@pagopa/io-react-native-wallet 3.4.2 → 3.4.3

package/lib/commonjs/credential/issuance/api/IssuerConfig.js

@@ -48,6 +48,12 @@ const CredentialConfig = _zod.z.intersection(_zod.z.discriminatedUnion("format",
 
 const IssuerConfig = _zod.z.object({
   credential_issuer: _zod.z.string(),
+  /**
+   * Authorization Servers advertised by the Credential Issuer. Present when the
+   * Issuer relies on one or more external Authorization Servers; used to validate
+   * the `authorization_server` selected by a credential offer.
+   */
+  authorization_servers: _zod.z.tuple([_zod.z.string()], _zod.z.string()).optional(),
   pushed_authorization_request_endpoint: _zod.z.string(),
   authorization_endpoint: _zod.z.string(),
   token_endpoint: _zod.z.string(),

package/lib/commonjs/credential/issuance/api/IssuerConfig.js.map

@@ -1 +1 @@
-{"version":3,"names":["_zod","require","_jwk","_types","DisplayConfig","z","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","JWK","credential_configurations_supported","federation_entity","FederationEntityMetadata","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,MAAMG,aAAa,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC7BC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGL,MAAC,CAACC,MAAM,CAAC;EAC3BK,IAAI,EAAEN,MAAC,CAACO,KAAK,CAACP,MAAC,CAACQ,KAAK,CAAC,CAACR,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEH,MAAC,CAACS,MAAM,CAAC,CAAC,EAAET,MAAC,CAACU,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMa,sBAAsB,GAAGZ,MAAC,CAACC,MAAM,CAAC;EACtCU,OAAO,EAAEX,MAAC,CAACO,KAAK,CACdP,MAAC,CAACC,MAAM,CAAC;IACPY,KAAK,EAAEb,MAAC,CAACG,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEd,MAAC,CAACG,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGf,MAAC,CAACgB,YAAY,CACrChB,MAAC,CAACiB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BjB,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEpB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DH,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAErB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFH,MAAC,CAACC,MAAM,CAAC;EACPqB,KAAK,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa,CAAC;EAC/BwB,MAAM,EAAEvB,MAAC,CAACO,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE1B,MAAC,CACzB2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEO,MAAMG,YAAY,GAAG5B,MAAC,CAACC,MAAM,CAAC;EACnC4B,iBAAiB,EAAE7B,MAAC,CAACG,MAAM,CAAC,CAAC;EAC7B2B,qCAAqC,EAAE9B,MAAC,CAACG,MAAM,CAAC,CAAC;EACjD4B,sBAAsB,EAAE/B,MAAC,CAACG,MAAM,CAAC,CAAC;EAClC6B,cAAc,EAAEhC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1B8B,cAAc,EAAEjC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1B+B,yBAAyB,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDU,mBAAmB,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC/BiC,IAAI,EAAEpC,MAAC,CAACO,KAAK,CAAC8B,QAAG,CAAC;EAClBC,mCAAmC,EAAEtC,MAAC,CAAC2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3EwB,iBAAiB,EAAEC,+BAAwB;EAC3CC,8BAA8B,EAAEzC,MAAC,CAACS,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDiB,uCAAuC,EAAE1C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEkB,wBAAwB,EAAE3C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC;AAACmB,OAAA,CAAAhB,YAAA,GAAAA,YAAA"}
+{"version":3,"names":["_zod","require","_jwk","_types","DisplayConfig","z","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","authorization_servers","tuple","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","JWK","credential_configurations_supported","federation_entity","FederationEntityMetadata","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,MAAMG,aAAa,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC7BC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGL,MAAC,CAACC,MAAM,CAAC;EAC3BK,IAAI,EAAEN,MAAC,CAACO,KAAK,CAACP,MAAC,CAACQ,KAAK,CAAC,CAACR,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEH,MAAC,CAACS,MAAM,CAAC,CAAC,EAAET,MAAC,CAACU,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMa,sBAAsB,GAAGZ,MAAC,CAACC,MAAM,CAAC;EACtCU,OAAO,EAAEX,MAAC,CAACO,KAAK,CACdP,MAAC,CAACC,MAAM,CAAC;IACPY,KAAK,EAAEb,MAAC,CAACG,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEd,MAAC,CAACG,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGf,MAAC,CAACgB,YAAY,CACrChB,MAAC,CAACiB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BjB,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEpB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DH,MAAC,CAACC,MAAM,CAAC;EAAEiB,MAAM,EAAElB,MAAC,CAACmB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAErB,MAAC,CAACG,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFH,MAAC,CAACC,MAAM,CAAC;EACPqB,KAAK,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEX,MAAC,CAACO,KAAK,CAACR,aAAa,CAAC;EAC/BwB,MAAM,EAAEvB,MAAC,CAACO,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE1B,MAAC,CACzB2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEO,MAAMG,YAAY,GAAG5B,MAAC,CAACC,MAAM,CAAC;EACnC4B,iBAAiB,EAAE7B,MAAC,CAACG,MAAM,CAAC,CAAC;EAC7B;AACF;AACA;AACA;AACA;EACE2B,qBAAqB,EAAE9B,MAAC,CAAC+B,KAAK,CAAC,CAAC/B,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,EAAEH,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACnEO,qCAAqC,EAAEhC,MAAC,CAACG,MAAM,CAAC,CAAC;EACjD8B,sBAAsB,EAAEjC,MAAC,CAACG,MAAM,CAAC,CAAC;EAClC+B,cAAc,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BgC,cAAc,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BiC,yBAAyB,EAAEpC,MAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDY,mBAAmB,EAAErC,MAAC,CAACG,MAAM,CAAC,CAAC;EAC/BmC,IAAI,EAAEtC,MAAC,CAACO,KAAK,CAACgC,QAAG,CAAC;EAClBC,mCAAmC,EAAExC,MAAC,CAAC2B,MAAM,CAAC3B,MAAC,CAACG,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3E0B,iBAAiB,EAAEC,+BAAwB;EAC3CC,8BAA8B,EAAE3C,MAAC,CAACS,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDmB,uCAAuC,EAAE5C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEoB,wBAAwB,EAAE7C,MAAC,CAACO,KAAK,CAACP,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC;AAACqB,OAAA,CAAAlB,YAAA,GAAAA,YAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js

@@ -12,6 +12,7 @@ const evaluateIssuerTrust = async function (issuerUrl) {
   const issuerMetadata = await (0, _ioWalletOid4vci.fetchMetadata)({
     config: _config.sdkConfigV1_3,
     credentialIssuerUrl: issuerUrl,
+    authorizationServer: context.authorizationServer,
     callbacks: {
       fetch: context.appFetch
     }

package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioWalletOid4vci","require","_config","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","config","sdkConfigV1_3","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAM,IAAAC,8BAAa,EAAC;IAC1CC,MAAM,EAAEC,qBAAa;IACrBC,mBAAmB,EAAET,SAAS;IAC9BU,SAAS,EAAE;MACTC,KAAK,EAAEV,OAAO,CAACW;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAE,IAAAC,0BAAiB,EAACT,cAAc;EAAE,CAAC;AAC1D,CAAC;AAACU,OAAA,CAAAhB,mBAAA,GAAAA,mBAAA"}
+{"version":3,"names":["_ioWalletOid4vci","require","_config","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","config","sdkConfigV1_3","credentialIssuerUrl","authorizationServer","callbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAM,IAAAC,8BAAa,EAAC;IAC1CC,MAAM,EAAEC,qBAAa;IACrBC,mBAAmB,EAAET,SAAS;IAC9BU,mBAAmB,EAAET,OAAO,CAACS,mBAAmB;IAChDC,SAAS,EAAE;MACTC,KAAK,EAAEX,OAAO,CAACY;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAE,IAAAC,0BAAiB,EAACV,cAAc;EAAE,CAAC;AAC1D,CAAC;AAACW,OAAA,CAAAjB,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js

