@sphereon/oid4vci-client 0.10.3 → 0.10.4-next.119

package/README.md

@@ -52,10 +52,10 @@ This initiates the client using a URI obtained from the Issuer using a link (URL
 already fetching the Server Metadata
 
 ```typescript
-import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
+import { OpenID4VCIClientV1_0_13 } from '@sphereon/oid4vci-client';
 
 // The client is initiated from a URI. This URI is provided by the Issuer, typically as a URL or QR code.
-const client = await OpenID4VCIClient.fromURI({
+const client = await OpenID4VCIClientV1_0_13.fromURI({
   uri: 'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true',
   kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID.  You can defer this also to when the acquireCredential method is called
   alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called
@@ -68,6 +68,25 @@ console.log(client.getCredentialEndpoint()); // https://issuer.research.identipr
 console.log(client.getAccessTokenEndpoint()); // https://auth.research.identiproof.io/oauth2/token
 ```
 
+Using https scheme
+
+```typescript
+import { OpenID4VCIClientV1_0_13 } from '@sphereon/oid4vci-client';
+
+// The client is initiated from a URI. This URI is provided by the Issuer, typically as a URL or QR code.
+const client = await OpenID4VCIClientV1_0_13.fromURI({
+  uri: 'https://launchpad.vii.electron.mattrlabs.io?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Flaunchpad.vii.electron.mattrlabs.io%22%2C%22credentials%22%3A%5B%7B%22format%22%3A%22ldp_vc%22%2C%22types%22%3A%5B%22OpenBadgeCredential%22%5D%7D%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22UPZohaodPlLBnGsqB02n2tIupCIg8nKRRUEUHWA665X%22%7D%7D%7D',
+  kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID.  You can defer this also to when the acquireCredential method is called
+  alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called
+  clientId: 'test-clientId', // The clientId if the Authrozation Service requires it.  If a clientId is needed you can defer this also to when the acquireAccessToken method is called
+  retrieveServerMetadata: true, // Already retrieve the server metadata. Can also be done afterwards by invoking a method yourself.
+});
+
+console.log(client.getIssuer()); // https://launchpad.vii.electron.mattrlabs.io
+console.log(client.getCredentialEndpoint()); // https://launchpad.vii.electron.mattrlabs.io/credential
+console.log(client.getAccessTokenEndpoint()); // https://launchpad.vii.electron.mattrlabs.io/oauth2/token
+```
+
 ## Server metadata
 
 The OID4VCI Server metadata contains information about token endpoints, credential endpoints, as well as additional
@@ -187,15 +206,15 @@ The OpenID4VCI spec defines a server metadata object that contains information a
 support. Next to this predefined endpoint there are also the well-known locations for OpenID Connect Discovery
 configuration and
 Oauth2 Authorization Server configuration. These contain for instance the token endpoints.
-The MetadataClient checks the OpenID4VCI well-known location for the medata and existence of a token endpoint. If the
+The MetadataClientV1_0_13 checks the OpenID4VCI well-known location for the medata and existence of a token endpoint. If the
 OpenID4VCI well-known location is not found, the OIDC/OAuth2 well-known locations will be tried:
 
 Example:
 
 ```typescript
-import { MetadataClient } from '@sphereon/oid4vci-client';
+import { MetadataClientV1_0_13 } from '@sphereon/oid4vci-client';
 
-const metadata = await MetadataClient.retrieveAllMetadataFromCredentialOffer(initiationRequestWithUrl);
+const metadata = await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(initiationRequestWithUrl);
 
 console.log(metadata);
 /**

package/dist/AccessTokenClient.d.ts

@@ -1,9 +1,9 @@
-import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
+import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse, TxCodeAndPinRequired } from '@sphereon/oid4vci-common';
 export declare class AccessTokenClient {
     acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
-    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
+    acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }: {
         accessTokenRequest: AccessTokenRequest;
-        isPinRequired?: boolean;
+        pinMetadata?: TxCodeAndPinRequired;
         metadata?: EndpointMetadata;
         asOpts?: AuthorizationServerOpts;
         issuerOpts?: IssuerOpts;
@@ -11,8 +11,8 @@ export declare class AccessTokenClient {
     createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
     private assertPreAuthorizedGrantType;
     private assertAuthorizationGrantType;
-    private isPinRequiredValue;
-    private assertNumericPin;
+    private getPinMetadata;
+    private assertAlphanumericPin;
     private assertNonEmptyPreAuthorizedCode;
     private assertNonEmptyCodeVerifier;
     private assertNonEmptyCode;

package/dist/AccessTokenClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAEvB,gBAAgB,EAGhB,UAAU,EAEV,cAAc,EAKf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
+{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAGvB,gBAAgB,EAIhB,UAAU,EAEV,cAAc,EAId,oBAAoB,EAErB,MAAM,0BAA0B,CAAC;AAMlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgC9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,WAAW,CAAC,EAAE,oBAAoB,CAAC;QACnC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}

package/dist/AccessTokenClient.js

@@ -8,24 +8,19 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AccessTokenClient = void 0;
 const oid4vci_common_1 = require("@sphereon/oid4vci-common");
 const ssi_types_1 = require("@sphereon/ssi-types");
