@sphereon/oid4vci-client 0.10.3 → 0.10.4-next.119

package/lib/CredentialRequestClientBuilderV1_0_11.ts

@@ -0,0 +1,163 @@
+import {
+  AccessTokenResponse,
+  CredentialIssuerMetadata,
+  CredentialOfferPayloadV1_0_08,
+  CredentialOfferPayloadV1_0_11,
+  CredentialOfferRequestWithBaseUrl,
+  determineSpecVersionFromOffer,
+  EndpointMetadata,
+  ExperimentalSubjectIssuance,
+  getIssuerFromCredentialOfferPayload,
+  getTypesFromOfferV1_0_11,
+  OID4VCICredentialFormat,
+  OpenId4VCIVersion,
+  UniformCredentialOfferRequest,
+} from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
+
+import { CredentialOfferClientV1_0_11 } from './CredentialOfferClientV1_0_11';
+import { CredentialRequestClientV1_0_11 } from './CredentialRequestClientV1_0_11';
+
+export class CredentialRequestClientBuilderV1_0_11 {
+  credentialEndpoint?: string;
+  deferredCredentialEndpoint?: string;
+  deferredCredentialAwait = false;
+  deferredCredentialIntervalInMS = 5000;
+  credentialTypes: string[] = [];
+  format?: CredentialFormat | OID4VCICredentialFormat;
+  token?: string;
+  version?: OpenId4VCIVersion;
+  subjectIssuance?: ExperimentalSubjectIssuance;
+
+  public static fromCredentialIssuer({
+    credentialIssuer,
+    metadata,
+    version,
+    credentialTypes,
+  }: {
+    credentialIssuer: string;
+    metadata?: EndpointMetadata;
+    version?: OpenId4VCIVersion;
+    credentialTypes: string | string[];
+  }): CredentialRequestClientBuilderV1_0_11 {
+    const issuer = credentialIssuer;
+    const builder = new CredentialRequestClientBuilderV1_0_11();
+    builder.withVersion(version ?? OpenId4VCIVersion.VER_1_0_11);
+    builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith('/') ? `${issuer}credential` : `${issuer}/credential`));
+    if (metadata?.deferred_credential_endpoint) {
+      builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
+    }
+    builder.withCredentialType(credentialTypes);
+    return builder;
+  }
+
+  public static async fromURI({ uri, metadata }: { uri: string; metadata?: EndpointMetadata }): Promise<CredentialRequestClientBuilderV1_0_11> {
+    const offer = await CredentialOfferClientV1_0_11.fromURI(uri);
+    return CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest({ request: offer, ...offer, metadata, version: offer.version });
+  }
+
+  public static fromCredentialOfferRequest(opts: {
+    request: UniformCredentialOfferRequest;
+    scheme?: string;
+    baseUrl?: string;
+    version?: OpenId4VCIVersion;
+    metadata?: EndpointMetadata;
+  }): CredentialRequestClientBuilderV1_0_11 {
+    const { request, metadata } = opts;
+    const version = opts.version ?? request.version ?? determineSpecVersionFromOffer(request.original_credential_offer);
+    const builder = new CredentialRequestClientBuilderV1_0_11();
+    const issuer = getIssuerFromCredentialOfferPayload(request.credential_offer) ?? (metadata?.issuer as string);
+    builder.withVersion(version);
+    builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith('/') ? `${issuer}credential` : `${issuer}/credential`));
+    if (metadata?.deferred_credential_endpoint) {
+      builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
+    }
+
+    if (version <= OpenId4VCIVersion.VER_1_0_08) {
+      //todo: This basically sets all types available during initiation. Probably the user only wants a subset. So do we want to do this?
+      builder.withCredentialType((request.original_credential_offer as CredentialOfferPayloadV1_0_08).credential_type);
+    } else if (version <= OpenId4VCIVersion.VER_1_0_11) {
+      // todo: look whether this is correct
+      builder.withCredentialType(getTypesFromOfferV1_0_11(request.credential_offer as CredentialOfferPayloadV1_0_11));
+    }
+
+    return builder;
+  }
+
+  public static fromCredentialOffer({
+    credentialOffer,
+    metadata,
+  }: {
+    credentialOffer: CredentialOfferRequestWithBaseUrl;
+    metadata?: EndpointMetadata;
+  }): CredentialRequestClientBuilderV1_0_11 {
+    return CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest({
+      request: credentialOffer,
+      metadata,
+      version: credentialOffer.version,
+    });
+  }
+
+  public withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+    this.credentialEndpoint = metadata.credential_endpoint;
+    return this;
+  }
+
+  public withCredentialEndpoint(credentialEndpoint: string): this {
+    this.credentialEndpoint = credentialEndpoint;
+    return this;
+  }
+
+  public withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+    this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
+    return this;
+  }
+
+  public withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this {
+    this.deferredCredentialEndpoint = deferredCredentialEndpoint;
+    return this;
+  }
+
+  public withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this {
+    this.deferredCredentialAwait = deferredCredentialAwait;
+    this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5000;
+    return this;
+  }
+
+  public withCredentialType(credentialTypes: string | string[]): this {
+    this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [credentialTypes];
+    return this;
+  }
+
+  public withFormat(format: CredentialFormat | OID4VCICredentialFormat): this {
+    this.format = format;
+    return this;
+  }
+
+  public withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this {
+    this.subjectIssuance = subjectIssuance;
+    return this;
+  }
+
+  public withToken(accessToken: string): this {
+    this.token = accessToken;
+    return this;
+  }
+
+  public withTokenFromResponse(response: AccessTokenResponse): this {
+    this.token = response.access_token;
+    return this;
+  }
+
+  public withVersion(version: OpenId4VCIVersion): this {
+    this.version = version;
+    return this;
+  }
+
+  public build(): CredentialRequestClientV1_0_11 {
+    if (!this.version) {
+      this.withVersion(OpenId4VCIVersion.VER_1_0_11);
+    }
+    return new CredentialRequestClientV1_0_11(this);
+  }
+}

