@pagopa/io-wallet-oid4vci 0.3.0

package/README.md

@@ -0,0 +1,68 @@
+## @pagopa/io-wallet-oid4vci
+
+This package provides functionalities to manage the **OpenID for Verifiable Credentials Issuance (OID4VCI)** protocol flow, specifically tailored for the Italian Wallet ecosystem. It simplifies the creation of wallet attestations required during the credential issuance process.
+
+## Installation
+
+To install the package, use your preferred package manager:
+
+```bash
+# Using pnpm
+pnpm add @pagopa/io-wallet-oid4vci
+
+# Using yarn
+yarn add @pagopa/io-wallet-oid4vci
+```
+
+## Usage
+
+### Wallet Provider
+
+```typescript
+import { ItWalletProvider } from '@pagopa/io-wallet-oid4vci';
+
+// Initialize the provider with required options
+const walletProvider = new ItWalletProvider({
+  // Openid4vciWalletProviderOptions configuration
+  // Add your specific configuration here
+});
+```
+
+### Creating a Wallet Attestation
+
+Create wallet attestations required during the OID4VCI flow:
+
+```typescript
+import { ItWalletProvider, WalletAttestationOptions } from '@pagopa/io-wallet-oid4vci';
+
+// Create wallet attestation
+const attestationOptions: WalletAttestationOptions = {
+  issuer: "https://wallet-provider.example.com",
+  dpopJwkPublic: {
+    // JWK public key for DPoP binding
+    kid: "dpop-key-id",
+    kty: "EC",
+    crv: "P-256",
+    x: "...",
+    y: "..."
+  },
+  signer: {
+    walletProviderJwkPublicKid: "wallet-provider-key-id",
+    trustChain: [
+      "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9...", // Trust anchor JWT
+      // Additional trust chain JWTs
+    ]
+  },
+  walletName: "My Italian Wallet", // Optional
+  walletLink: "https://mywalletapp.com", // Optional
+  expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000) // Optional, defaults to 60 days
+};
+
+const attestationJwt = await walletProvider.createItWalletAttestationJwt(attestationOptions);
+```
+
+The wallet attestation JWT can then be used in the OID4VCI protocol flow to prove the wallet's identity and key possession.
+
+## API Reference
+
+`ItWalletProvider`: A class that extends Openid4vciWalletProvider to provide specialized methods for the Italian Wallet ecosystem.

package/dist/index.d.mts

@@ -0,0 +1,77 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider, Openid4vciWalletProviderOptions } from '@openid4vc/openid4vci';
+
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    signer: {
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+    };
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+}
+/**
+ * @class ItWalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class ItWalletProvider extends Openid4vciWalletProvider {
+    /**
+     * @constructor
+     * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
+     */
+    constructor(options: Openid4vciWalletProviderOptions);
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+
+export { ItWalletProvider, type WalletAttestationOptions };

package/dist/index.d.ts

@@ -0,0 +1,77 @@
+import { ClientAttestationJwtPayload } from '@openid4vc/oauth2';
+import { Openid4vciWalletProvider, Openid4vciWalletProviderOptions } from '@openid4vc/openid4vci';
+
+/**
+ * @interface WalletAttestationOptions
+ * @description Defines the options required to create a wallet attestation JWT.
+ * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.
+ */
+interface WalletAttestationOptions {
+    /**
+     * The issuer of the attestation, typically the Wallet Provider's identifier.
+     * @type {string}
+     */
+    issuer: string;
+    /**
+     * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.
+     * This key is used to bind the attestation to the client's session.
+     * @type {ClientAttestationJwtPayload['cnf']}
+     */
+    dpopJwkPublic: ClientAttestationJwtPayload["cnf"]["jwk"];
+    signer: {
+        /**
+         * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.
+         * @type {string}
+         */
+        walletProviderJwkPublicKid: string;
+        /**
+         * An array of JWTs representing the chain of trust from the federation's trust anchor
+         * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.
+         * @type {[string, ...string[]]}
+         */
+        trustChain: [string, ...string[]];
+    };
+    /**
+     * An optional display name for the wallet.
+     * @type {string}
+     */
+    walletName?: string;
+    /**
+     * An optional deep link or URL that can be used to open or interact with the wallet.
+     * @type {string}
+     */
+    walletLink?: string;
+    /**
+     * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.
+     * @type {Date}
+     */
+    expiresAt?: Date;
+}
+/**
+ * @class ItWalletProvider
+ * @extends Openid4vciWalletProvider
+ * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).
+ * It handles the creation of wallet attestations required during the credential issuance flow.
+ */
+declare class ItWalletProvider extends Openid4vciWalletProvider {
+    /**
+     * @constructor
+     * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
+     */
+    constructor(options: Openid4vciWalletProviderOptions);
+    /**
+     * Creates a wallet attestation JWT.
+     *
+     * This method constructs a signed JWT that asserts the wallet's control over a specific
+     * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+     * presenting the credential offer is the legitimate wallet instance.
+     *
+     * @public
+     * @async
+     * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+     * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+     */
+    createItWalletAttestationJwt(options: WalletAttestationOptions): Promise<string>;
+}
+
+export { ItWalletProvider, type WalletAttestationOptions };