-const debug_1 = __importDefault(require("debug"));
-const MetadataClient_1 = require("./MetadataClient");
-const functions_1 = require("./functions");
-const debug = (0, debug_1.default)('sphereon:oid4vci:token');
+const MetadataClientV1_0_13_1 = require("./MetadataClientV1_0_13");
+const types_1 = require("./types");
 class AccessTokenClient {
     acquireAccessToken(opts) {
         var _a;
         return __awaiter(this, void 0, void 0, function* () {
             const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
             const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
-            const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
+            const pinMetadata = credentialOffer && this.getPinMetadata(credentialOffer.credential_offer);
             const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
             if (!issuer) {
                 throw Error('Issuer required at this point');
@@ -41,24 +36,25 @@ class AccessTokenClient {
                     code,
                     redirectUri,
                     pin,
+                    pinMetadata,
                 }),
-                isPinRequired,
+                pinMetadata,
                 metadata,
                 asOpts,
                 issuerOpts,
             });
         });
     }
-    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
+    acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }) {
         return __awaiter(this, void 0, void 0, function* () {
-            this.validate(accessTokenRequest, isPinRequired);
+            this.validate(accessTokenRequest, pinMetadata);
             const requestTokenURL = AccessTokenClient.determineTokenURL({
                 asOpts,
                 issuerOpts,
                 metadata: metadata
                     ? metadata
                     : (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
-                        ? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
+                        ? yield MetadataClientV1_0_13_1.MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
                         : undefined,
             });
             return this.sendAuthCode(requestTokenURL, accessTokenRequest);
@@ -68,13 +64,15 @@ class AccessTokenClient {
         var _a, _b;
         return __awaiter(this, void 0, void 0, function* () {
             const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
             const credentialOfferRequest = opts.credentialOffer ? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer) : undefined;
             const request = {};
             if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
                 request.client_id = asOpts.clientId;
             }
             if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
-                this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
+                this.assertAlphanumericPin(opts.pinMetadata, pin);
                 request.user_pin = pin;
                 request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
                 // we actually know it is there because of the isPreAuthCode call
@@ -91,7 +89,7 @@ class AccessTokenClient {
                 }
                 return request;
             }
-            throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
+            throw new Error('Credential offer request follows neither pre-authorized code nor authorization code flow requirements.');
         });
     }
     assertPreAuthorizedGrantType(grantType) {
@@ -104,54 +102,70 @@ class AccessTokenClient {
             throw new Error("grant type must be 'authorization_code'");
         }
     }
-    isPinRequiredValue(requestPayload) {
-        var _a, _b, _c;
-        let isPinRequired = false;
+    getPinMetadata(requestPayload) {
+        var _a, _b;
         if (!requestPayload) {
             throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
         }
         const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
-        if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
-            isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
-        }
-        debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
-        return isPinRequired;
+        const grantDetails = (_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
+        const isPinRequired = (_b = !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code)) !== null && _b !== void 0 ? _b : false;
+        types_1.LOG.warning(`Pin required for issuer ${issuer}: ${isPinRequired}`);
+        return {
+            txCode: grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code,
+            isPinRequired,
+        };
     }
-    assertNumericPin(isPinRequired, pin) {
-        if (isPinRequired) {
-            if (!pin || !/^\d{1,8}$/.test(pin)) {
-                debug(`Pin is not 1 to 8 digits long`);
-                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
+    assertAlphanumericPin(pinMeta, pin) {
+        var _a, _b;
+        if (pinMeta && pinMeta.isPinRequired) {
+            let regex;
+            if (pinMeta.txCode) {
+                const { input_mode, length } = pinMeta.txCode;
+                if (input_mode === 'numeric') {
+                    // Create a regex for numeric input. If no length specified, allow any length of numeric input.
+                    regex = length ? new RegExp(`^\\d{1,${length}}$`) : /^\d+$/;
+                }
+                else if (input_mode === 'text') {
+                    // Create a regex for text input. If no length specified, allow any length of alphanumeric input.
