@openid4vc/openid4vp 0.3.0-alpha-20251107130226 → 0.3.0-alpha-20251110114129

package/dist/index.d.cts

@@ -1,28 +1,8 @@
 import * as _openid4vc_oauth20 from "@openid4vc/oauth2";
-import { CallbackContext, DecodeJwtResult, HashAlgorithm, JweEncryptor, Jwk, JwkSet, JwtPayload, JwtSigner, JwtSignerWithJwk } from "@openid4vc/oauth2";
+import { CallbackContext, CreateJarAuthorizationRequestOptions, DecodeJwtResult, HashAlgorithm, JarRequestObjectPayload, Jwk, JwkSet, JwtSigner, JwtSignerWithJwk, zJarRequestObjectPayload } from "@openid4vc/oauth2";
 import z$1, { z } from "zod";
 import { NonEmptyArray } from "@openid4vc/utils";
 
-//#region src/jar/create-jar-authorization-request.d.ts
-interface CreateJarAuthorizationRequestOptions {
-  authorizationRequestPayload: JwtPayload & {
-    client_id?: string;
-  };
-  requestUri?: string;
-  jwtSigner: JwtSigner;
-  jweEncryptor?: JweEncryptor;
-  callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
-  /**
-   * Number of seconds after which the signed authorization request will expire
-   */
-  expiresInSeconds: number;
-  /**
-   * Date that should be used as now. If not provided current date will be used.
-   */
-  now?: Date;
-  additionalJwtPayload?: Record<string, unknown>;
-}
-//#endregion
 //#region src/models/z-wallet-metadata.d.ts
 declare const zWalletMetadata: z.ZodObject<{
   presentation_definition_uri_supported: z.ZodOptional<z.ZodBoolean>;
@@ -55,8 +35,8 @@ declare const zWalletMetadata: z.ZodObject<{
     x509_san_dns: "x509_san_dns";
     x509_san_uri: "x509_san_uri";
     x509_hash: "x509_hash";
-    origin: "origin";
     https: "https";
+    origin: "origin";
     "web-origin": "web-origin";
   }>>>;
   client_id_prefixes_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<{
@@ -66,9 +46,9 @@ declare const zWalletMetadata: z.ZodObject<{
     x509_san_dns: "x509_san_dns";
     x509_san_uri: "x509_san_uri";
     x509_hash: "x509_hash";
-    origin: "origin";
     openid_federation: "openid_federation";
     decentralized_identifier: "decentralized_identifier";
+    origin: "origin";
   }>>>;
   request_object_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
   authorization_encryption_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -198,13 +178,13 @@ interface ValidateOpenid4vpAuthorizationRequestPayloadOptions {
 declare const validateOpenid4vpAuthorizationRequestPayload: (options: ValidateOpenid4vpAuthorizationRequestPayloadOptions) => void;
 //#endregion
 //#region src/jar/z-jar-authorization-request.d.ts
-declare const zJarAuthorizationRequest: z.ZodObject<{
+declare const zOpenid4vpJarAuthorizationRequest: z.ZodObject<{
   request: z.ZodOptional<z.ZodString>;
   request_uri: z.ZodOptional<z.ZodString>;
-  request_uri_method: z.ZodOptional<z.ZodString>;
   client_id: z.ZodOptional<z.ZodString>;
+  request_uri_method: z.ZodOptional<z.ZodString>;
 }, z.core.$loose>;
-type JarAuthorizationRequest = z.infer<typeof zJarAuthorizationRequest>;
+type Openid4vpJarAuthorizationRequest = z.infer<typeof zOpenid4vpJarAuthorizationRequest>;
 //#endregion
 //#region src/authorization-request/z-authorization-request-dc-api.d.ts
 declare const zOpenid4vpAuthorizationRequestDcApi: z.ZodObject<{
@@ -299,7 +279,7 @@ declare const zOpenid4vpAuthorizationRequestDcApi: z.ZodObject<{
   scope: z.ZodOptional<z.ZodNever>;
 }, z.core.$loose>;
 type Openid4vpAuthorizationRequestDcApi = z.infer<typeof zOpenid4vpAuthorizationRequestDcApi>;