@@ -16,7 +16,9 @@ const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) =>
     wiaCryptoContext,
     walletInstanceAttestation,
     redirectUri,
-    appFetch = fetch
+    appFetch = fetch,
+    scope,
+    issuerState
   } = ctx;
   const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
   if (!clientId) {
@@ -59,6 +61,11 @@ const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) =>
     authorization_details: credentialDefinition,
     codeChallengeMethodsSupported: ["S256"],
     redirectUri,
+    // When the issuance is started from a Credential Offer, the `scope` and
+    // `issuer_state` carried by the authorization_code grant are forwarded to
+    // the PAR. They are `undefined` (and thus omitted) for the regular flow.
+    scope,
+    issuerState,
     dpop: {
       signer: wiaSigner
     }

package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioWalletOauth","require","_uuid","_logging","_callbacks","_errors","_config","_startUserAuthorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","createSignJwtFromCryptoContext","parRequest","createPushedAuthorizationRequest","config","sdkConfigV1_3","callbacks","partialCallbacks","authorizationServerMetadata","require_signed_request_object","jti","uuidv4","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","createClientAttestationPopJwt","generateRandom","clientAttestation","authorizationServer","request_uri","fetchPushedAuthorizationResponse","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AAIA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,uBAAA,GAAAN,OAAA;AAEO,MAAMO,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbK,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCR,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIS,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,oBAAoB,GAAGlB,aAAa,CAACmB,GAAG,CAAEC,CAAC,IAC/C,IAAAC,kDAA0B,EAACtB,UAAU,EAAEqB,CAAC,CAC1C,CAAC;EAED,IAAInB,KAAK,CAACqB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMJ,oBAAoB,CAACK,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAExB,KAAK,CAACyB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEvB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMwB,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAM7B,gBAAgB,CAACM,YAAY,CAAC;EACjD,CAAC;EAED,MAAMwB,OAAO,GAAG,IAAAC,yCAA8B,EAAC/B,gBAAgB,CAAC;EAEhE,MAAMgC,UAAU,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IACxDC,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBP;IACF,CAAC;IACDQ,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC;IACbpC,QAAQ;IACRqC,QAAQ,EAAE9C,UAAU,CAAC+C,iBAAiB;IACtCC,qBAAqB,EAAE7B,oBAAoB;IAC3C8B,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvC3C,WAAW;IACX4C,IAAI,EAAE;MACJC,MAAM,EAAErB;IACV;EACF,CAAC,CAAC;EAEF,MAAMsB,oBAAoB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;IAC/Df,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACTc,cAAc,EAAEb,2BAAgB,CAACa,cAAc;MAC/CpB;IACF,CAAC;IACDqB,iBAAiB,EAAElD,yBAAyB;IAC5CmD,mBAAmB,EAAExD,UAAU,CAAC+C,iBAAiB;IACjDI,MAAM,EAAErB,SAAS;IACjBc,GAAG,EAAE,IAAAC,QAAM,EAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAEY;EAAY,CAAC,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IAC7DlB,SAAS,EAAE;MACThC,KAAK,EAAED;IACT,CAAC;IACDoD,kCAAkC,EAChC3D,UAAU,CAAC4D,qCAAqC;IAClDC,0BAA0B,EAAEzB,UAAU;IACtC0B,qBAAqB,EAAEV,oBAAoB;IAC3CW,iBAAiB,EAAE1D;EACrB,CAAC,CAAC;EAEF,OAAO;IACL2D,gBAAgB,EAAEP,WAAW;IAC7BhD,QAAQ;IACRwD,YAAY,EAAE7B,UAAU,CAAC8B,gBAAgB;IACzC/C;EACF,CAAC;AACH,CAAC;AAACgD,OAAA,CAAApE,sBAAA,GAAAA,sBAAA"}
+{"version":3,"names":["_ioWalletOauth","require","_uuid","_logging","_callbacks","_errors","_config","_startUserAuthorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","scope","issuerState","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","createSignJwtFromCryptoContext","parRequest","createPushedAuthorizationRequest","config","sdkConfigV1_3","callbacks","partialCallbacks","authorizationServerMetadata","require_signed_request_object","jti","uuidv4","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","createClientAttestationPopJwt","generateRandom","clientAttestation","authorizationServer","request_uri","fetchPushedAuthorizationResponse","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AAIA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,uBAAA,GAAAN,OAAA;AAEO,MAAMO,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC,KAAK;IAChBC,KAAK;IACLC;EACF,CAAC,GAAGP,GAAG;EAEP,MAAMQ,QAAQ,GAAG,MAAMP,gBAAgB,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbK,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCR,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIS,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,oBAAoB,GAAGpB,aAAa,CAACqB,GAAG,CAAEC,CAAC,IAC/C,IAAAC,kDAA0B,EAACxB,UAAU,EAAEuB,CAAC,CAC1C,CAAC;EAED,IAAIrB,KAAK,CAACuB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMJ,oBAAoB,CAACK,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAE1B,KAAK,CAAC2B,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEzB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAM0B,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAM/B,gBAAgB,CAACQ,YAAY,CAAC;EACjD,CAAC;EAED,MAAMwB,OAAO,GAAG,IAAAC,yCAA8B,EAACjC,gBAAgB,CAAC;EAEhE,MAAMkC,UAAU,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IACxDC,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBP;IACF,CAAC;IACDQ,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC;IACbpC,QAAQ;IACRqC,QAAQ,EAAEhD,UAAU,CAACiD,iBAAiB;IACtCC,qBAAqB,EAAE7B,oBAAoB;IAC3C8B,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvC7C,WAAW;IACX;IACA;IACA;IACAG,KAAK;IACLC,WAAW;IACX0C,IAAI,EAAE;MACJC,MAAM,EAAErB;IACV;EACF,CAAC,CAAC;EAEF,MAAMsB,oBAAoB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;IAC/Df,MAAM,EAAEC,qBAAa;IACrBC,SAAS,EAAE;MACTc,cAAc,EAAEb,2BAAgB,CAACa,cAAc;MAC/CpB;IACF,CAAC;IACDqB,iBAAiB,EAAEpD,yBAAyB;IAC5CqD,mBAAmB,EAAE1D,UAAU,CAACiD,iBAAiB;IACjDI,MAAM,EAAErB,SAAS;IACjBc,GAAG,EAAE,IAAAC,QAAM,EAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAEY;EAAY,CAAC,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IAC7DlB,SAAS,EAAE;MACTlC,KAAK,EAAED;IACT,CAAC;IACDsD,kCAAkC,EAChC7D,UAAU,CAAC8D,qCAAqC;IAClDC,0BAA0B,EAAEzB,UAAU;IACtC0B,qBAAqB,EAAEV,oBAAoB;IAC3CW,iBAAiB,EAAE5D;EACrB,CAAC,CAAC;EAEF,OAAO;IACL6D,gBAAgB,EAAEP,WAAW;IAC7BhD,QAAQ;IACRwD,YAAY,EAAE7B,UAAU,CAAC8B,gBAAgB;IACzC/C;EACF,CAAC;AACH,CAAC;AAACgD,OAAA,CAAAtE,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/mappers.js

@@ -28,23 +28,31 @@ const mapCredentialConfigurationsSupported = oidIssuer => Object.entries(oidIssu
   return acc;
 }, {});
 const mapToIssuerConfig = (0, _mappers.createMapper)(x => {
-  var _openid_credential_is;
+  var _x$authorization_serv, _openid_credential_is;
   const {
     oauth_authorization_server,
     openid_credential_issuer,
     openid_credential_verifier,
     federation_entity
   } = x.metadata;
-  (0, _misc.assert)(oauth_authorization_server, "oauth_authorization_server is required in Issuer metadata");
+
+  // The Issuer's own `oauth_authorization_server` always describes the Issuer
+  // itself. When a credential offer selected a *different* Authorization
+  // Server, its metadata is surfaced separately through that server's
+  // federation claims, and the Authorization Server endpoints must be taken
+  // from there. Fall back to the Issuer's own server otherwise.
+  const oauthAuthorizationServer = ((_x$authorization_serv = x.authorization_server_federation_claims) === null || _x$authorization_serv === void 0 || (_x$authorization_serv = _x$authorization_serv.metadata) === null || _x$authorization_serv === void 0 ? void 0 : _x$authorization_serv.oauth_authorization_server) ?? oauth_authorization_server;
+  (0, _misc.assert)(oauthAuthorizationServer, "oauth_authorization_server is required in Issuer metadata");
   (0, _misc.assert)(openid_credential_issuer, "openid_credential_issuer is required in Issuer metadata");
   return {
-    authorization_endpoint: oauth_authorization_server.authorization_endpoint,
+    authorization_endpoint: oauthAuthorizationServer.authorization_endpoint,
     credential_endpoint: openid_credential_issuer.credential_endpoint,
     credential_issuer: openid_credential_issuer.credential_issuer,
+    authorization_servers: openid_credential_issuer.authorization_servers,
     credential_configurations_supported: mapCredentialConfigurationsSupported(openid_credential_issuer),
-    keys: [...openid_credential_issuer.jwks.keys, ...oauth_authorization_server.jwks.keys],
-    pushed_authorization_request_endpoint: oauth_authorization_server.pushed_authorization_request_endpoint,
-    token_endpoint: oauth_authorization_server.token_endpoint,
+    keys: [...openid_credential_issuer.jwks.keys, ...oauthAuthorizationServer.jwks.keys],
+    pushed_authorization_request_endpoint: oauthAuthorizationServer.pushed_authorization_request_endpoint,
+    token_endpoint: oauthAuthorizationServer.token_endpoint,
     nonce_endpoint: openid_credential_issuer.nonce_endpoint ?? "",
     federation_entity: federation_entity ?? {},
     credential_issuance_batch_size: (_openid_credential_is = openid_credential_issuer.batch_credential_issuance) === null || _openid_credential_is === void 0 ? void 0 : _openid_credential_is.batch_size,