+                    regex = length ? new RegExp(`^[a-zA-Z0-9]{1,${length}}$`) : /^[a-zA-Z0-9]+$/;
+                }
+            }
+            // Default regex for alphanumeric with no specific length limit if no input_mode is specified.
+            regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
+            if (!pin || !regex.test(pin)) {
+                types_1.LOG.warning(`Pin is not valid. Expected format: ${((_a = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _a === void 0 ? void 0 : _a.input_mode) || 'alphanumeric'}, Length: up to ${((_b = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _b === void 0 ? void 0 : _b.length) || 'any number of'} characters`);
+                throw new Error('A valid pin must be present according to the specified transaction code requirements.');
             }
         }
         else if (pin) {
-            debug(`Pin set, whilst not required`);
-            throw new Error('Cannot set a pin, when the pin is not required.');
+            types_1.LOG.warning('Pin set, whilst not required');
+            throw new Error('Cannot set a pin when the pin is not required.');
         }
     }
     assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
         if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
-            debug(`No pre-authorized code present, whilst it is required`);
+            types_1.LOG.warning(`No pre-authorized code present, whilst it is required`, accessTokenRequest);
             throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
         }
     }
     assertNonEmptyCodeVerifier(accessTokenRequest) {
         if (!accessTokenRequest.code_verifier) {
-            debug('No code_verifier present, whilst it is required');
+            types_1.LOG.warning('No code_verifier present, whilst it is required', accessTokenRequest);
             throw new Error('Authorization flow requires the code_verifier to be present');
         }
     }
     assertNonEmptyCode(accessTokenRequest) {
         if (!accessTokenRequest.code) {
-            debug('No code present, whilst it is required');
+            types_1.LOG.warning('No code present, whilst it is required');
             throw new Error('Authorization flow requires the code to be present');
         }
     }
-    validate(accessTokenRequest, isPinRequired) {
+    validate(accessTokenRequest, pinMeta) {
         if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
             this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
             this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
-            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
+            this.assertAlphanumericPin(pinMeta, accessTokenRequest.user_pin);
         }
         else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
             this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
@@ -164,7 +178,7 @@ class AccessTokenClient {
     }
     sendAuthCode(requestTokenURL, accessTokenRequest) {
         return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, functions_1.formPost)(requestTokenURL, (0, functions_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
+            return yield (0, oid4vci_common_1.formPost)(requestTokenURL, (0, oid4vci_common_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
         });
     }
     static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
@@ -187,7 +201,7 @@ class AccessTokenClient {
         if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
             throw new Error('No authorization server token URL present. Cannot acquire access token');
         }
-        debug(`Token endpoint determined to be ${url}`);
+        types_1.LOG.debug(`Token endpoint determined to be ${url}`);
         return url;
     }
     static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
@@ -200,7 +214,7 @@ class AccessTokenClient {
         return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
     }
     throwNotSupportedFlow() {
-        debug(`Only pre-authorized or authorization code flows supported.`);
+        types_1.LOG.warning(`Only pre-authorized or authorization code flows supported.`);
         throw new Error('Only pre-authorized-code or authorization code flows are supported');
     }
 }

package/dist/AccessTokenClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAiBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9H,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA1ND,8CA0NC"}
+{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAoBkC;AAClC,mDAAkD;AAElD,mEAAgE;AAChE,mCAA8B;AAE9B,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,WAAW,GAAqC,eAAe,IAAI,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC/H,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;oBACH,WAAW;iBACZ,CAAC;gBACF,WAAW;gBACX,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YAE/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,6CAAqB,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBAChG,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,6DAA6D;YAC7D,aAAa;YACb,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9H,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;gBAClD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC,CAAC;;KAC3H;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,cAA6C;;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,CAAC;QACrG,MAAM,aAAa,GAAG,MAAA,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,CAAA,mCAAI,KAAK,CAAC;QAEvD,WAAG,CAAC,OAAO,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QACnE,OAAO;YACL,MAAM,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO;YAC7B,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,OAA8B,EAAE,GAAY;;QACxE,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;gBAE9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,+FAA+F;oBAC/F,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,iGAAiG;oBACjG,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,kBAAkB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBAC/E,CAAC;YACH,CAAC;YAED,8FAA8F;YAC9F,KAAK,GAAG,KAAK,IAAI,iEAAiE,CAAC;YAEnF,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,WAAG,CAAC,OAAO,CACT,sCAAsC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,UAAU,KAAI,cAAc,mBAAmB,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,MAAM,KAAI,eAAe,aAAa,CAC9J,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,WAAG,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,WAAG,CAAC,OAAO,CAAC,uDAAuD,EAAE,kBAAkB,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,WAAG,CAAC,OAAO,CAAC,iDAAiD,EAAE,kBAAkB,CAAC,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,WAAG,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,OAA8B;QACrF,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,WAAG,CAAC,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,WAAG,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AAnPD,8CAmPC"}