package/lib/CredentialRequestClientV1_0_11.ts

@@ -0,0 +1,197 @@
+import {
+  acquireDeferredCredential,
+  CredentialResponse,
+  getCredentialRequestForVersion,
+  getUniformFormat,
+  isDeferredCredentialResponse,
+  isValidURL,
+  JsonLdIssuerCredentialDefinition,
+  OID4VCICredentialFormat,
+  OpenId4VCIVersion,
+  OpenIDResponse,
+  post,
+  ProofOfPossession,
+  UniformCredentialRequest,
+  URL_NOT_VALID,
+} from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
+import Debug from 'debug';
+
+import { buildProof } from './CredentialRequestClient';
+import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
+import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
+
+const debug = Debug('sphereon:oid4vci:credential');
+
+export interface CredentialRequestOptsV1_0_11 {
+  deferredCredentialAwait?: boolean;
+  deferredCredentialIntervalInMS?: number;
+  credentialEndpoint: string;
+  deferredCredentialEndpoint?: string;
+  credentialTypes: string[];
+  format?: CredentialFormat | OID4VCICredentialFormat;
+  proof: ProofOfPossession;
+  token: string;
+  version: OpenId4VCIVersion;
+}
+
+export class CredentialRequestClientV1_0_11 {
+  private readonly _credentialRequestOpts: Partial<CredentialRequestOptsV1_0_11>;
+  private _isDeferred = false;
+
+  get credentialRequestOpts(): CredentialRequestOptsV1_0_11 {
+    return this._credentialRequestOpts as CredentialRequestOptsV1_0_11;
+  }
+
+  public isDeferred(): boolean {
+    return this._isDeferred;
+  }
+
+  public getCredentialEndpoint(): string {
+    return this.credentialRequestOpts.credentialEndpoint;
+  }
+
+  public getDeferredCredentialEndpoint(): string | undefined {
+    return this.credentialRequestOpts.deferredCredentialEndpoint;
+  }
+
+  public constructor(builder: CredentialRequestClientBuilderV1_0_11) {
+    this._credentialRequestOpts = { ...builder };
+  }
+
+  public async acquireCredentialsUsingProof<DIDDoc>(opts: {
+    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    credentialTypes?: string | string[];
+    context?: string[];
+    format?: CredentialFormat | OID4VCICredentialFormat;
+  }): Promise<OpenIDResponse<CredentialResponse> & { access_token: string }> {
+    const { credentialTypes, proofInput, format, context } = opts;
+
+    const request = await this.createCredentialRequest({ proofInput, credentialTypes, context, format, version: this.version() });
+    return await this.acquireCredentialsUsingRequest(request);
+  }
+
+  public async acquireCredentialsUsingRequest(
+    uniformRequest: UniformCredentialRequest,
+  ): Promise<OpenIDResponse<CredentialResponse> & { access_token: string }> {
+    const request = getCredentialRequestForVersion(uniformRequest, this.version());
+    const credentialEndpoint: string = this.credentialRequestOpts.credentialEndpoint;
+    if (!isValidURL(credentialEndpoint)) {
+      debug(`Invalid credential endpoint: ${credentialEndpoint}`);
+      throw new Error(URL_NOT_VALID);
+    }
+    debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
+    debug(`request\n: ${JSON.stringify(request, null, 2)}`);
+    const requestToken: string = this.credentialRequestOpts.token;
+    let response = (await post(credentialEndpoint, JSON.stringify(request), { bearerToken: requestToken })) as OpenIDResponse<CredentialResponse> & {
+      access_token: string;
+    };
+    this._isDeferred = isDeferredCredentialResponse(response);
+    if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
+      response = await this.acquireDeferredCredential(response.successBody, { bearerToken: this.credentialRequestOpts.token });
+    }
+    response.access_token = requestToken;
+
+    debug(`Credential endpoint ${credentialEndpoint} response:\r\n${JSON.stringify(response, null, 2)}`);
+    return response;
+  }
+
+  public async acquireDeferredCredential(
+    response: Pick<CredentialResponse, 'transaction_id' | 'acceptance_token' | 'c_nonce'>,
+    opts?: {
+      bearerToken?: string;
+    },
+  ): Promise<OpenIDResponse<CredentialResponse> & { access_token: string }> {
+    const transactionId = response.transaction_id;
+    const bearerToken = response.acceptance_token ?? opts?.bearerToken;