package/lib/commonjs/credential/issuance/v1.3.3/mappers.js.map

@@ -1 +1 @@
-{"version":3,"names":["_misc","require","_mappers","_IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","createMapper","x","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","assert","authorization_endpoint","credential_endpoint","credential_issuer","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","IssuerConfig","exports","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAGA,IAAAE,aAAA,GAAAF,OAAA;AAOA,MAAMG,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEI,MAAMe,iBAAiB,GAAG,IAAAC,qBAAY,EAI1CC,CAAC,IAAK;EAAA,IAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,GAAGL,CAAC,CAACM,QAAQ;EAEd,IAAAC,YAAM,EACJL,0BAA0B,EAC1B,2DACF,CAAC;EACD,IAAAK,YAAM,EACJJ,wBAAwB,EACxB,yDACF,CAAC;EAED,OAAO;IACLK,sBAAsB,EAAEN,0BAA0B,CAACM,sBAAsB;IACzEC,mBAAmB,EAAEN,wBAAwB,CAACM,mBAAmB;IACjEC,iBAAiB,EAAEP,wBAAwB,CAACO,iBAAiB;IAC7D7B,mCAAmC,EAAEJ,oCAAoC,CACvE0B,wBACF,CAAC;IACDQ,IAAI,EAAE,CACJ,GAAGR,wBAAwB,CAACS,IAAI,CAACD,IAAI,EACrC,GAAGT,0BAA0B,CAACU,IAAI,CAACD,IAAI,CAC/B;IACVE,qCAAqC,EACnCX,0BAA0B,CAACW,qCAAqC;IAClEC,cAAc,EAAEZ,0BAA0B,CAACY,cAAc;IACzDC,cAAc,EAAEZ,wBAAwB,CAACY,cAAc,IAAI,EAAE;IAC7DV,iBAAiB,EAAEA,iBAAiB,IAAI,CAAC,CAAC;IAC1CW,8BAA8B,GAAAf,qBAAA,GAC5BE,wBAAwB,CAACc,yBAAyB,cAAAhB,qBAAA,uBAAlDA,qBAAA,CAAoDiB,UAAU;IAChEC,uCAAuC,EACrCf,0BAA0B,aAA1BA,0BAA0B,uBAA1BA,0BAA0B,CAAEe;EAChC,CAAC;AACH,CAAC,EACD;EAAEC,YAAY,EAAEC;AAAa,CAAC,CAAC;AACjC,CAAC;AAACC,OAAA,CAAAxB,iBAAA,GAAAA,iBAAA;AAEK,MAAMyB,kBAAkB,GAAG,IAAAxB,qBAAY,EAG5CyB,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAAF,KAAA;EAAA,OAAM;IAC1B,GAAGE,OAAO;IACVC,GAAG,EAAED,OAAO,CAACC,GAAG,IAAI,EAAE;IACtBC,WAAW,EAAEH,MAAM,CAACG,WAAW;IAC/BC,GAAG,EAAEJ,MAAM,CAACI;EACd,CAAC;AAAA,CAAC,CAAC;AAACP,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}
+{"version":3,"names":["_misc","require","_mappers","_IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","createMapper","x","_x$authorization_serv","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","oauthAuthorizationServer","authorization_server_federation_claims","assert","authorization_endpoint","credential_endpoint","credential_issuer","authorization_servers","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","IssuerConfig","exports","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":";;;;;;AAEA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAGA,IAAAE,aAAA,GAAAF,OAAA;AAOA,MAAMG,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEI,MAAMe,iBAAiB,GAAG,IAAAC,qBAAY,EAI1CC,CAAC,IAAK;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,GAAGN,CAAC,CAACO,QAAQ;;EAEd;EACA;EACA;EACA;EACA;EACA,MAAMC,wBAAwB,GAC5B,EAAAP,qBAAA,GAAAD,CAAC,CAACS,sCAAsC,cAAAR,qBAAA,gBAAAA,qBAAA,GAAxCA,qBAAA,CAA0CM,QAAQ,cAAAN,qBAAA,uBAAlDA,qBAAA,CACIE,0BAA0B,KAAIA,0BAA0B;EAE9D,IAAAO,YAAM,EACJF,wBAAwB,EACxB,2DACF,CAAC;EACD,IAAAE,YAAM,EACJN,wBAAwB,EACxB,yDACF,CAAC;EAED,OAAO;IACLO,sBAAsB,EAAEH,wBAAwB,CAACG,sBAAsB;IACvEC,mBAAmB,EAAER,wBAAwB,CAACQ,mBAAmB;IACjEC,iBAAiB,EAAET,wBAAwB,CAACS,iBAAiB;IAC7DC,qBAAqB,EAAEV,wBAAwB,CAACU,qBAAqB;IACrEjC,mCAAmC,EAAEJ,oCAAoC,CACvE2B,wBACF,CAAC;IACDW,IAAI,EAAE,CACJ,GAAGX,wBAAwB,CAACY,IAAI,CAACD,IAAI,EACrC,GAAGP,wBAAwB,CAACQ,IAAI,CAACD,IAAI,CAC7B;IACVE,qCAAqC,EACnCT,wBAAwB,CAACS,qCAAqC;IAChEC,cAAc,EAAEV,wBAAwB,CAACU,cAAc;IACvDC,cAAc,EAAEf,wBAAwB,CAACe,cAAc,IAAI,EAAE;IAC7Db,iBAAiB,EAAEA,iBAAiB,IAAI,CAAC,CAAC;IAC1Cc,8BAA8B,GAAAlB,qBAAA,GAC5BE,wBAAwB,CAACiB,yBAAyB,cAAAnB,qBAAA,uBAAlDA,qBAAA,CAAoDoB,UAAU;IAChEC,uCAAuC,EACrClB,0BAA0B,aAA1BA,0BAA0B,uBAA1BA,0BAA0B,CAAEkB;EAChC,CAAC;AACH,CAAC,EACD;EAAEC,YAAY,EAAEC;AAAa,CAAC,CAAC;AACjC,CAAC;AAACC,OAAA,CAAA5B,iBAAA,GAAAA,iBAAA;AAEK,MAAM6B,kBAAkB,GAAG,IAAA5B,qBAAY,EAG5C6B,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAAF,KAAA;EAAA,OAAM;IAC1B,GAAGE,OAAO;IACVC,GAAG,EAAED,OAAO,CAACC,GAAG,IAAI,EAAE;IACtBC,WAAW,EAAEH,MAAM,CAACG,WAAW;IAC/BC,GAAG,EAAEJ,MAAM,CAACI;EACd,CAAC;AAAA,CAAC,CAAC;AAACP,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}

package/lib/commonjs/credential/offer/api/03-validate-credential-offer.js

@@ -0,0 +1,6 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+//# sourceMappingURL=03-validate-credential-offer.js.map

package/lib/commonjs/credential/offer/api/03-validate-credential-offer.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/offer/api/03-validate-credential-offer.ts"],"mappings":""}

package/lib/commonjs/credential/offer/api/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_types","require","Object","keys","forEach","key","exports","defineProperty","enumerable","get"],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":";;;;;AAOA,IAAAA,MAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,MAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,MAAA,CAAAK,GAAA;EAAAH,MAAA,CAAAK,cAAA,CAAAD,OAAA,EAAAD,GAAA;IAAAG,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAT,MAAA,CAAAK,GAAA;IAAA;EAAA;AAAA"}
+{"version":3,"names":["_types","require","Object","keys","forEach","key","exports","defineProperty","enumerable","get"],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":";;;;;AASA,IAAAA,MAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,MAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,MAAA,CAAAK,GAAA;EAAAH,MAAA,CAAAK,cAAA,CAAAD,OAAA,EAAAD,GAAA;IAAAG,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAT,MAAA,CAAAK,GAAA;IAAA;EAAA;AAAA"}