package/dist/AccessTokenClientV1_0_11.d.ts

@@ -0,0 +1,29 @@
+import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
+export declare class AccessTokenClientV1_0_11 {
+    acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
+        accessTokenRequest: AccessTokenRequest;
+        isPinRequired?: boolean;
+        metadata?: EndpointMetadata;
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+    }): Promise<OpenIDResponse<AccessTokenResponse>>;
+    createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
+    private assertPreAuthorizedGrantType;
+    private assertAuthorizationGrantType;
+    private isPinRequiredValue;
+    private assertNumericPin;
+    private assertNonEmptyPreAuthorizedCode;
+    private assertNonEmptyCodeVerifier;
+    private assertNonEmptyCode;
+    private validate;
+    private sendAuthCode;
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+        metadata?: EndpointMetadata;
+    }): string;
+    private static creatTokenURLFromURL;
+    private throwNotSupportedFlow;
+}
+//# sourceMappingURL=AccessTokenClientV1_0_11.d.ts.map

package/dist/AccessTokenClientV1_0_11.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAKvB,gBAAgB,EAIhB,UAAU,EAEV,cAAc,EAKf,MAAM,0BAA0B,CAAC;AAQlC,qBAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}

package/dist/AccessTokenClientV1_0_11.js

@@ -0,0 +1,209 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessTokenClientV1_0_11 = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const ssi_types_1 = require("@sphereon/ssi-types");
+const debug_1 = __importDefault(require("debug"));
+const MetadataClientV1_0_13_1 = require("./MetadataClientV1_0_13");
+const debug = (0, debug_1.default)('sphereon:oid4vci:token');
+class AccessTokenClientV1_0_11 {
+    acquireAccessToken(opts) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
+            const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
+            const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
+            const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
+            if (!issuer) {
+                throw Error('Issuer required at this point');
+            }
+            const issuerOpts = {
+                issuer,
+            };
+            return yield this.acquireAccessTokenUsingRequest({
+                accessTokenRequest: yield this.createAccessTokenRequest({
+                    credentialOffer,
+                    asOpts,
+                    codeVerifier,
+                    code,
+                    redirectUri,
+                    pin,
+                }),
+                isPinRequired,
+                metadata,
+                asOpts,
+                issuerOpts,
+            });
+        });
+    }
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validate(accessTokenRequest, isPinRequired);
+            const requestTokenURL = AccessTokenClientV1_0_11.determineTokenURL({
+                asOpts,
+                issuerOpts,
+                metadata: metadata
+                    ? metadata
+                    : (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
+                        ? yield MetadataClientV1_0_13_1.MetadataClientV1_0_13.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
+                        : undefined,
+            });
+            return this.sendAuthCode(requestTokenURL, accessTokenRequest);
+        });
+    }
+    createAccessTokenRequest(opts) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
+            const credentialOfferRequest = opts.credentialOffer
+                ? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
+                : undefined;
+            const request = {};
+            if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
+                request.client_id = asOpts.clientId;
+            }
+            if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
+                this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
+                request.user_pin = pin;
+                request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
+                // we actually know it is there because of the isPreAuthCode call
+                request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
+                    (_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
+                return request;
+            }
+            if (!credentialOfferRequest || credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
+                request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
+                request.code = code;
+                request.redirect_uri = redirectUri;
+                if (codeVerifier) {
+                    request.code_verifier = codeVerifier;
+                }
+                return request;
+            }
+            throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
+        });
+    }
+    assertPreAuthorizedGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
+            throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
+        }
+    }
+    assertAuthorizationGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
+            throw new Error("grant type must be 'authorization_code'");
+        }
+    }
+    isPinRequiredValue(requestPayload) {
+        var _a, _b, _c;
+        let isPinRequired = false;
+        if (!requestPayload) {
+            throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
+        }
+        const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
+        if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
+            isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
+        }
+        debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
+        return isPinRequired;
+    }
+    assertNumericPin(isPinRequired, pin) {
+        if (isPinRequired) {
+            if (!pin || !/^\d{1,8}$/.test(pin)) {
+                debug(`Pin is not 1 to 8 digits long`);
