@sphereon/oid4vc-common 0.17.0 → 0.17.1-feature.esm.cjs.24

package/dist/dpop/DPoP.js

@@ -1,184 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyResourceDPoP = exports.verifyDPoP = exports.createDPoP = exports.getCreateDPoPOptions = exports.dpopTokenRequestNonceError = void 0;
-const jwt_decode_1 = require("jwt-decode");
-const u8a = __importStar(require("uint8arrays"));
-const uuid_1 = require("uuid");
-const hasher_1 = require("../hasher");
-const jwt_1 = require("./../jwt");
-exports.dpopTokenRequestNonceError = 'use_dpop_nonce';
-function getCreateDPoPOptions(createDPoPClientOpts, endPointUrl, resourceRequestOpts) {
-    const htu = endPointUrl.split('?')[0].split('#')[0];
-    return Object.assign(Object.assign({}, createDPoPClientOpts), { jwtPayloadProps: Object.assign(Object.assign(Object.assign({}, createDPoPClientOpts.jwtPayloadProps), { htu, htm: 'POST' }), (resourceRequestOpts && { accessToken: resourceRequestOpts.accessToken })) });
-}
-exports.getCreateDPoPOptions = getCreateDPoPOptions;
-function createDPoP(options) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a, _b;
-        const { createJwtCallback, jwtIssuer, jwtPayloadProps, dPoPSigningAlgValuesSupported } = options;
-        if (jwtPayloadProps.accessToken && (((_a = jwtPayloadProps.accessToken) === null || _a === void 0 ? void 0 : _a.startsWith('DPoP ')) || ((_b = jwtPayloadProps.accessToken) === null || _b === void 0 ? void 0 : _b.startsWith('Bearer ')))) {
-            throw new Error('expected access token without scheme');
-        }
-        const ath = jwtPayloadProps.accessToken ? u8a.toString((0, hasher_1.defaultHasher)(jwtPayloadProps.accessToken, 'sha256'), 'base64url') : undefined;
-        return createJwtCallback({ method: 'jwk', type: 'dpop', alg: jwtIssuer.alg, jwk: jwtIssuer.jwk, dPoPSigningAlgValuesSupported }, {
-            header: Object.assign(Object.assign({}, jwtIssuer), { typ: 'dpop+jwt', alg: jwtIssuer.alg, jwk: jwtIssuer.jwk }),
-            payload: Object.assign(Object.assign(Object.assign({}, jwtPayloadProps), { iat: (0, jwt_1.epochTime)(), jti: (0, uuid_1.v4)() }), (ath && { ath })),
-        });
-    });
-}
-exports.createDPoP = createDPoP;
-function verifyDPoP(request, options) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a, _b, _c, _d;
-        // There is not more than one DPoP HTTP request header field.
-        const dpop = request.headers['dpop'];
-        if (!dpop || typeof dpop !== 'string') {
-            throw new Error('missing or invalid dpop header. Expected compact JWT');
-        }
-        // The DPoP HTTP request header field value is a single and well-formed JWT.
-        const { header: dPoPHeader, payload: dPoPPayload } = (0, jwt_1.parseJWT)(dpop);
-        // Ensure all required header claims are present
-        if (dPoPHeader.typ !== 'dpop+jwt' || !dPoPHeader.alg || !dPoPHeader.jwk || typeof dPoPHeader.jwk !== 'object' || dPoPHeader.jwk.d) {
-            throw new Error('invalid_dpop_proof. Invalid header claims');
-        }
-        // Ensure all required payload claims are present
-        if (!dPoPPayload.htm || !dPoPPayload.htu || !dPoPPayload.iat || !dPoPPayload.jti) {
-            throw new Error('invalid_dpop_proof. Missing required claims');
-        }
-        // Validate alg is supported
-        if ((options === null || options === void 0 ? void 0 : options.acceptedAlgorithms) && !options.acceptedAlgorithms.includes(dPoPHeader.alg)) {
-            throw new Error(`invalid_dpop_proof. Invalid 'alg' claim '${dPoPHeader.alg}'. Only ${options.acceptedAlgorithms.join(', ')} are supported.`);
-        }
-        // Validate nonce if provided
-        if (((options === null || options === void 0 ? void 0 : options.expectedNonce) && !dPoPPayload.nonce) || dPoPPayload.nonce !== options.expectedNonce) {
-            throw new Error('invalid_dpop_proof. Nonce mismatch');
-        }
-        // Verify JWT signature
-        try {
-            const verificationResult = yield options.jwtVerifyCallback({
-                method: 'jwk',
-                type: 'dpop',
-                jwk: dPoPHeader.jwk,
-                alg: dPoPHeader.alg,
-            }, {
-                header: dPoPHeader,
-                payload: dPoPPayload,
-                raw: dpop,
-            });
-            if (!verificationResult) {
-                throw new Error('invalid_dpop_proof. Invalid JWT signature');
-            }
-        }
-        catch (error) {