package/lib/commonjs/credential/offer/v1.0.0/index.js

@@ -11,6 +11,9 @@ const Offer = {
   },
   extractGrantDetails() {
     throw new _errors.UnimplementedFeatureError("extractGrantDetails", "1.0.0");
+  },
+  validateCredentialOffer() {
+    throw new _errors.UnimplementedFeatureError("validateCredentialOffer", "1.0.0");
   }
 };
 exports.Offer = Offer;

package/lib/commonjs/credential/offer/v1.0.0/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_errors","require","Offer","resolveCredentialOffer","UnimplementedFeatureError","extractGrantDetails","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAGO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIC,iCAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDC,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAID,iCAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE;AACF,CAAC;AAACE,OAAA,CAAAJ,KAAA,GAAAA,KAAA"}
+{"version":3,"names":["_errors","require","Offer","resolveCredentialOffer","UnimplementedFeatureError","extractGrantDetails","validateCredentialOffer","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAGO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIC,iCAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDC,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAID,iCAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE,CAAC;EACDE,uBAAuBA,CAAA,EAAG;IACxB,MAAM,IAAIF,iCAAyB,CAAC,yBAAyB,EAAE,OAAO,CAAC;EACzE;AACF,CAAC;AAACG,OAAA,CAAAL,KAAA,GAAAA,KAAA"}

package/lib/commonjs/credential/offer/v1.3.3/01-resolve-credential-offer.js

@@ -6,27 +6,22 @@ Object.defineProperty(exports, "__esModule", {
 exports.resolveCredentialOffer = void 0;
 var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
 var _errors = require("../common/errors");
+var _config = require("../../../utils/config");
 /**
  * v1.3.3 implementation — first step of the User Request Flow
  * (IT-Wallet spec, Section 12.1.2).
  *
  * Delegates to the SDK's {@link sdkResolveCredentialOffer} for URI parsing
- * and by-reference fetching, then to {@link validateCredentialOffer} for
- * IT-Wallet v1.3 structural checks:
- * - `credential_issuer` must be an HTTPS URL
- * - `grants` object is required
- * - `authorization_code` grant is required
- * - `scope` is required within `authorization_code`
+ * and by-reference fetching of the Credential Offer.
  *
  * Supported URI schemes: `openid-credential-offer://`, `haip-vci://`, `https://`.
  *
- * Cross-validation against Credential Issuer metadata (e.g. matching
- * `credential_configuration_ids` or `authorization_server`) is **not** performed
- * here; per the spec it belongs to the Issuance Flow.
+ * Structural validation and cross-validation against the Credential Issuer
+ * metadata are **not** performed here; they belong to the dedicated
+ * validate-credential-offer step of the flow.
  *
  * Resolution errors (bad scheme, missing params, network failure) are mapped
- * to {@link InvalidQRCodeError}; validation errors are mapped to
- * {@link InvalidCredentialOfferError}.
+ * to {@link InvalidQRCodeError}.
  */
 const resolveCredentialOffer = async function (credentialOffer) {
   let callbacks = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
@@ -36,6 +31,7 @@ const resolveCredentialOffer = async function (credentialOffer) {
 
   // Parse the URI and fetch the offer when transmitted by reference
   const resolved = await (0, _ioWalletOid4vci.resolveCredentialOffer)({
+    config: _config.sdkConfigV1_3,
     credentialOffer,
     callbacks: {
       fetch: fetchFn
@@ -46,16 +42,6 @@ const resolveCredentialOffer = async function (credentialOffer) {
     }
     throw e;
   });
-
-  // Structural validation (no metadata cross-checks at this stage)
-  await (0, _ioWalletOid4vci.validateCredentialOffer)({
-    credentialOffer: resolved
-  }).catch(e => {
-    if (e instanceof _ioWalletOid4vci.CredentialOfferError) {
-      throw new _errors.InvalidCredentialOfferError(e.message);
-    }
-    throw e;
-  });
   return resolved;
 };
 exports.resolveCredentialOffer = resolveCredentialOffer;

package/lib/commonjs/credential/offer/v1.3.3/01-resolve-credential-offer.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioWalletOid4vci","require","_errors","resolveCredentialOffer","credentialOffer","callbacks","arguments","length","undefined","fetch","fetchFn","resolved","sdkResolveCredentialOffer","catch","e","CredentialOfferError","InvalidQRCodeError","message","validateCredentialOffer","InvalidCredentialOfferError","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/01-resolve-credential-offer.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAKA,IAAAC,OAAA,GAAAD,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,sBAA0D,GACrE,eAAAA,CAAOC,eAAe,EAAqB;EAAA,IAAnBC,SAAS,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACpC,MAAM;IAAEG,KAAK,EAAEC,OAAO,GAAGD;EAAM,CAAC,GAAGJ,SAAS;;EAE5C;EACA,MAAMM,QAAQ,GAAG,MAAM,IAAAC,uCAAyB,EAAC;IAC/CR,eAAe;IACfC,SAAS,EAAE;MAAEI,KAAK,EAAEC;IAAQ;EAC9B,CAAC,CAAC,CAACG,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAIC,0BAAkB,CAACF,CAAC,CAACG,OAAO,CAAC;IACzC;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;;EAEF;EACA,MAAM,IAAAI,wCAAuB,EAAC;IAC5Bd,eAAe,EAAEO;EACnB,CAAC,CAAC,CAACE,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAII,mCAA2B,CAACL,CAAC,CAACG,OAAO,CAAC;IAClD;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;EAEF,OAAOH,QAAQ;AACjB,CAAC;AAACS,OAAA,CAAAjB,sBAAA,GAAAA,sBAAA"}
+{"version":3,"names":["_ioWalletOid4vci","require","_errors","_config","resolveCredentialOffer","credentialOffer","callbacks","arguments","length","undefined","fetch","fetchFn","resolved","sdkResolveCredentialOffer","config","sdkConfigV1_3","catch","e","CredentialOfferError","InvalidQRCodeError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/01-resolve-credential-offer.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAA0D,GACrE,eAAAA,CAAOC,eAAe,EAAqB;EAAA,IAAnBC,SAAS,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACpC,MAAM;IAAEG,KAAK,EAAEC,OAAO,GAAGD;EAAM,CAAC,GAAGJ,SAAS;;EAE5C;EACA,MAAMM,QAAQ,GAAG,MAAM,IAAAC,uCAAyB,EAAC;IAC/CC,MAAM,EAAEC,qBAAa;IACrBV,eAAe;IACfC,SAAS,EAAE;MAAEI,KAAK,EAAEC;IAAQ;EAC9B,CAAC,CAAC,CAACK,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAIC,0BAAkB,CAACF,CAAC,CAACG,OAAO,CAAC;IACzC;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;EAEF,OAAOL,QAAQ;AACjB,CAAC;AAACS,OAAA,CAAAjB,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/offer/v1.3.3/02-extract-grant-details.js

@@ -7,6 +7,7 @@ exports.extractGrantDetails = void 0;
 var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
 var _errors = require("../common/errors");
 var _errors2 = require("../../../utils/errors");
+var _config = require("../../../utils/config");
 /**
  * v1.3.3 implementation — second and final step of the User Request Flow
  * (IT-Wallet spec, Section 12.1.2).
@@ -20,6 +21,9 @@ var _errors2 = require("../../../utils/errors");
  * Delegates directly to the SDK's {@link sdkExtractGrantDetails} — no local
  * mapping is needed because the SDK already returns `ExtractGrantDetailsResult`.
  */
-const extractGrantDetails = offer => (0, _errors2.withMappedErrors)(() => (0, _ioWalletOid4vci.extractGrantDetails)(offer), _ioWalletOid4vci.CredentialOfferError, e => new _errors.InvalidCredentialOfferError(e.message));
+const extractGrantDetails = offer => (0, _errors2.withMappedErrors)(() => (0, _ioWalletOid4vci.extractGrantDetails)({
+  config: _config.sdkConfigV1_3,
+  credentialOffer: offer
+}), _ioWalletOid4vci.CredentialOfferError, e => new _errors.InvalidCredentialOfferError(e.message));
 exports.extractGrantDetails = extractGrantDetails;
 //# sourceMappingURL=02-extract-grant-details.js.map

package/lib/commonjs/credential/offer/v1.3.3/02-extract-grant-details.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioWalletOid4vci","require","_errors","_errors2","extractGrantDetails","offer","withMappedErrors","sdkExtractGrantDetails","CredentialOfferError","e","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/02-extract-grant-details.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,mBAAoD,GAAIC,KAAK,IACxE,IAAAC,yBAAgB,EACd,MAAM,IAAAC,oCAAsB,EAACF,KAAK,CAAC,EACnCG,qCAAoB,EACnBC,CAAC,IAAK,IAAIC,mCAA2B,CAACD,CAAC,CAACE,OAAO,CAClD,CAAC;AAACC,OAAA,CAAAR,mBAAA,GAAAA,mBAAA"}
+{"version":3,"names":["_ioWalletOid4vci","require","_errors","_errors2","_config","extractGrantDetails","offer","withMappedErrors","sdkExtractGrantDetails","config","sdkConfigV1_3","credentialOffer","CredentialOfferError","e","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/02-extract-grant-details.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,mBAAoD,GAAIC,KAAK,IACxE,IAAAC,yBAAgB,EACd,MACE,IAAAC,oCAAsB,EAAC;EACrBC,MAAM,EAAEC,qBAAa;EACrBC,eAAe,EAAEL;AACnB,CAAC,CAAC,EACJM,qCAAoB,EACnBC,CAAC,IAAK,IAAIC,mCAA2B,CAACD,CAAC,CAACE,OAAO,CAClD,CAAC;AAACC,OAAA,CAAAX,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/offer/v1.3.3/03-validate-credential-offer.js