-declare function isOpenid4vpAuthorizationRequestDcApi(request: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | JarAuthorizationRequest): request is Openid4vpAuthorizationRequestDcApi;
+declare function isOpenid4vpAuthorizationRequestDcApi(request: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | Openid4vpJarAuthorizationRequest): request is Openid4vpAuthorizationRequestDcApi;
 //#endregion
 //#region src/authorization-request/create-authorization-request.d.ts
 interface CreateOpenid4vpAuthorizationRequestOptions {
@@ -538,7 +518,6 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
     [x: string]: unknown;
     request?: string | undefined;
     request_uri?: string | undefined;
-    request_uri_method?: string | undefined;
     client_id?: string | undefined;
   };
   authorizationRequest: string;
@@ -547,7 +526,6 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
       [x: string]: unknown;
       request?: string | undefined;
       request_uri?: string | undefined;
-      request_uri_method?: string | undefined;
       client_id?: string | undefined;
     };
     signerJwk: {
@@ -1033,7 +1011,7 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
 interface ParsedJarRequest {
   type: 'jar';
   provided: 'uri' | 'jwt' | 'params';
-  params: JarAuthorizationRequest;
+  params: Openid4vpJarAuthorizationRequest;
 }
 interface ParsedOpenid4vpAuthorizationRequest {
   type: 'openid4vp';
@@ -1050,54 +1028,6 @@ interface ParseOpenid4vpAuthorizationRequestOptions {
 }
 declare function parseOpenid4vpAuthorizationRequest(options: ParseOpenid4vpAuthorizationRequestOptions): ParsedOpenid4vpAuthorizationRequest | ParsedJarRequest | ParsedOpenid4vpDcApiAuthorizationRequest;
 //#endregion
-//#region src/jar/jar-request-object/z-jar-request-object.d.ts
-declare const zJarRequestObjectPayload: z.ZodObject<{
-  client_id: z.ZodString;
-  iss: z.ZodOptional<z.ZodString>;
-  aud: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-  iat: z.ZodOptional<z.ZodNumber>;
-  exp: z.ZodOptional<z.ZodNumber>;
-  nbf: z.ZodOptional<z.ZodNumber>;
-  nonce: z.ZodOptional<z.ZodString>;
-  jti: z.ZodOptional<z.ZodString>;
-  sub: z.ZodOptional<z.ZodString>;
-  cnf: z.ZodOptional<z.ZodObject<{
-    jwk: z.ZodOptional<z.ZodObject<{
-      kty: z.ZodString;
-      crv: z.ZodOptional<z.ZodString>;
-      x: z.ZodOptional<z.ZodString>;
-      y: z.ZodOptional<z.ZodString>;
-      e: z.ZodOptional<z.ZodString>;
-      n: z.ZodOptional<z.ZodString>;
-      alg: z.ZodOptional<z.ZodString>;
-      d: z.ZodOptional<z.ZodString>;
-      dp: z.ZodOptional<z.ZodString>;
-      dq: z.ZodOptional<z.ZodString>;
-      ext: z.ZodOptional<z.ZodBoolean>;
-      k: z.ZodOptional<z.ZodString>;
-      key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
-      kid: z.ZodOptional<z.ZodString>;
-      oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
-        d: z.ZodOptional<z.ZodString>;
-        r: z.ZodOptional<z.ZodString>;
-        t: z.ZodOptional<z.ZodString>;
-      }, z.core.$loose>>>;
-      p: z.ZodOptional<z.ZodString>;
-      q: z.ZodOptional<z.ZodString>;
-      qi: z.ZodOptional<z.ZodString>;
-      use: z.ZodOptional<z.ZodString>;
-      x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
-      x5t: z.ZodOptional<z.ZodString>;
-      'x5t#S256': z.ZodOptional<z.ZodString>;
-      x5u: z.ZodOptional<z.ZodString>;
-    }, z.core.$loose>>;
-    jkt: z.ZodOptional<z.ZodString>;