package/dist/index.js

@@ -0,0 +1,75 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ItWalletProvider: () => ItWalletProvider
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/ItWalletProvider.ts
+var import_openid4vci = require("@openid4vc/openid4vci");
+var import_utils = require("@openid4vc/utils");
+var ItWalletProvider = class extends import_openid4vci.Openid4vciWalletProvider {
+  /**
+   * @constructor
+   * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
+   */
+  constructor(options) {
+    super(options);
+  }
+  /**
+   * Creates a wallet attestation JWT.
+   *
+   * This method constructs a signed JWT that asserts the wallet's control over a specific
+   * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+   * presenting the credential offer is the legitimate wallet instance.
+   *
+   * @public
+   * @async
+   * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+   * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+   */
+  async createItWalletAttestationJwt(options) {
+    const walletAttestation = await this.createWalletAttestationJwt({
+      clientId: options.dpopJwkPublic.kid,
+      confirmation: {
+        // We use the same key for DPoP as the wallet attestation
+        jwk: options.dpopJwkPublic
+      },
+      expiresAt: options.expiresAt ?? (0, import_utils.addSecondsToDate)(/* @__PURE__ */ new Date(), 3600 * 24 * 60 * 60),
+      issuer: options.issuer,
+      signer: {
+        alg: "ES256",
+        kid: options.signer.walletProviderJwkPublicKid,
+        method: "federation",
+        // Indicates the validation method relies on a trust chain.
+        trustChain: options.signer.trustChain
+      },
+      walletLink: options.walletLink,
+      walletName: options.walletName
+    });
+    return walletAttestation;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ItWalletProvider
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/ItWalletProvider.ts"],"sourcesContent":["export * from \"./ItWalletProvider\";\n","import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport {\n  Openid4vciWalletProvider,\n  Openid4vciWalletProviderOptions,\n} from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\n/**\n * @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n */\nexport interface WalletAttestationOptions {\n  /**\n   * The issuer of the attestation, typically the Wallet Provider's identifier.\n   * @type {string}\n   */\n  issuer: string;\n  \n  /**\n   * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n   * This key is used to bind the attestation to the client's session.\n   * @type {ClientAttestationJwtPayload['cnf']}\n   */\n  dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n  signer: {\n    /**\n     * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n     * @type {string}\n     */\n    walletProviderJwkPublicKid: string;\n\n    /**\n     * An array of JWTs representing the chain of trust from the federation's trust anchor\n     * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n     * @type {[string, ...string[]]}\n     */\n    trustChain: [string, ...string[]];\n  };\n\n  /**\n   * An optional display name for the wallet.\n   * @type {string}\n   */\n  walletName?: string;\n\n  /**\n   * An optional deep link or URL that can be used to open or interact with the wallet.\n   * @type {string}\n   */\n  walletLink?: string;\n\n  /**\n   * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n   * @type {Date}\n   */\n  expiresAt?: Date;\n}\n\n/**\n * @class ItWalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n */\nexport class ItWalletProvider extends Openid4vciWalletProvider {\n  /**\n   * @constructor\n   * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.\n   */\n  constructor(options: Openid4vciWalletProviderOptions) {\n    super(options);\n  }\n\n  /**\n   * Creates a wallet attestation JWT.\n   *\n   * This method constructs a signed JWT that asserts the wallet's control over a specific\n   * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n   * presenting the credential offer is the legitimate wallet instance.\n   *\n   * @public\n   * @async\n   * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n   * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n   */\n  public async createItWalletAttestationJwt(\n    options: WalletAttestationOptions,\n  ): Promise<string> {\n    const walletAttestation = await this.createWalletAttestationJwt({\n      clientId: options.dpopJwkPublic.kid,\n      confirmation: {\n        // We use the same key for DPoP as the wallet attestation\n        jwk: options.dpopJwkPublic,\n      },\n      expiresAt:\n        options.expiresAt ?? addSecondsToDate(new Date(), 3600 * 24 * 60 * 60),\n      issuer: options.issuer,\n      signer: {\n        alg: \"ES256\",\n        kid: options.signer.walletProviderJwkPublicKid,\n        method: \"federation\", // Indicates the validation method relies on a trust chain.\n        trustChain: options.signer.trustChain,\n      },\n      walletLink: options.walletLink,\n      walletName: options.walletName,\n    });\n\n    return walletAttestation;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCA,wBAGO;AACP,mBAAiC;AA4D1B,IAAM,mBAAN,cAA+B,2CAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7D,YAAY,SAA0C;AACpD,UAAM,OAAO;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAa,6BACX,SACiB;AACjB,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,iBAAa,+BAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/index.mjs