@@ -0,0 +1,39 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.validateCredentialOffer = void 0;
+var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
+var _errors = require("../common/errors");
+var _config = require("../../../utils/config");
+/**
+ * v1.3.3 implementation — validates a resolved Credential Offer against the
+ * Credential Issuer metadata (IT-Wallet spec, Section 12.1.2).
+ *
+ * Performs the IT-Wallet v1.3 structural checks on the offer and, when the
+ * Credential Issuer relies on multiple Authorization Servers, ensures the
+ * `authorization_server` selected by the offer matches one of the advertised
+ * `authorization_servers`.
+ *
+ * Delegates to the SDK's {@link sdkValidateCredentialOffer}; validation errors
+ * are mapped to {@link InvalidCredentialOfferError}.
+ */
+const validateCredentialOffer = async _ref => {
+  let {
+    offer,
+    credentialIssuerMetadata
+  } = _ref;
+  await (0, _ioWalletOid4vci.validateCredentialOffer)({
+    config: _config.sdkConfigV1_3,
+    credentialOffer: offer,
+    credentialIssuerMetadata
+  }).catch(e => {
+    if (e instanceof _ioWalletOid4vci.CredentialOfferError) {
+      throw new _errors.InvalidCredentialOfferError(e.message);
+    }
+    throw e;
+  });
+};
+exports.validateCredentialOffer = validateCredentialOffer;
+//# sourceMappingURL=03-validate-credential-offer.js.map

package/lib/commonjs/credential/offer/v1.3.3/03-validate-credential-offer.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioWalletOid4vci","require","_errors","_config","validateCredentialOffer","_ref","offer","credentialIssuerMetadata","sdkValidateCredentialOffer","config","sdkConfigV1_3","credentialOffer","catch","e","CredentialOfferError","InvalidCredentialOfferError","message","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/03-validate-credential-offer.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,uBAA4D,GACvE,MAAAC,IAAA,IAA+C;EAAA,IAAxC;IAAEC,KAAK;IAAEC;EAAyB,CAAC,GAAAF,IAAA;EACxC,MAAM,IAAAG,wCAA0B,EAAC;IAC/BC,MAAM,EAAEC,qBAAa;IACrBC,eAAe,EAAEL,KAAK;IACtBC;EACF,CAAC,CAAC,CAACK,KAAK,CAAEC,CAAU,IAAK;IACvB,IAAIA,CAAC,YAAYC,qCAAoB,EAAE;MACrC,MAAM,IAAIC,mCAA2B,CAACF,CAAC,CAACG,OAAO,CAAC;IAClD;IACA,MAAMH,CAAC;EACT,CAAC,CAAC;AACJ,CAAC;AAACI,OAAA,CAAAb,uBAAA,GAAAA,uBAAA"}

package/lib/commonjs/credential/offer/v1.3.3/index.js

@@ -6,9 +6,11 @@ Object.defineProperty(exports, "__esModule", {
 exports.Offer = void 0;
 var _resolveCredentialOffer = require("./01-resolve-credential-offer");
 var _extractGrantDetails = require("./02-extract-grant-details");
+var _validateCredentialOffer = require("./03-validate-credential-offer");
 const Offer = {
   resolveCredentialOffer: _resolveCredentialOffer.resolveCredentialOffer,
-  extractGrantDetails: _extractGrantDetails.extractGrantDetails
+  extractGrantDetails: _extractGrantDetails.extractGrantDetails,
+  validateCredentialOffer: _validateCredentialOffer.validateCredentialOffer
 };
 exports.Offer = Offer;
 //# sourceMappingURL=index.js.map

package/lib/commonjs/credential/offer/v1.3.3/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_resolveCredentialOffer","require","_extractGrantDetails","Offer","resolveCredentialOffer","extractGrantDetails","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,uBAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AAEO,MAAME,KAAe,GAAG;EAC7BC,sBAAsB,EAAtBA,8CAAsB;EACtBC,mBAAmB,EAAnBA;AACF,CAAC;AAACC,OAAA,CAAAH,KAAA,GAAAA,KAAA"}
+{"version":3,"names":["_resolveCredentialOffer","require","_extractGrantDetails","_validateCredentialOffer","Offer","resolveCredentialOffer","extractGrantDetails","validateCredentialOffer","exports"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,uBAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AACA,IAAAE,wBAAA,GAAAF,OAAA;AAEO,MAAMG,KAAe,GAAG;EAC7BC,sBAAsB,EAAtBA,8CAAsB;EACtBC,mBAAmB,EAAnBA,wCAAmB;EACnBC,uBAAuB,EAAvBA;AACF,CAAC;AAACC,OAAA,CAAAJ,KAAA,GAAAA,KAAA"}

package/lib/module/credential/issuance/api/IssuerConfig.js

@@ -42,6 +42,12 @@ const CredentialConfig = z.intersection(z.discriminatedUnion("format", [z.object
 
 export const IssuerConfig = z.object({
   credential_issuer: z.string(),
+  /**
+   * Authorization Servers advertised by the Credential Issuer. Present when the
+   * Issuer relies on one or more external Authorization Servers; used to validate
+   * the `authorization_server` selected by a credential offer.
+   */
+  authorization_servers: z.tuple([z.string()], z.string()).optional(),
   pushed_authorization_request_endpoint: z.string(),
   authorization_endpoint: z.string(),
   token_endpoint: z.string(),