-            throw new Error('invalid_dpop_proof. Invalid JWT signature. ' + (error instanceof Error ? error.message : 'Unknown error'));
-        }
-        // Validate htm claim
-        if (dPoPPayload.htm !== request.method) {
-            throw new Error(`invalid_dpop_proof. Invalid htm claim. Must match request method '${request.method}'`);
-        }
-        // The htu claim matches the HTTP URI value for the HTTP request in which the JWT was received, ignoring any query and fragment parts.
-        const currentUri = request.fullUrl.split('?')[0].split('#')[0];
-        if (dPoPPayload.htu !== currentUri) {
-            throw new Error('invalid_dpop_proof. Invalid htu claim');
-        }
-        // Validate nonce if provided
-        if ((options.expectedNonce && dPoPPayload.nonce !== options.expectedNonce) || (!options.expectedNonce && dPoPPayload.nonce)) {
-            throw new Error('invalid_dpop_proof. Nonce mismatch');
-        }
-        // Validate iat claim
-        const { nowSkewedPast, nowSkewedFuture } = (0, jwt_1.getNowSkewed)(options.now);
-        if (
-        // iat claim is too far in the future
-        nowSkewedPast - ((_a = options.maxIatAgeInSeconds) !== null && _a !== void 0 ? _a : 60) > dPoPPayload.iat ||
-            // iat claim is too old
-            nowSkewedFuture + ((_b = options.maxIatAgeInSeconds) !== null && _b !== void 0 ? _b : 60) < dPoPPayload.iat) {
-            // 5 minute window
-            throw new Error('invalid_dpop_proof. Invalid iat claim');
-        }
-        // If access token is present, validate ath claim
-        const authorizationHeader = request.headers.authorization;
-        if (!options.expectAccessToken && authorizationHeader) {
-            throw new Error('invalid_dpop_proof. Received an unexpected authorization header.');
-        }
-        if (options.expectAccessToken) {
-            if (!dPoPPayload.ath) {
-                throw new Error('invalid_dpop_proof. Missing expected ath claim.');
-            }
-            // validate that the DPOP proof is made for the provided access token
-            if (!authorizationHeader || typeof authorizationHeader !== 'string' || !authorizationHeader.startsWith('DPoP ')) {
-                throw new Error('invalid_dpop_proof. Invalid authorization header.');
-            }
-            const accessToken = authorizationHeader.replace('DPoP ', '');
-            const expectedAth = u8a.toString((0, hasher_1.defaultHasher)(accessToken, 'sha256'), 'base64url');
-            if (dPoPPayload.ath !== expectedAth) {
-                throw new Error('invalid_dpop_proof. Invalid ath claim');
-            }
-            // validate that the access token is signed with the same key as the DPOP proof
-            const accessTokenPayload = (0, jwt_decode_1.jwtDecode)(accessToken, { header: false });
-            if (!((_c = accessTokenPayload.cnf) === null || _c === void 0 ? void 0 : _c.jkt)) {
-                throw new Error('invalid_dpop_proof. Access token is missing the jkt claim');
-            }
-            const thumprint = yield (0, jwt_1.calculateJwkThumbprint)(dPoPHeader.jwk, 'sha256');
-            if (((_d = accessTokenPayload.cnf) === null || _d === void 0 ? void 0 : _d.jkt) !== thumprint) {
-                throw new Error('invalid_dpop_proof. JwkThumbprint mismatch');
-            }
-        }
-        // If all validations pass, return the dpop jwk
-        return dPoPHeader.jwk;
-    });
-}
-exports.verifyDPoP = verifyDPoP;
-/**
- * DPoP verifications for resource requests
- * For Bearer token compatibility jwt's must have a token_type claim
- * The access token itself must be validated before using this method
- * If the token_type is not DPoP, then the request is not a DPoP request
- * and we don't need to verify the DPoP proof
- */
-function verifyResourceDPoP(request, options) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (!request.headers.authorization || typeof request.headers.authorization !== 'string') {
-            throw new Error('Received an invalid resource request. Missing authorization header.');
-        }
-        const tokenPayload = (0, jwt_decode_1.jwtDecode)(request.headers.authorization, { header: false });
-        const tokenType = tokenPayload.token_type;
-        if (tokenType !== 'DPoP') {
-            return;
-        }
-        return verifyDPoP(request, Object.assign(Object.assign({}, options), { expectAccessToken: true }));
-    });
-}
-exports.verifyResourceDPoP = verifyResourceDPoP;
-//# sourceMappingURL=DPoP.js.map