@@ -0,0 +1,51 @@
+// src/ItWalletProvider.ts
+import {
+  Openid4vciWalletProvider
+} from "@openid4vc/openid4vci";
+import { addSecondsToDate } from "@openid4vc/utils";
+var ItWalletProvider = class extends Openid4vciWalletProvider {
+  /**
+   * @constructor
+   * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.
+   */
+  constructor(options) {
+    super(options);
+  }
+  /**
+   * Creates a wallet attestation JWT.
+   *
+   * This method constructs a signed JWT that asserts the wallet's control over a specific
+   * cryptographic key (DPoP key). This is a security measure to ensure that the entity
+   * presenting the credential offer is the legitimate wallet instance.
+   *
+   * @public
+   * @async
+   * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.
+   * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.
+   */
+  async createItWalletAttestationJwt(options) {
+    const walletAttestation = await this.createWalletAttestationJwt({
+      clientId: options.dpopJwkPublic.kid,
+      confirmation: {
+        // We use the same key for DPoP as the wallet attestation
+        jwk: options.dpopJwkPublic
+      },
+      expiresAt: options.expiresAt ?? addSecondsToDate(/* @__PURE__ */ new Date(), 3600 * 24 * 60 * 60),
+      issuer: options.issuer,
+      signer: {
+        alg: "ES256",
+        kid: options.signer.walletProviderJwkPublicKid,
+        method: "federation",
+        // Indicates the validation method relies on a trust chain.
+        trustChain: options.signer.trustChain
+      },
+      walletLink: options.walletLink,
+      walletName: options.walletName
+    });
+    return walletAttestation;
+  }
+};
+export {
+  ItWalletProvider
+};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/ItWalletProvider.ts"],"sourcesContent":["import { ClientAttestationJwtPayload } from \"@openid4vc/oauth2\";\nimport {\n  Openid4vciWalletProvider,\n  Openid4vciWalletProviderOptions,\n} from \"@openid4vc/openid4vci\";\nimport { addSecondsToDate } from \"@openid4vc/utils\";\n\n/**\n * @interface WalletAttestationOptions\n * @description Defines the options required to create a wallet attestation JWT.\n * This attestation is a signed token that proves the wallet's identity and possession of a cryptographic key.\n */\nexport interface WalletAttestationOptions {\n  /**\n   * The issuer of the attestation, typically the Wallet Provider's identifier.\n   * @type {string}\n   */\n  issuer: string;\n  \n  /**\n   * The public part of the DPoP (Demonstrating Proof-of-Possession) key in JWK (JSON Web Key) format.\n   * This key is used to bind the attestation to the client's session.\n   * @type {ClientAttestationJwtPayload['cnf']}\n   */\n  dpopJwkPublic: ClientAttestationJwtPayload[\"cnf\"][\"jwk\"];\n  signer: {\n    /**\n     * The Key ID (`kid`) of the wallet provider's public key used for signing the attestation.\n     * @type {string}\n     */\n    walletProviderJwkPublicKid: string;\n\n    /**\n     * An array of JWTs representing the chain of trust from the federation's trust anchor\n     * to the wallet provider. This is used in federated identity systems to validate the provider's authenticity.\n     * @type {[string, ...string[]]}\n     */\n    trustChain: [string, ...string[]];\n  };\n\n  /**\n   * An optional display name for the wallet.\n   * @type {string}\n   */\n  walletName?: string;\n\n  /**\n   * An optional deep link or URL that can be used to open or interact with the wallet.\n   * @type {string}\n   */\n  walletLink?: string;\n\n  /**\n   * The optional expiration date for the attestation JWT. If not provided, a default lifetime will be used.