package/lib/module/credential/issuance/api/IssuerConfig.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","JWK","FederationEntityMetadata","DisplayConfig","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","credential_configurations_supported","federation_entity","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,GAAG,QAAQ,oBAAoB;AACxC,SAASC,wBAAwB,QAAQ,6BAA6B;AAEtE,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,IAAI,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGR,CAAC,CAACI,MAAM,CAAC;EAC3BK,IAAI,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACW,KAAK,CAAC,CAACX,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACY,MAAM,CAAC,CAAC,EAAEZ,CAAC,CAACa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMY,sBAAsB,GAAGf,CAAC,CAACI,MAAM,CAAC;EACtCU,OAAO,EAAEd,CAAC,CAACU,KAAK,CACdV,CAAC,CAACI,MAAM,CAAC;IACPY,KAAK,EAAEhB,CAAC,CAACM,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGlB,CAAC,CAACmB,YAAY,CACrCnB,CAAC,CAACoB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpB,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DN,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EACPqB,KAAK,EAAEzB,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa,CAAC;EAC/BuB,MAAM,EAAE1B,CAAC,CAACU,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE7B,CAAC,CACzB8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEA,OAAO,MAAMG,YAAY,GAAG/B,CAAC,CAACI,MAAM,CAAC;EACnC4B,iBAAiB,EAAEhC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC7B2B,qCAAqC,EAAEjC,CAAC,CAACM,MAAM,CAAC,CAAC;EACjD4B,sBAAsB,EAAElC,CAAC,CAACM,MAAM,CAAC,CAAC;EAClC6B,cAAc,EAAEnC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1B8B,cAAc,EAAEpC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1B+B,yBAAyB,EAAErC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDU,mBAAmB,EAAEtC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC/BiC,IAAI,EAAEvC,CAAC,CAACU,KAAK,CAACT,GAAG,CAAC;EAClBuC,mCAAmC,EAAExC,CAAC,CAAC8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3EuB,iBAAiB,EAAEvC,wBAAwB;EAC3CwC,8BAA8B,EAAE1C,CAAC,CAACY,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDe,uCAAuC,EAAE3C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEgB,wBAAwB,EAAE5C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC"}
+{"version":3,"names":["z","JWK","FederationEntityMetadata","DisplayConfig","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","authorization_servers","tuple","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","credential_configurations_supported","federation_entity","credential_issuance_batch_size","encrypted_response_enc_values_supported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,GAAG,QAAQ,oBAAoB;AACxC,SAASC,wBAAwB,QAAQ,6BAA6B;AAEtE,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,IAAI,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGR,CAAC,CAACI,MAAM,CAAC;EAC3BK,IAAI,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACW,KAAK,CAAC,CAACX,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACY,MAAM,CAAC,CAAC,EAAEZ,CAAC,CAACa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMY,sBAAsB,GAAGf,CAAC,CAACI,MAAM,CAAC;EACtCU,OAAO,EAAEd,CAAC,CAACU,KAAK,CACdV,CAAC,CAACI,MAAM,CAAC;IACPY,KAAK,EAAEhB,CAAC,CAACM,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGlB,CAAC,CAACmB,YAAY,CACrCnB,CAAC,CAACoB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpB,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DN,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EACPqB,KAAK,EAAEzB,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa,CAAC;EAC/BuB,MAAM,EAAE1B,CAAC,CAACU,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE7B,CAAC,CACzB8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAES,sBAAsB,CAAC,CAC1Ca,QAAQ,CAAC;AACd,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEA,OAAO,MAAMG,YAAY,GAAG/B,CAAC,CAACI,MAAM,CAAC;EACnC4B,iBAAiB,EAAEhC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC7B;AACF;AACA;AACA;AACA;EACE2B,qBAAqB,EAAEjC,CAAC,CAACkC,KAAK,CAAC,CAAClC,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,EAAEN,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACnEO,qCAAqC,EAAEnC,CAAC,CAACM,MAAM,CAAC,CAAC;EACjD8B,sBAAsB,EAAEpC,CAAC,CAACM,MAAM,CAAC,CAAC;EAClC+B,cAAc,EAAErC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1BgC,cAAc,EAAEtC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1BiC,yBAAyB,EAAEvC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDY,mBAAmB,EAAExC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC/BmC,IAAI,EAAEzC,CAAC,CAACU,KAAK,CAACT,GAAG,CAAC;EAClByC,mCAAmC,EAAE1C,CAAC,CAAC8B,MAAM,CAAC9B,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEY,gBAAgB,CAAC;EAC3EyB,iBAAiB,EAAEzC,wBAAwB;EAC3C0C,8BAA8B,EAAE5C,CAAC,CAACY,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrDiB,uCAAuC,EAAE7C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvE;AACF;AACA;EACEkB,wBAAwB,EAAE9C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC"}

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js

@@ -6,6 +6,7 @@ export const evaluateIssuerTrust = async function (issuerUrl) {
   const issuerMetadata = await fetchMetadata({
     config: sdkConfigV1_3,
     credentialIssuerUrl: issuerUrl,
+    authorizationServer: context.authorizationServer,
     callbacks: {
       fetch: context.appFetch
     }

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["fetchMetadata","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMT,aAAa,CAAC;IAC1CU,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,SAAS,EAAE;MACTC,KAAK,EAAER,OAAO,CAACS;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAEb,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}
+{"version":3,"names":["fetchMetadata","sdkConfigV1_3","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","config","credentialIssuerUrl","authorizationServer","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SACEA,aAAa,QAER,2BAA2B;AAClC,SAASC,aAAa,QAAQ,uBAAuB;AAErD,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAMT,aAAa,CAAC;IAC1CU,MAAM,EAAET,aAAa;IACrBU,mBAAmB,EAAEP,SAAS;IAC9BQ,mBAAmB,EAAEP,OAAO,CAACO,mBAAmB;IAChDC,SAAS,EAAE;MACTC,KAAK,EAAET,OAAO,CAACU;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAEd,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js

@@ -10,7 +10,9 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
     wiaCryptoContext,
     walletInstanceAttestation,
     redirectUri,
-    appFetch = fetch
+    appFetch = fetch,
+    scope,
+    issuerState
   } = ctx;
   const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
   if (!clientId) {
@@ -53,6 +55,11 @@ export const startUserAuthorization = async (issuerConf, credentialIds, proof, c
     authorization_details: credentialDefinition,
     codeChallengeMethodsSupported: ["S256"],
     redirectUri,
+    // When the issuance is started from a Credential Offer, the `scope` and
+    // `issuer_state` carried by the authorization_code grant are forwarded to
+    // the PAR. They are `undefined` (and thus omitted) for the regular flow.
+    scope,
+    issuerState,
     dpop: {
       signer: wiaSigner
     }

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map

@@ -1 +1 @@
-{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","v4","uuidv4","LogLevel","Logger","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","selectCredentialDefinition","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","parRequest","config","callbacks","authorizationServerMetadata","require_signed_request_object","jti","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","generateRandom","clientAttestation","authorizationServer","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,0BAA0B,QAAQ,uCAAuC;AAElF,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbhB,MAAM,CAACqB,GAAG,CACRtB,QAAQ,CAACuB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMoB,oBAAoB,GAAGf,aAAa,CAACgB,GAAG,CAAEC,CAAC,IAC/CpB,0BAA0B,CAACE,UAAU,EAAEkB,CAAC,CAC1C,CAAC;EAED,IAAIhB,KAAK,CAACiB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAEpB,KAAK,CAACqB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEnB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMoB,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAMzB,gBAAgB,CAACM,YAAY,CAAC;EACjD,CAAC;EAED,MAAMoB,OAAO,GAAGpC,8BAA8B,CAACU,gBAAgB,CAAC;EAEhE,MAAM2B,UAAU,GAAG,MAAM5C,gCAAgC,CAAC;IACxD6C,MAAM,EAAEnC,aAAa;IACrBoC,SAAS,EAAE;MACT,GAAGtC,gBAAgB;MACnBmC;IACF,CAAC;IACDI,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE7C,MAAM,CAAC,CAAC;IACbkB,QAAQ;IACR4B,QAAQ,EAAErC,UAAU,CAACsC,iBAAiB;IACtCC,qBAAqB,EAAEvB,oBAAoB;IAC3CwB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvClC,WAAW;IACXmC,IAAI,EAAE;MACJC,MAAM,EAAEhB;IACV;EACF,CAAC,CAAC;EAEF,MAAMiB,oBAAoB,GAAG,MAAMtD,6BAA6B,CAAC;IAC/D2C,MAAM,EAAEnC,aAAa;IACrBoC,SAAS,EAAE;MACTW,cAAc,EAAEjD,gBAAgB,CAACiD,cAAc;MAC/Cd;IACF,CAAC;IACDe,iBAAiB,EAAExC,yBAAyB;IAC5CyC,mBAAmB,EAAE9C,UAAU,CAACsC,iBAAiB;IACjDI,MAAM,EAAEhB,SAAS;IACjBU,GAAG,EAAE7C,MAAM,CAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAEwD;EAAY,CAAC,GAAG,MAAM3D,gCAAgC,CAAC;IAC7D6C,SAAS,EAAE;MACTzB,KAAK,EAAED;IACT,CAAC;IACDyC,kCAAkC,EAChChD,UAAU,CAACiD,qCAAqC;IAClDC,0BAA0B,EAAEnB,UAAU;IACtCoB,qBAAqB,EAAER,oBAAoB;IAC3CS,iBAAiB,EAAE/C;EACrB,CAAC,CAAC;EAEF,OAAO;IACLgD,gBAAgB,EAAEN,WAAW;IAC7BtC,QAAQ;IACR6C,YAAY,EAAEvB,UAAU,CAACwB,gBAAgB;IACzCvC;EACF,CAAC;AACH,CAAC"}
+{"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","v4","uuidv4","LogLevel","Logger","createSignJwtFromCryptoContext","partialCallbacks","IoWalletError","sdkConfigV1_3","selectCredentialDefinition","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","scope","issuerState","clientId","getPublicKey","then","_","kid","log","ERROR","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","wiaSigner","method","alg","publicJwk","signJwt","parRequest","config","callbacks","authorizationServerMetadata","require_signed_request_object","jti","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","dpop","signer","clientAttestationPoP","generateRandom","clientAttestation","authorizationServer","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SACEC,8BAA8B,EAC9BC,gBAAgB,QACX,0BAA0B;AACjC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,0BAA0B,QAAQ,uCAAuC;AAElF,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC,KAAK;IAChBC,KAAK;IACLC;EACF,CAAC,GAAGP,GAAG;EAEP,MAAMQ,QAAQ,GAAG,MAAMP,gBAAgB,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACblB,MAAM,CAACuB,GAAG,CACRxB,QAAQ,CAACyB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIf,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMsB,oBAAoB,GAAGjB,aAAa,CAACkB,GAAG,CAAEC,CAAC,IAC/CtB,0BAA0B,CAACE,UAAU,EAAEoB,CAAC,CAC1C,CAAC;EAED,IAAIlB,KAAK,CAACmB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAEtB,KAAK,CAACuB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAErB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMsB,SAAuB,GAAG;IAC9BC,MAAM,EAAE,KAAK;IACbC,GAAG,EAAE,OAAO;IACZC,SAAS,EAAE,MAAM3B,gBAAgB,CAACQ,YAAY,CAAC;EACjD,CAAC;EAED,MAAMoB,OAAO,GAAGtC,8BAA8B,CAACU,gBAAgB,CAAC;EAEhE,MAAM6B,UAAU,GAAG,MAAM9C,gCAAgC,CAAC;IACxD+C,MAAM,EAAErC,aAAa;IACrBsC,SAAS,EAAE;MACT,GAAGxC,gBAAgB;MACnBqC;IACF,CAAC;IACDI,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDC,GAAG,EAAE/C,MAAM,CAAC,CAAC;IACboB,QAAQ;IACR4B,QAAQ,EAAEvC,UAAU,CAACwC,iBAAiB;IACtCC,qBAAqB,EAAEvB,oBAAoB;IAC3CwB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvCpC,WAAW;IACX;IACA;IACA;IACAG,KAAK;IACLC,WAAW;IACXiC,IAAI,EAAE;MACJC,MAAM,EAAEhB;IACV;EACF,CAAC,CAAC;EAEF,MAAMiB,oBAAoB,GAAG,MAAMxD,6BAA6B,CAAC;IAC/D6C,MAAM,EAAErC,aAAa;IACrBsC,SAAS,EAAE;MACTW,cAAc,EAAEnD,gBAAgB,CAACmD,cAAc;MAC/Cd;IACF,CAAC;IACDe,iBAAiB,EAAE1C,yBAAyB;IAC5C2C,mBAAmB,EAAEhD,UAAU,CAACwC,iBAAiB;IACjDI,MAAM,EAAEhB,SAAS;IACjBU,GAAG,EAAE/C,MAAM,CAAC;EACd,CAAC,CAAC;EAEF,MAAM;IAAE0D;EAAY,CAAC,GAAG,MAAM7D,gCAAgC,CAAC;IAC7D+C,SAAS,EAAE;MACT3B,KAAK,EAAED;IACT,CAAC;IACD2C,kCAAkC,EAChClD,UAAU,CAACmD,qCAAqC;IAClDC,0BAA0B,EAAEnB,UAAU;IACtCoB,qBAAqB,EAAER,oBAAoB;IAC3CS,iBAAiB,EAAEjD;EACrB,CAAC,CAAC;EAEF,OAAO;IACLkD,gBAAgB,EAAEN,WAAW;IAC7BtC,QAAQ;IACR6C,YAAY,EAAEvB,UAAU,CAACwB,gBAAgB;IACzCvC;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/v1.3.3/mappers.js