-  }, z.core.$loose>>;
-  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-  trust_chain: z.ZodOptional<z.ZodTuple<[z.ZodString], z.ZodString>>;
-}, z.core.$loose>;
-type JarRequestObjectPayload = z.infer<typeof zJarRequestObjectPayload>;
-//#endregion
 //#region src/jar/handle-jar-request/verify-jar-request.d.ts
 interface VerifiedJarRequest {
   authorizationRequestPayload: JarRequestObjectPayload;
@@ -1190,10 +1120,10 @@ declare const zClientIdPrefix: z.ZodEnum<{
   x509_san_dns: "x509_san_dns";
   x509_san_uri: "x509_san_uri";
   x509_hash: "x509_hash";
-  origin: "origin";
   https: "https";
   openid_federation: "openid_federation";
   decentralized_identifier: "decentralized_identifier";
+  origin: "origin";
   "web-origin": "web-origin";
 }>;
 declare const zUniformClientIdPrefix: z.ZodEnum<{
@@ -1203,9 +1133,9 @@ declare const zUniformClientIdPrefix: z.ZodEnum<{
   x509_san_dns: "x509_san_dns";
   x509_san_uri: "x509_san_uri";
   x509_hash: "x509_hash";
-  origin: "origin";
   openid_federation: "openid_federation";
   decentralized_identifier: "decentralized_identifier";
+  origin: "origin";
 }>;
 type ClientIdPrefix = z.infer<typeof zClientIdPrefix>;
 type UniformClientIdPrefix = z.infer<typeof zUniformClientIdPrefix>;
@@ -1363,7 +1293,7 @@ declare function parseTransactionData(options: ParseTransactionDataOptions): Par
 //#endregion
 //#region src/authorization-request/resolve-authorization-request.d.ts
 interface ResolveOpenid4vpAuthorizationRequestOptions {
-  authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | JarAuthorizationRequest;
+  authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | Openid4vpJarAuthorizationRequest;
   wallet?: WalletVerificationOptions;
   origin?: string;
   disableOriginValidation?: boolean;
@@ -2130,7 +2060,6 @@ declare class Openid4vpVerifier {
       [x: string]: unknown;
       request?: string | undefined;
       request_uri?: string | undefined;
-      request_uri_method?: string | undefined;
       client_id?: string | undefined;
     };
     authorizationRequest: string;
@@ -2139,7 +2068,6 @@ declare class Openid4vpVerifier {
         [x: string]: unknown;
         request?: string | undefined;
         request_uri?: string | undefined;
-        request_uri_method?: string | undefined;
         client_id?: string | undefined;
       };
       signerJwk: {

package/dist/index.d.mts

@@ -1,28 +1,8 @@
 import * as _openid4vc_oauth20 from "@openid4vc/oauth2";
-import { CallbackContext, DecodeJwtResult, HashAlgorithm, JweEncryptor, Jwk, JwkSet, JwtPayload, JwtSigner, JwtSignerWithJwk } from "@openid4vc/oauth2";
+import { CallbackContext, CreateJarAuthorizationRequestOptions, DecodeJwtResult, HashAlgorithm, JarRequestObjectPayload, Jwk, JwkSet, JwtSigner, JwtSignerWithJwk, zJarRequestObjectPayload } from "@openid4vc/oauth2";
 import { NonEmptyArray } from "@openid4vc/utils";
 import z$1, { z } from "zod";
 
-//#region src/jar/create-jar-authorization-request.d.ts
-interface CreateJarAuthorizationRequestOptions {
-  authorizationRequestPayload: JwtPayload & {
-    client_id?: string;
-  };
-  requestUri?: string;
-  jwtSigner: JwtSigner;
-  jweEncryptor?: JweEncryptor;
-  callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
-  /**
-   * Number of seconds after which the signed authorization request will expire
-   */
-  expiresInSeconds: number;
-  /**
-   * Date that should be used as now. If not provided current date will be used.