package/dist/dpop/DPoP.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"DPoP.js","sourceRoot":"","sources":["../../lib/dpop/DPoP.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAuC;AACvC,iDAAmC;AACnC,+BAAoC;AAEpC,sCAA0C;AAE1C,kCAYkB;AAEL,QAAA,0BAA0B,GAAG,gBAAgB,CAAC;AA2B3D,SAAgB,oBAAoB,CAClC,oBAA0C,EAC1C,WAAmB,EACnB,mBAA6C;IAE7C,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,uCACK,oBAAoB,KACvB,eAAe,gDACV,oBAAoB,CAAC,eAAe,KACvC,GAAG,EACH,GAAG,EAAE,MAAM,KACR,CAAC,mBAAmB,IAAI,EAAE,WAAW,EAAE,mBAAmB,CAAC,WAAW,EAAE,CAAC,KAE9E;AACJ,CAAC;AAfD,oDAeC;AAED,SAAsB,UAAU,CAAC,OAAuB;;;QACtD,MAAM,EAAE,iBAAiB,EAAE,SAAS,EAAE,eAAe,EAAE,6BAA6B,EAAE,GAAG,OAAO,CAAC;QAEjG,IAAI,eAAe,CAAC,WAAW,IAAI,CAAC,CAAA,MAAA,eAAe,CAAC,WAAW,0CAAE,UAAU,CAAC,OAAO,CAAC,MAAI,MAAA,eAAe,CAAC,WAAW,0CAAE,UAAU,CAAC,SAAS,CAAC,CAAA,CAAC,EAAE,CAAC;YAC5I,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,GAAG,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAA,sBAAa,EAAC,eAAe,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtI,OAAO,iBAAiB,CACtB,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,6BAA6B,EAAE,EACtG;YACE,MAAM,kCAAO,SAAS,KAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,GAAE;YACjF,OAAO,gDACF,eAAe,KAClB,GAAG,EAAE,IAAA,eAAS,GAAE,EAChB,GAAG,EAAE,IAAA,SAAM,GAAE,KACV,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,CAAC,CACpB;SACF,CACF,CAAC;IACJ,CAAC;CAAA;AApBD,gCAoBC;AAaD,SAAsB,UAAU,CAC9B,OAA8G,EAC9G,OAA0B;;;QAE1B,6DAA6D;QAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,4EAA4E;QAC5E,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,IAAA,cAAQ,EAAuD,IAAI,CAAC,CAAC;QAE1H,gDAAgD;QAChD,IAAI,UAAU,CAAC,GAAG,KAAK,UAAU,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAClI,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,KAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,4CAA4C,UAAU,CAAC,GAAG,WAAW,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/I,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;YAClG,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,iBAAiB,CACxD;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;gBACZ,GAAG,EAAE,UAAU,CAAC,GAAG;gBACnB,GAAG,EAAE,UAAU,CAAC,GAAG;aACpB,EACD;gBACE,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,WAAW;gBACpB,GAAG,EAAE,IAAI;aACV,CACF,CAAC;YAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,GAAG,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;QAC9H,CAAC;QAED,qBAAqB;QACrB,IAAI,WAAW,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,qEAAqE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1G,CAAC;QAED,sIAAsI;QACtI,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,IAAI,WAAW,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,WAAW,CAAC,KAAK,KAAK,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5H,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,qBAAqB;QACrB,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,IAAA,kBAAY,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrE;QACE,qCAAqC;QACrC,aAAa,GAAG,CAAC,MAAA,OAAO,CAAC,kBAAkB,mCAAI,EAAE,CAAC,GAAG,WAAW,CAAC,GAAG;YACpE,uBAAuB;YACvB,eAAe,GAAG,CAAC,MAAA,OAAO,CAAC,kBAAkB,mCAAI,EAAE,CAAC,GAAG,WAAW,CAAC,GAAG,EACtE,CAAC;YACD,kBAAkB;YAClB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,iDAAiD;QACjD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,mBAAmB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YAED,qEAAqE;YACrE,IAAI,CAAC,mBAAmB,IAAI,OAAO,mBAAmB,KAAK,QAAQ,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChH,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC7D,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAA,sBAAa,EAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;YACpF,IAAI,WAAW,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YAED,+EAA+E;YAC/E,MAAM,kBAAkB,GAAG,IAAA,sBAAS,EAA0C,WAAW,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YAC9G,IAAI,CAAC,CAAA,MAAA,kBAAkB,CAAC,GAAG,0CAAE,GAAG,CAAA,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC/E,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACzE,IAAI,CAAA,MAAA,kBAAkB,CAAC,GAAG,0CAAE,GAAG,MAAK,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,OAAO,UAAU,CAAC,GAAG,CAAC;IACxB,CAAC;CAAA;AAxHD,gCAwHC;AAED;;;;;;GAMG;AACH,SAAsB,kBAAkB,CACtC,OAA8G,EAC9G,OAAqD;;QAErD,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,OAAO,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;QACzF,CAAC;QACD,MAAM,YAAY,GAAG,IAAA,sBAAS,EAAuC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACvH,MAAM,SAAS,GAAG,YAAY,CAAC,UAAU,CAAC;QAE1C,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,OAAO,UAAU,CAAC,OAAO,kCAAO,OAAO,KAAE,iBAAiB,EAAE,IAAI,IAAG,CAAC;IACtE,CAAC;CAAA;AAfD,gDAeC"}