@@ -22,23 +22,31 @@ const mapCredentialConfigurationsSupported = oidIssuer => Object.entries(oidIssu
   return acc;
 }, {});
 export const mapToIssuerConfig = createMapper(x => {
-  var _openid_credential_is;
+  var _x$authorization_serv, _openid_credential_is;
   const {
     oauth_authorization_server,
     openid_credential_issuer,
     openid_credential_verifier,
     federation_entity
   } = x.metadata;
-  assert(oauth_authorization_server, "oauth_authorization_server is required in Issuer metadata");
+
+  // The Issuer's own `oauth_authorization_server` always describes the Issuer
+  // itself. When a credential offer selected a *different* Authorization
+  // Server, its metadata is surfaced separately through that server's
+  // federation claims, and the Authorization Server endpoints must be taken
+  // from there. Fall back to the Issuer's own server otherwise.
+  const oauthAuthorizationServer = ((_x$authorization_serv = x.authorization_server_federation_claims) === null || _x$authorization_serv === void 0 || (_x$authorization_serv = _x$authorization_serv.metadata) === null || _x$authorization_serv === void 0 ? void 0 : _x$authorization_serv.oauth_authorization_server) ?? oauth_authorization_server;
+  assert(oauthAuthorizationServer, "oauth_authorization_server is required in Issuer metadata");
   assert(openid_credential_issuer, "openid_credential_issuer is required in Issuer metadata");
   return {
-    authorization_endpoint: oauth_authorization_server.authorization_endpoint,
+    authorization_endpoint: oauthAuthorizationServer.authorization_endpoint,
     credential_endpoint: openid_credential_issuer.credential_endpoint,
     credential_issuer: openid_credential_issuer.credential_issuer,
+    authorization_servers: openid_credential_issuer.authorization_servers,
     credential_configurations_supported: mapCredentialConfigurationsSupported(openid_credential_issuer),
-    keys: [...openid_credential_issuer.jwks.keys, ...oauth_authorization_server.jwks.keys],
-    pushed_authorization_request_endpoint: oauth_authorization_server.pushed_authorization_request_endpoint,
-    token_endpoint: oauth_authorization_server.token_endpoint,
+    keys: [...openid_credential_issuer.jwks.keys, ...oauthAuthorizationServer.jwks.keys],
+    pushed_authorization_request_endpoint: oauthAuthorizationServer.pushed_authorization_request_endpoint,
+    token_endpoint: oauthAuthorizationServer.token_endpoint,
     nonce_endpoint: openid_credential_issuer.nonce_endpoint ?? "",
     federation_entity: federation_entity ?? {},
     credential_issuance_batch_size: (_openid_credential_is = openid_credential_issuer.batch_credential_issuance) === null || _openid_credential_is === void 0 ? void 0 : _openid_credential_is.batch_size,