-   */
-  now?: Date;
-  additionalJwtPayload?: Record<string, unknown>;
-}
-//#endregion
 //#region src/models/z-wallet-metadata.d.ts
 declare const zWalletMetadata: z.ZodObject<{
   presentation_definition_uri_supported: z.ZodOptional<z.ZodBoolean>;
@@ -55,8 +35,8 @@ declare const zWalletMetadata: z.ZodObject<{
     x509_san_dns: "x509_san_dns";
     x509_san_uri: "x509_san_uri";
     x509_hash: "x509_hash";
-    origin: "origin";
     https: "https";
+    origin: "origin";
     "web-origin": "web-origin";
   }>>>;
   client_id_prefixes_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<{
@@ -66,9 +46,9 @@ declare const zWalletMetadata: z.ZodObject<{
     x509_san_dns: "x509_san_dns";
     x509_san_uri: "x509_san_uri";
     x509_hash: "x509_hash";
-    origin: "origin";
     openid_federation: "openid_federation";
     decentralized_identifier: "decentralized_identifier";
+    origin: "origin";
   }>>>;
   request_object_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
   authorization_encryption_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -198,13 +178,13 @@ interface ValidateOpenid4vpAuthorizationRequestPayloadOptions {
 declare const validateOpenid4vpAuthorizationRequestPayload: (options: ValidateOpenid4vpAuthorizationRequestPayloadOptions) => void;
 //#endregion
 //#region src/jar/z-jar-authorization-request.d.ts
-declare const zJarAuthorizationRequest: z.ZodObject<{
+declare const zOpenid4vpJarAuthorizationRequest: z.ZodObject<{
   request: z.ZodOptional<z.ZodString>;
   request_uri: z.ZodOptional<z.ZodString>;
-  request_uri_method: z.ZodOptional<z.ZodString>;
   client_id: z.ZodOptional<z.ZodString>;
+  request_uri_method: z.ZodOptional<z.ZodString>;
 }, z.core.$loose>;
-type JarAuthorizationRequest = z.infer<typeof zJarAuthorizationRequest>;
+type Openid4vpJarAuthorizationRequest = z.infer<typeof zOpenid4vpJarAuthorizationRequest>;
 //#endregion
 //#region src/authorization-request/z-authorization-request-dc-api.d.ts
 declare const zOpenid4vpAuthorizationRequestDcApi: z.ZodObject<{
@@ -299,7 +279,7 @@ declare const zOpenid4vpAuthorizationRequestDcApi: z.ZodObject<{
   scope: z.ZodOptional<z.ZodNever>;
 }, z.core.$loose>;
 type Openid4vpAuthorizationRequestDcApi = z.infer<typeof zOpenid4vpAuthorizationRequestDcApi>;
-declare function isOpenid4vpAuthorizationRequestDcApi(request: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | JarAuthorizationRequest): request is Openid4vpAuthorizationRequestDcApi;
+declare function isOpenid4vpAuthorizationRequestDcApi(request: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | Openid4vpJarAuthorizationRequest): request is Openid4vpAuthorizationRequestDcApi;
 //#endregion
 //#region src/authorization-request/create-authorization-request.d.ts
 interface CreateOpenid4vpAuthorizationRequestOptions {
@@ -538,7 +518,6 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
     [x: string]: unknown;
     request?: string | undefined;
     request_uri?: string | undefined;
-    request_uri_method?: string | undefined;
     client_id?: string | undefined;
   };
   authorizationRequest: string;
@@ -547,7 +526,6 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
       [x: string]: unknown;
       request?: string | undefined;