+                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
+            }
+        }
+        else if (pin) {
+            debug(`Pin set, whilst not required`);
+            throw new Error('Cannot set a pin, when the pin is not required.');
+        }
+    }
+    assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
+        if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
+            debug(`No pre-authorized code present, whilst it is required`);
+            throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
+        }
+    }
+    assertNonEmptyCodeVerifier(accessTokenRequest) {
+        if (!accessTokenRequest.code_verifier) {
+            debug('No code_verifier present, whilst it is required');
+            throw new Error('Authorization flow requires the code_verifier to be present');
+        }
+    }
+    assertNonEmptyCode(accessTokenRequest) {
+        if (!accessTokenRequest.code) {
+            debug('No code present, whilst it is required');
+            throw new Error('Authorization flow requires the code to be present');
+        }
+    }
+    validate(accessTokenRequest, isPinRequired) {
+        if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
+            this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
+            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
+        }
+        else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
+            this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyCodeVerifier(accessTokenRequest);
+            this.assertNonEmptyCode(accessTokenRequest);
+        }
+        else {
+            this.throwNotSupportedFlow();
+        }
+    }
+    sendAuthCode(requestTokenURL, accessTokenRequest) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0, oid4vci_common_1.formPost)(requestTokenURL, (0, oid4vci_common_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
+        });
+    }
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
+        if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
+            throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
+        }
+        let url;
+        if (asOpts && asOpts.as) {
+            url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
+        }
+        else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
+            url = metadata.token_endpoint;
+        }
+        else {
+            if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
+                throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
+            }
+            url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
+        }
+        if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
+            throw new Error('No authorization server token URL present. Cannot acquire access token');
+        }
+        debug(`Token endpoint determined to be ${url}`);
+        return url;
+    }
+    static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
+        if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
+            throw Error(`Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`);
+        }
+        const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
+        const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
+        const scheme = url.split('://')[0];
+        return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
+    }
+    throwNotSupportedFlow() {
+        debug(`Only pre-authorized or authorization code flows supported.`);
+        throw new Error('Only pre-authorized-code or authorization code flows are supported');
+    }
+}
+exports.AccessTokenClientV1_0_11 = AccessTokenClientV1_0_11;
+//# sourceMappingURL=AccessTokenClientV1_0_11.js.map

package/dist/AccessTokenClientV1_0_11.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClientV1_0_11.js","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAqBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,mEAAgE;AAEhE,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,wBAAwB,CAAC,iBAAiB,CAAC;gBACjE,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,6CAAqB,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBAChG,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe;gBACjD,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAkE,CAAC;gBAChH,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,yBAAQ,EAAC,eAAe,EAAE,IAAA,iCAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA5ND,4DA4NC"}

package/dist/AuthorizationCodeClient.d.ts

@@ -1,9 +1,14 @@
-import { AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl, CredentialSupported, EndpointMetadataResult, PKCEOpts } from '@sphereon/oid4vci-common';
-export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported, }: {
+import { AuthorizationRequestOpts, CredentialConfigurationSupportedV1_0_13, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_13, OpenId4VCIVersion, PKCEOpts, RequestObjectOpts } from '@sphereon/oid4vci-common';
+export declare function createSignedAuthRequestWhenNeeded(requestObject: Record<string, any>, opts: RequestObjectOpts & {
+    aud?: string;
+}): Promise<void>;
+export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: {
     pkce: PKCEOpts;
-    endpointMetadata: EndpointMetadataResult;
+    endpointMetadata: EndpointMetadataResultV1_0_13;
     authorizationRequest: AuthorizationRequestOpts;
     credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
-    credentialsSupported?: CredentialSupported[] | undefined;
+    credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined;
+    clientId?: string | undefined;
+    version?: OpenId4VCIVersion | undefined;
 }) => Promise<string>;
 //# sourceMappingURL=AuthorizationCodeClient.d.ts.map

package/dist/AuthorizationCodeClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,iCAAiC,EACjC,mBAAmB,EACnB,sBAAsB,EAItB,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAKlC,eAAO,MAAM,6BAA6B;UAOlC,QAAQ;sBACI,sBAAsB;0BAClB,wBAAwB;;;MAG5C,QAAQ,MAAM,CA4FjB,CAAC"}
+{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAIxB,uCAAuC,EAEvC,iCAAiC,EAEjC,6BAA6B,EAK7B,iBAAiB,EAEjB,QAAQ,EAER,iBAAiB,EAElB,MAAM,0BAA0B,CAAC;AAOlC,wBAAsB,iCAAiC,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,iBAAiB,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,iBAkCrI;AAeD,eAAO,MAAM,6BAA6B;UASlC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;;;MAK5C,QAAQ,MAAM,CAqIjB,CAAC"}