+var import_utils24 = require("@openid4vc/utils");
 async function verifyTransactionData(options) {
   const parsedTransactionData = parseTransactionData({
     transactionData: options.transactionData
@@ -1825,7 +1829,7 @@ async function verifyTransactionDataEntry({
   );
   const hashes = {};
   for (const alg of supportedAlgs) {
-    hashes[alg] = (0, import_utils23.encodeToBase64Url)(await callbacks.hash((0, import_utils23.decodeUtf8String)(entry.encoded), alg));
+    hashes[alg] = (0, import_utils24.encodeToBase64Url)(await callbacks.hash((0, import_utils24.decodeUtf8String)(entry.encoded), alg));
   }
   for (const credentialId of entry.transactionData.credential_ids) {
     const transactionDataHashesCredential = credentials[credentialId];