       request_uri?: string | undefined;
-      request_uri_method?: string | undefined;
       client_id?: string | undefined;
     };
     signerJwk: {
@@ -1033,7 +1011,7 @@ declare function createOpenid4vpAuthorizationRequest(options: CreateOpenid4vpAut
 interface ParsedJarRequest {
   type: 'jar';
   provided: 'uri' | 'jwt' | 'params';
-  params: JarAuthorizationRequest;
+  params: Openid4vpJarAuthorizationRequest;
 }
 interface ParsedOpenid4vpAuthorizationRequest {
   type: 'openid4vp';
@@ -1050,54 +1028,6 @@ interface ParseOpenid4vpAuthorizationRequestOptions {
 }
 declare function parseOpenid4vpAuthorizationRequest(options: ParseOpenid4vpAuthorizationRequestOptions): ParsedOpenid4vpAuthorizationRequest | ParsedJarRequest | ParsedOpenid4vpDcApiAuthorizationRequest;
 //#endregion
-//#region src/jar/jar-request-object/z-jar-request-object.d.ts
-declare const zJarRequestObjectPayload: z.ZodObject<{
-  client_id: z.ZodString;
-  iss: z.ZodOptional<z.ZodString>;
-  aud: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
-  iat: z.ZodOptional<z.ZodNumber>;
-  exp: z.ZodOptional<z.ZodNumber>;
-  nbf: z.ZodOptional<z.ZodNumber>;
-  nonce: z.ZodOptional<z.ZodString>;
-  jti: z.ZodOptional<z.ZodString>;
-  sub: z.ZodOptional<z.ZodString>;
-  cnf: z.ZodOptional<z.ZodObject<{
-    jwk: z.ZodOptional<z.ZodObject<{
-      kty: z.ZodString;
-      crv: z.ZodOptional<z.ZodString>;
-      x: z.ZodOptional<z.ZodString>;
-      y: z.ZodOptional<z.ZodString>;
-      e: z.ZodOptional<z.ZodString>;
-      n: z.ZodOptional<z.ZodString>;
-      alg: z.ZodOptional<z.ZodString>;
-      d: z.ZodOptional<z.ZodString>;
-      dp: z.ZodOptional<z.ZodString>;
-      dq: z.ZodOptional<z.ZodString>;
-      ext: z.ZodOptional<z.ZodBoolean>;
-      k: z.ZodOptional<z.ZodString>;
-      key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
-      kid: z.ZodOptional<z.ZodString>;
-      oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
-        d: z.ZodOptional<z.ZodString>;
-        r: z.ZodOptional<z.ZodString>;
-        t: z.ZodOptional<z.ZodString>;
-      }, z.core.$loose>>>;
-      p: z.ZodOptional<z.ZodString>;
-      q: z.ZodOptional<z.ZodString>;
-      qi: z.ZodOptional<z.ZodString>;
-      use: z.ZodOptional<z.ZodString>;
-      x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
-      x5t: z.ZodOptional<z.ZodString>;
-      'x5t#S256': z.ZodOptional<z.ZodString>;
-      x5u: z.ZodOptional<z.ZodString>;
-    }, z.core.$loose>>;
-    jkt: z.ZodOptional<z.ZodString>;
-  }, z.core.$loose>>;
-  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-  trust_chain: z.ZodOptional<z.ZodTuple<[z.ZodString], z.ZodString>>;
-}, z.core.$loose>;
-type JarRequestObjectPayload = z.infer<typeof zJarRequestObjectPayload>;
-//#endregion
 //#region src/jar/handle-jar-request/verify-jar-request.d.ts
 interface VerifiedJarRequest {
   authorizationRequestPayload: JarRequestObjectPayload;
@@ -1190,10 +1120,10 @@ declare const zClientIdPrefix: z.ZodEnum<{
   x509_san_dns: "x509_san_dns";
   x509_san_uri: "x509_san_uri";
   x509_hash: "x509_hash";
-  origin: "origin";
   https: "https";
   openid_federation: "openid_federation";
   decentralized_identifier: "decentralized_identifier";