package/dist/dpop/index.d.ts

@@ -1,2 +0,0 @@
-export * from './DPoP';
-//# sourceMappingURL=index.d.ts.map

package/dist/dpop/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../lib/dpop/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC"}

package/dist/dpop/index.js

@@ -1,18 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./DPoP"), exports);
-//# sourceMappingURL=index.js.map

package/dist/dpop/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/dpop/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB"}

package/dist/hasher.d.ts

@@ -1,3 +0,0 @@
-import { Hasher } from '@sphereon/ssi-types';
-export declare const defaultHasher: Hasher;
-//# sourceMappingURL=hasher.d.ts.map

package/dist/hasher.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAM7C,eAAO,MAAM,aAAa,EAAE,MAW3B,CAAC"}

package/dist/hasher.js

@@ -1,19 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultHasher = void 0;
-const sha_js_1 = __importDefault(require("sha.js"));
-const supportedAlgorithms = ['sha256', 'sha384', 'sha512'];
-const defaultHasher = (data, algorithm) => {
-    const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
-    if (!supportedAlgorithms.includes(sanitizedAlgorithm)) {
-        throw new Error(`Unsupported hashing algorithm ${algorithm}`);
-    }
-    return new Uint8Array((0, sha_js_1.default)(sanitizedAlgorithm)
-        .update(data)
-        .digest());
-};
-exports.defaultHasher = defaultHasher;
-//# sourceMappingURL=hasher.js.map

package/dist/hasher.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":";;;;;;AACA,oDAAyB;AAEzB,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAG7D,MAAM,aAAa,GAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,kBAAyC,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,IAAI,UAAU,CACnB,IAAA,gBAAG,EAAC,kBAAyC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,EAAE,CACZ,CAAC;AACJ,CAAC,CAAC;AAXW,QAAA,aAAa,iBAWxB"}