\n   * @type {Date}\n   */\n  expiresAt?: Date;\n}\n\n/**\n * @class ItWalletProvider\n * @extends Openid4vciWalletProvider\n * @description An implementation of a wallet provider for the OpenID4VCI protocol, tailored for a specific ecosystem (e.g., the Italian one).\n * It handles the creation of wallet attestations required during the credential issuance flow.\n */\nexport class ItWalletProvider extends Openid4vciWalletProvider {\n  /**\n   * @constructor\n   * @param {Openid4vciWalletProviderOptions} options - The configuration options for the provider.\n   */\n  constructor(options: Openid4vciWalletProviderOptions) {\n    super(options);\n  }\n\n  /**\n   * Creates a wallet attestation JWT.\n   *\n   * This method constructs a signed JWT that asserts the wallet's control over a specific\n   * cryptographic key (DPoP key). This is a security measure to ensure that the entity\n   * presenting the credential offer is the legitimate wallet instance.\n   *\n   * @public\n   * @async\n   * @param {WalletAttestationOptions} options - The necessary parameters to build the attestation.\n   * @returns {Promise<string>} A promise that resolves to the signed wallet attestation JWT as a string.\n   */\n  public async createItWalletAttestationJwt(\n    options: WalletAttestationOptions,\n  ): Promise<string> {\n    const walletAttestation = await this.createWalletAttestationJwt({\n      clientId: options.dpopJwkPublic.kid,\n      confirmation: {\n        // We use the same key for DPoP as the wallet attestation\n        jwk: options.dpopJwkPublic,\n      },\n      expiresAt:\n        options.expiresAt ?? addSecondsToDate(new Date(), 3600 * 24 * 60 * 60),\n      issuer: options.issuer,\n      signer: {\n        alg: \"ES256\",\n        kid: options.signer.walletProviderJwkPublicKid,\n        method: \"federation\", // Indicates the validation method relies on a trust chain.\n        trustChain: options.signer.trustChain,\n      },\n      walletLink: options.walletLink,\n      walletName: options.walletName,\n    });\n\n    return walletAttestation;\n  }\n}\n"],"mappings":";AACA;AAAA,EACE;AAAA,OAEK;AACP,SAAS,wBAAwB;AA4D1B,IAAM,mBAAN,cAA+B,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7D,YAAY,SAA0C;AACpD,UAAM,OAAO;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAa,6BACX,SACiB;AACjB,UAAM,oBAAoB,MAAM,KAAK,2BAA2B;AAAA,MAC9D,UAAU,QAAQ,cAAc;AAAA,MAChC,cAAc;AAAA;AAAA,QAEZ,KAAK,QAAQ;AAAA,MACf;AAAA,MACA,WACE,QAAQ,aAAa,iBAAiB,oBAAI,KAAK,GAAG,OAAO,KAAK,KAAK,EAAE;AAAA,MACvE,QAAQ,QAAQ;AAAA,MAChB,QAAQ;AAAA,QACN,KAAK;AAAA,QACL,KAAK,QAAQ,OAAO;AAAA,QACpB,QAAQ;AAAA;AAAA,QACR,YAAY,QAAQ,OAAO;AAAA,MAC7B;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,YAAY,QAAQ;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,EACT;AACF;","names":[]}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@pagopa/io-wallet-oid4vci",
+  "version": "0.3.0",
+  "files": [
+    "dist"
+  ],
+  "license": "Apache-2.0",
+  "exports": {
+    ".": {
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./package.json": "./package.json"
+  },
+  "homepage": "https://github.com/pagopa/io-wallet-sdk/tree/main/packages/oid4vci",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pagopa/io-wallet-sdk",
+    "directory": "packages/oid4vci"
+  },
+  "dependencies": {
+    "@openid-federation/core": "^0.2.0",
+    "@openid4vc/oauth2": "0.3.0-alpha-20250513122832",
+    "@openid4vc/openid4vci": "0.3.0-alpha-20250513122832",
+    "@openid4vc/utils": "^0.2.0",
+    "zod": "^3.24.2"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean --sourcemap",
+    "test": "vitest"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts"
+}