+  origin: "origin";
   "web-origin": "web-origin";
 }>;
 declare const zUniformClientIdPrefix: z.ZodEnum<{
@@ -1203,9 +1133,9 @@ declare const zUniformClientIdPrefix: z.ZodEnum<{
   x509_san_dns: "x509_san_dns";
   x509_san_uri: "x509_san_uri";
   x509_hash: "x509_hash";
-  origin: "origin";
   openid_federation: "openid_federation";
   decentralized_identifier: "decentralized_identifier";
+  origin: "origin";
 }>;
 type ClientIdPrefix = z.infer<typeof zClientIdPrefix>;
 type UniformClientIdPrefix = z.infer<typeof zUniformClientIdPrefix>;
@@ -1363,7 +1293,7 @@ declare function parseTransactionData(options: ParseTransactionDataOptions): Par
 //#endregion
 //#region src/authorization-request/resolve-authorization-request.d.ts
 interface ResolveOpenid4vpAuthorizationRequestOptions {
-  authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | JarAuthorizationRequest;
+  authorizationRequestPayload: Openid4vpAuthorizationRequest | Openid4vpAuthorizationRequestDcApi | Openid4vpJarAuthorizationRequest;
   wallet?: WalletVerificationOptions;
   origin?: string;
   disableOriginValidation?: boolean;
@@ -2130,7 +2060,6 @@ declare class Openid4vpVerifier {
       [x: string]: unknown;
       request?: string | undefined;
       request_uri?: string | undefined;
-      request_uri_method?: string | undefined;
       client_id?: string | undefined;
     };
     authorizationRequest: string;
@@ -2139,7 +2068,6 @@ declare class Openid4vpVerifier {
         [x: string]: unknown;
         request?: string | undefined;
         request_uri?: string | undefined;
-        request_uri_method?: string | undefined;
         client_id?: string | undefined;
       };
       signerJwk: {

package/dist/index.mjs

@@ -1,58 +1,7 @@
-import { HashAlgorithm, Oauth2Error, Oauth2ErrorCodes, Oauth2ServerErrorResponseError, decodeJwt, decodeJwtHeader, fetchJwks, jwtHeaderFromJwtSigner, jwtSignerFromJwt, verifyJwt, zAlgValueNotNone, zCompactJwe, zCompactJwt, zJwkSet, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
-import { ContentType, URL, URLSearchParams, addSecondsToDate, createFetcher, createZodFetcher, dateToSeconds, decodeBase64, decodeUtf8String, encodeToBase64Url, encodeToUtf8String, getGlobalConfig, objectToQueryParams, parseIfJson, parseWithErrorHandling, stringToJsonWithErrorHandling, zHttpsUrl, zStringToJson } from "@openid4vc/utils";
+import { HashAlgorithm, Oauth2Error, Oauth2ErrorCodes, Oauth2ServerErrorResponseError, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchJwks, jwtHeaderFromJwtSigner, jwtSignerFromJwt, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyJwt, zAlgValueNotNone, zCompactJwe, zCompactJwt, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwkSet, zJwtHeader, zJwtPayload } from "@openid4vc/oauth2";
+import { ContentType, URL, URLSearchParams, createFetcher, createZodFetcher, dateToSeconds, decodeBase64, decodeUtf8String, encodeToBase64Url, encodeToUtf8String, getGlobalConfig, objectToQueryParams, parseIfJson, parseWithErrorHandling, stringToJsonWithErrorHandling, zHttpsUrl, zStringToJson } from "@openid4vc/utils";
 import z$1, { z } from "zod";
 
-//#region src/jar/create-jar-authorization-request.ts
-/**
-* Creates a JAR (JWT Authorization Request) request object.