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C,eAAO,MAAM,WAAW,SAAkB,CAAC;AAC3C,eAAO,MAAM,cAAc,sDAA6C,CAAC;AAEzE,cAAc,OAAO,CAAC;AACtB,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}

package/dist/jwt/Jwk.types.d.ts

@@ -1,36 +0,0 @@
-export interface BaseJWK {
-    kty?: string;
-    crv?: string;
-    x?: string;
-    y?: string;
-    e?: string;
-    n?: string;
-}
-export interface JWK extends BaseJWK {
-    alg?: string;
-    d?: string;
-    dp?: string;
-    dq?: string;
-    ext?: boolean;
-    k?: string;
-    key_ops?: string[];
-    kid?: string;
-    oth?: Array<{
-        d?: string;
-        r?: string;
-        t?: string;
-    }>;
-    p?: string;
-    q?: string;
-    qi?: string;
-    use?: string;
-    x5c?: string[];
-    x5t?: string;
-    'x5t#S256'?: string;
-    x5u?: string;
-    [propName: string]: unknown;
-}
-export type JWKS = {
-    keys: JWK[];
-};
-//# sourceMappingURL=Jwk.types.d.ts.map

package/dist/jwt/Jwk.types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Jwk.types.d.ts","sourceRoot":"","sources":["../../lib/jwt/Jwk.types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,OAAO;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,GAAI,SAAQ,OAAO;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,KAAK,CAAC;QACV,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,CAAC,CAAC,EAAE,MAAM,CAAC;QACX,CAAC,CAAC,EAAE,MAAM,CAAC;KACZ,CAAC,CAAC;IACH,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;CAC7B;AAED,MAAM,MAAM,IAAI,GAAG;IACjB,IAAI,EAAE,GAAG,EAAE,CAAC;CACb,CAAC"}

package/dist/jwt/Jwk.types.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=Jwk.types.js.map

package/dist/jwt/Jwk.types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Jwk.types.js","sourceRoot":"","sources":["../../lib/jwt/Jwk.types.ts"],"names":[],"mappings":""}

package/dist/jwt/JwkThumbprint.d.ts

@@ -1,6 +0,0 @@
-import { DigestAlgorithm } from '../types';
-import { JWK } from '.';
-export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: DigestAlgorithm): Promise<string>;
-export declare function getDigestAlgorithmFromJwkThumbprintUri(uri: string): Promise<DigestAlgorithm>;
-export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: DigestAlgorithm): Promise<string>;
-//# sourceMappingURL=JwkThumbprint.d.ts.map

package/dist/jwt/JwkThumbprint.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwkThumbprint.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwkThumbprint.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC;AAQxB,wBAAsB,sBAAsB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAkCzG;AAED,wBAAsB,sCAAsC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAUlG;AAED,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,GAAE,eAA0B,GAAG,OAAO,CAAC,MAAM,CAAC,CAGtH"}