package/lib/module/credential/issuance/v1.3.3/mappers.js.map

@@ -1 +1 @@
-{"version":3,"names":["assert","createMapper","IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","x","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","authorization_endpoint","credential_endpoint","credential_issuer","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":"AAEA,SAASA,MAAM,QAAQ,qBAAqB;AAC5C,SAASC,YAAY,QAAQ,wBAAwB;AAGrD,SAASC,YAAY,QAAQ,qBAAqB;AAOlD,MAAMC,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEH,OAAO,MAAMe,iBAAiB,GAAGvB,YAAY,CAI1CwB,CAAC,IAAK;EAAA,IAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,GAAGL,CAAC,CAACM,QAAQ;EAEd/B,MAAM,CACJ2B,0BAA0B,EAC1B,2DACF,CAAC;EACD3B,MAAM,CACJ4B,wBAAwB,EACxB,yDACF,CAAC;EAED,OAAO;IACLI,sBAAsB,EAAEL,0BAA0B,CAACK,sBAAsB;IACzEC,mBAAmB,EAAEL,wBAAwB,CAACK,mBAAmB;IACjEC,iBAAiB,EAAEN,wBAAwB,CAACM,iBAAiB;IAC7D3B,mCAAmC,EAAEJ,oCAAoC,CACvEyB,wBACF,CAAC;IACDO,IAAI,EAAE,CACJ,GAAGP,wBAAwB,CAACQ,IAAI,CAACD,IAAI,EACrC,GAAGR,0BAA0B,CAACS,IAAI,CAACD,IAAI,CAC/B;IACVE,qCAAqC,EACnCV,0BAA0B,CAACU,qCAAqC;IAClEC,cAAc,EAAEX,0BAA0B,CAACW,cAAc;IACzDC,cAAc,EAAEX,wBAAwB,CAACW,cAAc,IAAI,EAAE;IAC7DT,iBAAiB,EAAEA,iBAAiB,IAAI,CAAC,CAAC;IAC1CU,8BAA8B,GAAAd,qBAAA,GAC5BE,wBAAwB,CAACa,yBAAyB,cAAAf,qBAAA,uBAAlDA,qBAAA,CAAoDgB,UAAU;IAChEC,uCAAuC,EACrCd,0BAA0B,aAA1BA,0BAA0B,uBAA1BA,0BAA0B,CAAEc;EAChC,CAAC;AACH,CAAC,EACD;EAAEC,YAAY,EAAE1C;AAAa,CAAC,CAAC;AACjC,CAAC;;AAED,OAAO,MAAM2C,kBAAkB,GAAG5C,YAAY,CAG5C6C,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAAF,KAAA;EAAA,OAAM;IAC1B,GAAGE,OAAO;IACVC,GAAG,EAAED,OAAO,CAACC,GAAG,IAAI,EAAE;IACtBC,WAAW,EAAEH,MAAM,CAACG,WAAW;IAC/BC,GAAG,EAAEJ,MAAM,CAACI;EACd,CAAC;AAAA,CAAC,CAAC"}
+{"version":3,"names":["assert","createMapper","IssuerConfig","mapCredentialConfigurationsSupported","oidIssuer","Object","entries","credential_configurations_supported","reduce","acc","_ref","_config$credential_me","key","config","format","vct","doctype","scope","display","credential_metadata","claims","map","claim","path","mapToIssuerConfig","x","_x$authorization_serv","_openid_credential_is","oauth_authorization_server","openid_credential_issuer","openid_credential_verifier","federation_entity","metadata","oauthAuthorizationServer","authorization_server_federation_claims","authorization_endpoint","credential_endpoint","credential_issuer","authorization_servers","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","nonce_endpoint","credential_issuance_batch_size","batch_credential_issuance","batch_size","encrypted_response_enc_values_supported","outputSchema","mapToRequestObject","_ref2","header","payload","iss","trust_chain","x5c"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/mappers.ts"],"mappings":"AAEA,SAASA,MAAM,QAAQ,qBAAqB;AAC5C,SAASC,YAAY,QAAQ,wBAAwB;AAGrD,SAASC,YAAY,QAAQ,qBAAqB;AAOlD,MAAMC,oCAAoC,GACxCC,SAA8C,IAE9CC,MAAM,CAACC,OAAO,CAACF,SAAS,CAACG,mCAAmC,CAAC,CAACC,MAAM,CAClE,CAACC,GAAG,EAAAC,IAAA,KAAoB;EAAA,IAAAC,qBAAA;EAAA,IAAlB,CAACC,GAAG,EAAEC,MAAM,CAAC,GAAAH,IAAA;EACjBD,GAAG,CAACG,GAAG,CAAC,GAAG;IACT,IAAIC,MAAM,CAACC,MAAM,KAAK,WAAW,GAC7B;MAAEA,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEC,GAAG,EAAEF,MAAM,CAACE;IAAI,CAAC,GAC1C;MAAED,MAAM,EAAED,MAAM,CAACC,MAAM;MAAEE,OAAO,EAAEH,MAAM,CAACG;IAAQ,CAAC,CAAC;IACvDC,KAAK,EAAEJ,MAAM,CAACI,KAAK;IACnBC,OAAO,EAAEL,MAAM,CAACM,mBAAmB,CAACD,OAAQ;IAC5CE,MAAM,EACJ,EAAAT,qBAAA,GAAAE,MAAM,CAACM,mBAAmB,CAACC,MAAM,cAAAT,qBAAA,uBAAjCA,qBAAA,CAAmCU,GAAG,CAAEC,KAAK,KAAM;MACjDC,IAAI,EAAED,KAAK,CAACC,IAAI;MAChBL,OAAO,EAAEI,KAAK,CAACJ,OAAO,IAAI;IAC5B,CAAC,CAAC,CAAC,KAAI;EACX,CAAC;EACD,OAAOT,GAAG;AACZ,CAAC,EACD,CAAC,CACH,CAAC;AAEH,OAAO,MAAMe,iBAAiB,GAAGvB,YAAY,CAI1CwB,CAAC,IAAK;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EACL,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC,0BAA0B;IAC1BC;EACF,CAAC,GAAGN,CAAC,CAACO,QAAQ;;EAEd;EACA;EACA;EACA;EACA;EACA,MAAMC,wBAAwB,GAC5B,EAAAP,qBAAA,GAAAD,CAAC,CAACS,sCAAsC,cAAAR,qBAAA,gBAAAA,qBAAA,GAAxCA,qBAAA,CAA0CM,QAAQ,cAAAN,qBAAA,uBAAlDA,qBAAA,CACIE,0BAA0B,KAAIA,0BAA0B;EAE9D5B,MAAM,CACJiC,wBAAwB,EACxB,2DACF,CAAC;EACDjC,MAAM,CACJ6B,wBAAwB,EACxB,yDACF,CAAC;EAED,OAAO;IACLM,sBAAsB,EAAEF,wBAAwB,CAACE,sBAAsB;IACvEC,mBAAmB,EAAEP,wBAAwB,CAACO,mBAAmB;IACjEC,iBAAiB,EAAER,wBAAwB,CAACQ,iBAAiB;IAC7DC,qBAAqB,EAAET,wBAAwB,CAACS,qBAAqB;IACrE/B,mCAAmC,EAAEJ,oCAAoC,CACvE0B,wBACF,CAAC;IACDU,IAAI,EAAE,CACJ,GAAGV,wBAAwB,CAACW,IAAI,CAACD,IAAI,EACrC,GAAGN,wBAAwB,CAACO,IAAI,CAACD,IAAI,CAC7B;IACVE,qCAAqC,EACnCR,wBAAwB,CAACQ,qCAAqC;IAChEC,cAAc,EAAET,wBAAwB,CAACS,cAAc;IACvDC,cAAc,EAAEd,wBAAwB,CAACc,cAAc,IAAI,EAAE;IAC7DZ,iBAAiB,EAAEA,iBAAiB,IAAI,CAAC,CAAC;IAC1Ca,8BAA8B,GAAAjB,qBAAA,GAC5BE,wBAAwB,CAACgB,yBAAyB,cAAAlB,qBAAA,uBAAlDA,qBAAA,CAAoDmB,UAAU;IAChEC,uCAAuC,EACrCjB,0BAA0B,aAA1BA,0BAA0B,uBAA1BA,0BAA0B,CAAEiB;EAChC,CAAC;AACH,CAAC,EACD;EAAEC,YAAY,EAAE9C;AAAa,CAAC,CAAC;AACjC,CAAC;;AAED,OAAO,MAAM+C,kBAAkB,GAAGhD,YAAY,CAG5CiD,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAAF,KAAA;EAAA,OAAM;IAC1B,GAAGE,OAAO;IACVC,GAAG,EAAED,OAAO,CAACC,GAAG,IAAI,EAAE;IACtBC,WAAW,EAAEH,MAAM,CAACG,WAAW;IAC/BC,GAAG,EAAEJ,MAAM,CAACI;EACd,CAAC;AAAA,CAAC,CAAC"}

package/lib/module/credential/offer/api/03-validate-credential-offer.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=03-validate-credential-offer.js.map

package/lib/module/credential/offer/api/03-validate-credential-offer.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/offer/api/03-validate-credential-offer.ts"],"mappings":""}

package/lib/module/credential/offer/api/index.js.map

@@ -1 +1 @@
-{"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":"AAOA,cAAc,SAAS;AAAC"}
+{"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/offer/api/index.ts"],"mappings":"AASA,cAAc,SAAS;AAAC"}

package/lib/module/credential/offer/v1.0.0/index.js

@@ -5,6 +5,9 @@ export const Offer = {
   },
   extractGrantDetails() {
     throw new UnimplementedFeatureError("extractGrantDetails", "1.0.0");
+  },
+  validateCredentialOffer() {
+    throw new UnimplementedFeatureError("validateCredentialOffer", "1.0.0");
   }
 };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/offer/v1.0.0/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["UnimplementedFeatureError","Offer","resolveCredentialOffer","extractGrantDetails"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":"AAAA,SAASA,yBAAyB,QAAQ,uBAAuB;AAGjE,OAAO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIF,yBAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDG,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAIH,yBAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE;AACF,CAAC"}
+{"version":3,"names":["UnimplementedFeatureError","Offer","resolveCredentialOffer","extractGrantDetails","validateCredentialOffer"],"sourceRoot":"../../../../../src","sources":["credential/offer/v1.0.0/index.ts"],"mappings":"AAAA,SAASA,yBAAyB,QAAQ,uBAAuB;AAGjE,OAAO,MAAMC,KAAe,GAAG;EAC7B,MAAMC,sBAAsBA,CAAA,EAAG;IAC7B,MAAM,IAAIF,yBAAyB,CAAC,wBAAwB,EAAE,OAAO,CAAC;EACxE,CAAC;EACDG,mBAAmBA,CAAA,EAAG;IACpB,MAAM,IAAIH,yBAAyB,CAAC,qBAAqB,EAAE,OAAO,CAAC;EACrE,CAAC;EACDI,uBAAuBA,CAAA,EAAG;IACxB,MAAM,IAAIJ,yBAAyB,CAAC,yBAAyB,EAAE,OAAO,CAAC;EACzE;AACF,CAAC"}