-*
-* @param options - The input parameters
-* @param options.authorizationRequestPayload - The authorization request parameters
-* @param options.jwtSigner - The JWT signer
-* @param options.jweEncryptor - The JWE encryptor (optional) if provided, the request object will be encrypted
-* @param options.requestUri - The request URI (optional) if provided, the request object needs to be fetched from the URI
-* @param options.callbacks - The callback context
-* @returns the requestParams, signerJwk, encryptionJwk, and requestObjectJwt
-*/
-async function createJarAuthorizationRequest(options) {
-	const { jwtSigner, jweEncryptor, authorizationRequestPayload, requestUri, callbacks } = options;
-	let authorizationRequestJwt;
-	let encryptionJwk;
-	const now = options.now ?? /* @__PURE__ */ new Date();
-	const { jwt, signerJwk } = await callbacks.signJwt(jwtSigner, {
-		header: {
-			...jwtHeaderFromJwtSigner(jwtSigner),
-			typ: "oauth-authz-req+jwt"
-		},
-		payload: {
-			iat: dateToSeconds(now),
-			exp: dateToSeconds(addSecondsToDate(now, options.expiresInSeconds)),
-			...options.additionalJwtPayload,
-			...authorizationRequestPayload
-		}
-	});
-	authorizationRequestJwt = jwt;
-	if (jweEncryptor) {
-		const encryptionResult = await callbacks.encryptJwe(jweEncryptor, authorizationRequestJwt);
-		authorizationRequestJwt = encryptionResult.jwe;
-		encryptionJwk = encryptionResult.encryptionJwk;
-	}
-	const client_id = authorizationRequestPayload.client_id;
-	return {
-		jarAuthorizationRequest: requestUri ? {
-			client_id,
-			request_uri: requestUri
-		} : {
-			client_id,
-			request: authorizationRequestJwt
-		},
-		signerJwk,
-		encryptionJwk,
-		authorizationRequestJwt
-	};
-}
-
-//#endregion
 //#region src/authorization-request/validate-authorization-request.ts
 /**
 * Validate the OpenId4Vp Authorization Request parameters
@@ -383,24 +332,7 @@ async function createOpenid4vpAuthorizationRequest(options) {
 
 //#endregion
 //#region src/jar/z-jar-authorization-request.ts
-const zJarAuthorizationRequest = z.object({
-	request: z.optional(z.string()),
-	request_uri: z.optional(zHttpsUrl),
-	request_uri_method: z.optional(z.string()),
-	client_id: z.optional(z.string())
-}).loose();
-function validateJarRequestParams(options) {
-	const { jarRequestParams } = options;
-	if (jarRequestParams.request && jarRequestParams.request_uri) throw new Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
-		error_description: "request and request_uri cannot both be present in a JAR request"
-	});
-	if (!jarRequestParams.request && !jarRequestParams.request_uri) throw new Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
-		error_description: "request or request_uri must be present"
-	});
-	return jarRequestParams;
-}
+const zOpenid4vpJarAuthorizationRequest = zJarAuthorizationRequest.extend({ request_uri_method: z.optional(z.string()) });
 function isJarAuthorizationRequest(request) {
 	return "request" in request || "request_uri" in request;
 }
@@ -421,7 +353,7 @@ function parseOpenid4vpAuthorizationRequest(options) {
 	else params = authorizationRequest;
 	const parsedRequest = parseWithErrorHandling(z$1.union([
 		zOpenid4vpAuthorizationRequest,
-		zJarAuthorizationRequest,
+		zOpenid4vpJarAuthorizationRequest,
 		zOpenid4vpAuthorizationRequestDcApi
 	]), params);
 	if (isJarAuthorizationRequest(parsedRequest)) return {
@@ -852,17 +784,8 @@ async function fetchJarRequestObject(options) {
 	return await response.text();
 }
 
-//#endregion
-//#region src/jar/jar-request-object/z-jar-request-object.ts
-const zJarRequestObjectPayload = z.object({
-	...zJwtPayload.shape,
-	client_id: z.string()
-}).loose();
-
 //#endregion
 //#region src/jar/handle-jar-request/verify-jar-request.ts
-const zSignedAuthorizationRequestJwtHeaderTyp = z$1.literal("oauth-authz-req+jwt");
-const signedAuthorizationRequestJwtHeaderTyp = zSignedAuthorizationRequestJwtHeaderTyp.value;
 /**
 * Verifies a JAR (JWT Secured Authorization Request) request by validating, decrypting, and verifying signatures.