package/dist/jwt/JwkThumbprint.js

@@ -1,102 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.calculateJwkThumbprintUri = exports.getDigestAlgorithmFromJwkThumbprintUri = exports.calculateJwkThumbprint = void 0;
-const u8a = __importStar(require("uint8arrays"));
-const hasher_1 = require("../hasher");
-const check = (value, description) => {
-    if (typeof value !== 'string' || !value) {
-        throw Error(`${description} missing or invalid`);
-    }
-};
-function calculateJwkThumbprint(jwk, digestAlgorithm) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (!jwk || typeof jwk !== 'object') {
-            throw new TypeError('JWK must be an object');
-        }
-        const algorithm = digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : 'sha256';
-        if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') {
-            throw new TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"');
-        }
-        let components;
-        switch (jwk.kty) {
-            case 'EC':
-                check(jwk.crv, '"crv" (Curve) Parameter');
-                check(jwk.x, '"x" (X Coordinate) Parameter');
-                check(jwk.y, '"y" (Y Coordinate) Parameter');
-                components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };
-                break;
-            case 'OKP':
-                check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter');
-                check(jwk.x, '"x" (Public Key) Parameter');
-                components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };
-                break;
-            case 'RSA':
-                check(jwk.e, '"e" (Exponent) Parameter');
-                check(jwk.n, '"n" (Modulus) Parameter');
-                components = { e: jwk.e, kty: jwk.kty, n: jwk.n };
-                break;
-            case 'oct':
-                check(jwk.k, '"k" (Key Value) Parameter');
-                components = { k: jwk.k, kty: jwk.kty };
-                break;
-            default:
-                throw Error('"kty" (Key Type) Parameter missing or unsupported');
-        }
-        return u8a.toString((0, hasher_1.defaultHasher)(JSON.stringify(components), algorithm), 'base64url');
-    });
-}
-exports.calculateJwkThumbprint = calculateJwkThumbprint;
-function getDigestAlgorithmFromJwkThumbprintUri(uri) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const match = uri.match(/^urn:ietf:params:oauth:jwk-thumbprint:sha-(\w+):/);
-        if (!match) {
-            throw new Error(`Invalid JWK thumbprint URI structure ${uri}`);
-        }
-        const algorithm = `sha${match[1]}`;
-        if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') {
-            throw new Error(`Invalid JWK thumbprint URI digest algorithm ${uri}`);
-        }
-        return algorithm;
-    });
-}
-exports.getDigestAlgorithmFromJwkThumbprintUri = getDigestAlgorithmFromJwkThumbprintUri;
-function calculateJwkThumbprintUri(jwk_1) {
-    return __awaiter(this, arguments, void 0, function* (jwk, digestAlgorithm = 'sha256') {
-        const thumbprint = yield calculateJwkThumbprint(jwk, digestAlgorithm);
-        return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`;
-    });
-}
-exports.calculateJwkThumbprintUri = calculateJwkThumbprintUri;
-//# sourceMappingURL=JwkThumbprint.js.map

package/dist/jwt/JwkThumbprint.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwkThumbprint.js","sourceRoot":"","sources":["../../lib/jwt/JwkThumbprint.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,sCAA0C;AAK1C,MAAM,KAAK,GAAG,CAAC,KAAc,EAAE,WAAmB,EAAE,EAAE;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,KAAK,CAAC,GAAG,WAAW,qBAAqB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC,CAAC;AAEF,SAAsB,sBAAsB,CAAC,GAAQ,EAAE,eAAiC;;QACtF,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,SAAS,GAAG,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,QAAQ,CAAC;QAC9C,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC/E,MAAM,IAAI,SAAS,CAAC,6DAA6D,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,UAAU,CAAC;QACf,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI;gBACP,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC1C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChE,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAC;gBACxD,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC;gBAC3C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBACtD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;gBACxC,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAClD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;gBAC1C,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;gBACxC,MAAM;YACR;gBACE,MAAM,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,EAAE,WAAW,CAAC,CAAC;IACzF,CAAC;CAAA;AAlCD,wDAkCC;AAED,SAAsB,sCAAsC,CAAC,GAAW;;QACtE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAC5E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,EAAqB,CAAC;QACtD,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,+CAA+C,GAAG,EAAE,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CAAA;AAVD,wFAUC;AAED,SAAsB,yBAAyB;yDAAC,GAAQ,EAAE,kBAAmC,QAAQ;QACnG,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACtE,OAAO,4CAA4C,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;IAC/F,CAAC;CAAA;AAHD,8DAGC"}