 *
@@ -873,7 +796,10 @@ const signedAuthorizationRequestJwtHeaderTyp = zSignedAuthorizationRequestJwtHea
 */
 async function verifyJarRequest(options) {
 	const { callbacks, wallet = {} } = options;
-	const jarRequestParams = validateJarRequestParams(options);
+	const jarRequestParams = {
+		...validateJarRequestParams(options),
+		...options.jarRequestParams
+	};
 	const sendBy = jarRequestParams.request ? "value" : "reference";
 	const clientIdPrefix = jarRequestParams.client_id ? zClientIdPrefix.safeParse(jarRequestParams.client_id.split(":")[0]).data : "origin";
 	const method = jarRequestParams.request_uri_method ?? "get";
@@ -932,7 +858,7 @@ async function decryptJarRequest(options) {
 	});
 	const decryptionResult = await callbacks.decryptJwe(jwe);
 	if (!decryptionResult.decrypted) throw new Oauth2ServerErrorResponseError({
-		error: "invalid_request_object",
+		error: Oauth2ErrorCodes.InvalidRequestObject,
 		error_description: "Failed to decrypt jar request object."
 	});
 	return decryptionResult;
@@ -990,7 +916,7 @@ async function verifyJarRequestObject(options) {
 		signer: jwtSigner
 	});
 	const version = parseAuthorizationRequestVersion(jwt.payload);
-	if (jwt.header.typ !== "oauth-authz-req+jwt" && version >= 24) throw new Oauth2ServerErrorResponseError({
+	if (jwt.header.typ !== signedAuthorizationRequestJwtHeaderTyp && version >= 24) throw new Oauth2ServerErrorResponseError({
 		error: Oauth2ErrorCodes.InvalidRequestObject,
 		error_description: `Invalid Jar Request Object typ header. Expected "oauth-authz-req+jwt", received "${jwt.header.typ}".`
 	});
@@ -1035,7 +961,7 @@ async function resolveOpenid4vpAuthorizationRequest(options) {
 	const parsed = parseWithErrorHandling(z$1.union([
 		zOpenid4vpAuthorizationRequestDcApi,
 		zOpenid4vpAuthorizationRequest,
-		zJarAuthorizationRequest
+		zOpenid4vpJarAuthorizationRequest
 	]), options.authorizationRequestPayload, "Invalid authorization request. Could not parse openid4vp authorization request as openid4vp or jar auth request.");
 	let jar;
 	if (isJarAuthorizationRequest(parsed)) {
@@ -1114,7 +1040,7 @@ function validateOpenId4vpAuthorizationRequestPayload(options) {
 
 //#endregion
 //#region ../utils/src/date.ts
-function addSecondsToDate$1(date, seconds) {
+function addSecondsToDate(date, seconds) {
 	return new Date(date.getTime() + seconds * 1e3);
 }
 
@@ -1257,7 +1183,7 @@ async function createOpenid4vpAuthorizationResponse(options) {
 		additionalJwtPayload = {
 			iss: jarm.authorizationServer,
 			aud: jarm.audience,
-			exp: jarm.expiresInSeconds ?? dateToSeconds(addSecondsToDate$1(/* @__PURE__ */ new Date(), 600))
+			exp: jarm.expiresInSeconds ?? dateToSeconds(addSecondsToDate(/* @__PURE__ */ new Date(), 600))
 		};
 	}
 	const jarmResponsePayload = {