package/dist/jwt/Jwt.types.d.ts

@@ -1,23 +0,0 @@
-import { JwtHeader as jwtDecodeJwtHeader, JwtPayload as jwtDecodePayload } from 'jwt-decode';
-import { JWK } from '.';
-export type JwtHeader = jwtDecodeJwtHeader & {
-    alg?: string;
-    x5c?: string[];
-    kid?: string;
-    jwk?: JWK;
-    jwt?: string;
-} & Record<string, unknown>;
-export type JwtPayload = jwtDecodePayload & {
-    client_id?: string;
-    nonce?: string;
-    request_uri?: string;
-    client_id_scheme?: string;
-} & Record<string, unknown>;
-export declare enum SigningAlgo {
-    EDDSA = "EdDSA",
-    RS256 = "RS256",
-    PS256 = "PS256",
-    ES256 = "ES256",
-    ES256K = "ES256K"
-}
-//# sourceMappingURL=Jwt.types.d.ts.map

package/dist/jwt/Jwt.types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Jwt.types.d.ts","sourceRoot":"","sources":["../../lib/jwt/Jwt.types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,IAAI,kBAAkB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE7F,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC;AAExB,MAAM,MAAM,SAAS,GAAG,kBAAkB,GAAG;IAC3C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,GAAG,CAAC;IACV,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE5B,MAAM,MAAM,UAAU,GAAG,gBAAgB,GAAG;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE5B,oBAAY,WAAW;IACrB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;IACf,MAAM,WAAW;CAClB"}

package/dist/jwt/Jwt.types.js

@@ -1,12 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SigningAlgo = void 0;
-var SigningAlgo;
-(function (SigningAlgo) {
-    SigningAlgo["EDDSA"] = "EdDSA";
-    SigningAlgo["RS256"] = "RS256";
-    SigningAlgo["PS256"] = "PS256";
-    SigningAlgo["ES256"] = "ES256";
-    SigningAlgo["ES256K"] = "ES256K";
-})(SigningAlgo || (exports.SigningAlgo = SigningAlgo = {}));
-//# sourceMappingURL=Jwt.types.js.map

package/dist/jwt/Jwt.types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Jwt.types.js","sourceRoot":"","sources":["../../lib/jwt/Jwt.types.ts"],"names":[],"mappings":";;;AAmBA,IAAY,WAMX;AAND,WAAY,WAAW;IACrB,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,gCAAiB,CAAA;AACnB,CAAC,EANW,WAAW,2BAAX,WAAW,QAMtB"}

package/dist/jwt/JwtIssuer.d.ts

@@ -1,51 +0,0 @@
-import { JWK, JwtHeader, JwtPayload, JwtProtectionMethod, SigningAlgo } from '..';
-export interface JwtIssuerBase {
-    method: JwtProtectionMethod;
-    /**
-     * Additional options for the issuance context
-     */
-    options?: Record<string, unknown>;
-}
-export interface JwtIssuerDid extends JwtIssuerBase {
-    method: 'did';
-    didUrl: string;
-    alg: SigningAlgo | string;
-}
-export interface JwtIssuerX5c extends JwtIssuerBase {
-    method: 'x5c';
-    alg: SigningAlgo | string;
-    /**
-     *
-     * Array of base64-encoded certificate strings in the DER-format.
-     *
-     * The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate.
-     */
-    x5c: Array<string>;
-    /**
-     * The issuer jwt
-     *
-     * This value will be used as the iss value of the issue jwt.
-     * It is also used as the client_id.
-     * And will also be set as the redirect_uri
-     *
-     * It must match an entry in the x5c certificate leaf entry dnsName / uriName
-     */
-    issuer: string;
-}
-export interface JwtIssuerJwk extends JwtIssuerBase {
-    method: 'jwk';
-    alg: SigningAlgo | string;
-    jwk: JWK;
-}
-export interface JwtIssuerCustom extends JwtIssuerBase {
-    method: 'custom';
-}
-export type JwtIssuer = JwtIssuerDid | JwtIssuerX5c | JwtIssuerJwk | JwtIssuerCustom;
-export interface JwtIssuanceContextBase {
-    type: string;
-}
-export type CreateJwtCallback<T extends JwtIssuer & JwtIssuanceContextBase> = (jwtIssuer: T, jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-}) => Promise<string>;
-//# sourceMappingURL=JwtIssuer.d.ts.map

package/dist/jwt/JwtIssuer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwtIssuer.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAElF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,mBAAmB,CAAC;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;;;OAQG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IACpD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,SAAS,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,eAAe,CAAC;AAErF,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,SAAS,GAAG,sBAAsB,IAAI,CAC5E,SAAS,EAAE,CAAC,EACZ,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,KAC5C,OAAO,CAAC,MAAM,CAAC,CAAC"}

package/dist/jwt/JwtIssuer.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=JwtIssuer.js.map

package/dist/jwt/JwtIssuer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwtIssuer.js","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":""}

package/dist/jwt/JwtVerifier.d.ts

@@ -1,72 +0,0 @@
-import { JWK, JwtHeader, JwtPayload, SigningAlgo } from '..';
-import { JwtProtectionMethod, JwtType } from './jwtUtils';
-export interface JwtVerifierBase {
-    type: JwtType;
-    method: JwtProtectionMethod;
-}
-export interface DidJwtVerifier extends JwtVerifierBase {
-    method: 'did';
-    alg: SigningAlgo | string;
-    didUrl: string;
-}
-export interface X5cJwtVerifier extends JwtVerifierBase {
-    method: 'x5c';
-    alg: SigningAlgo | string;
-    /**
-     *
-     * Array of base64-encoded certificate strings in the DER-format.
-     *
-     * The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate.
-     */
-    x5c: Array<string>;
-    /**
-     * The jwt issuer
-     */
-    issuer: string;
-}
-export interface OpenIdFederationJwtVerifier extends JwtVerifierBase {
-    method: 'openid-federation';
-    /**
-     * The OpenId federation Entity
-     */
-    entityId: string;
-}
-export interface JwkJwtVerifier extends JwtVerifierBase {
-    method: 'jwk';
-    alg: SigningAlgo | string;
-    jwk: JWK;
-}
-export interface CustomJwtVerifier extends JwtVerifierBase {
-    method: 'custom';
-}
-export type JwtVerifier = DidJwtVerifier | X5cJwtVerifier | CustomJwtVerifier | JwkJwtVerifier | OpenIdFederationJwtVerifier;
-export declare const getDidJwtVerifier: (jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-}, options: {
-    type: JwtType;
-}) => DidJwtVerifier;
-export declare const getX5cVerifier: (jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-}, options: {
-    type: JwtType;
-}) => X5cJwtVerifier;
-export declare const getJwkVerifier: (jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-}, options: {
-    type: JwtType;
-}) => Promise<JwkJwtVerifier>;
-export declare const getJwtVerifierWithContext: (jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-}, options: {
-    type: JwtType;
-}) => Promise<JwtVerifier>;
-export type VerifyJwtCallbackBase<T extends JwtVerifier> = (jwtVerifier: T, jwt: {
-    header: JwtHeader;
-    payload: JwtPayload;
-    raw: string;
-}) => Promise<boolean>;
-//# sourceMappingURL=JwtVerifier.d.ts.map

package/dist/jwt/JwtVerifier.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwtVerifier.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE,MAAM,EAAE,mBAAmB,CAAC;IAE5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,2BAA2B,CAAC;AAE7H,eAAO,MAAM,iBAAiB,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAS/G,CAAC;AAiBF,eAAO,MAAM,cAAc,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAgB5G,CAAC;AAEF,eAAO,MAAM,cAAc,QAAe;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,QAAQ,cAAc,CAUxI,CAAC;AAEF,eAAO,MAAM,yBAAyB,QAC/B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WACtC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KACzB,QAAQ,WAAW,CAQrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,CAAC,CAAC,SAAS,WAAW,IAAI,CACzD,WAAW,EAAE,CAAC,EACd,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,KACzD,OAAO,CAAC,OAAO,CAAC,CAAC"}