+    const deferredCredentialEndpoint = this.getDeferredCredentialEndpoint();
+    if (!deferredCredentialEndpoint) {
+      throw Error(`No deferred credential endpoint supplied.`);
+    } else if (!bearerToken) {
+      throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
+      // todo updated bearer token with new c_nonce
+    }
+    return await acquireDeferredCredential({
+      bearerToken,
+      transactionId,
+      deferredCredentialEndpoint,
+      deferredCredentialAwait: this.credentialRequestOpts.deferredCredentialAwait,
+      deferredCredentialIntervalInMS: this.credentialRequestOpts.deferredCredentialIntervalInMS,
+    });
+  }
+
+  public async createCredentialRequest<DIDDoc>(opts: {
+    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    credentialTypes?: string | string[];
+    context?: string[];
+    format?: CredentialFormat | OID4VCICredentialFormat;
+    version: OpenId4VCIVersion;
+  }): Promise<UniformCredentialRequest> {
+    const { proofInput } = opts;
+    const formatSelection = opts.format ?? this.credentialRequestOpts.format;
+
+    if (!formatSelection) {
+      throw Error(`Format of credential to be issued is missing`);
+    }
+    const format = getUniformFormat(formatSelection);
+    const typesSelection =
+      opts?.credentialTypes && (typeof opts.credentialTypes === 'string' || opts.credentialTypes.length > 0)
+        ? opts.credentialTypes
+        : this.credentialRequestOpts.credentialTypes;
+    const types = Array.isArray(typesSelection) ? typesSelection : [typesSelection];
+    if (types.length === 0) {
+      throw Error(`Credential type(s) need to be provided`);
+    }
+    // FIXME: this is mixing up the type (as id) from v8/v9 and the types (from the vc.type) from v11
+    else if (!this.isV11OrHigher() && types.length !== 1) {
+      throw Error('Only a single credential type is supported for V8/V9');
+    }
+    const proof = await buildProof(proofInput, opts);
+
+    // TODO: we should move format specific logic
+    if (format === 'jwt_vc_json' || format === 'jwt_vc') {
+      return {
+        types,
+        format,
+        proof,
+      };
+    } else if (format === 'jwt_vc_json-ld' || format === 'ldp_vc') {
+      if (this.version() >= OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
+        throw Error('No @context value present, but it is required');
+      }
+
+      return {
+        format,
+        proof,
+
+        // Ignored because v11 does not have the context value, but it is required in v12
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        credential_definition: {
+          types,
+          ...(opts.context && { '@context': opts.context }),
+        } as JsonLdIssuerCredentialDefinition,
+      };
+    } else if (format === 'vc+sd-jwt') {
+      if (types.length > 1) {
+        throw Error(`Only a single credential type is supported for ${format}`);
+      }
+
+      return {
+        format,
+        proof,
+        vct: types[0],
+      };
+    }
+
+    throw new Error(`Unsupported format: ${format}`);
+  }
+
+  private version(): OpenId4VCIVersion {
+    return this.credentialRequestOpts?.version ?? OpenId4VCIVersion.VER_1_0_11;
+  }
+
+  private isV11OrHigher(): boolean {
+    return this.version() >= OpenId4VCIVersion.VER_1_0_11;
+  }
+}

package/lib/MetadataClient.ts

@@ -1,17 +1,25 @@
 import {
   AuthorizationServerMetadata,
   AuthorizationServerType,
-  CredentialIssuerMetadata,
+  CredentialIssuerMetadataV1_0_11,
+  CredentialIssuerMetadataV1_0_13,
   CredentialOfferPayload,
+  CredentialOfferPayloadV1_0_13,
   CredentialOfferRequestWithBaseUrl,
-  EndpointMetadataResult,
+  determineSpecVersionFromOffer,
+  EndpointMetadataResultV1_0_11,
+  EndpointMetadataResultV1_0_13,
   getIssuerFromCredentialOfferPayload,
+  IssuerMetadataV1_0_08,
+  OpenId4VCIVersion,
   OpenIDResponse,
   WellKnownEndpoints,
 } from '@sphereon/oid4vci-common';
 import Debug from 'debug';
 
-import { getJson } from './functions';
+import { MetadataClientV1_0_11 } from './MetadataClientV1_0_11';
+import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
+import { retrieveWellknown } from './functions/OpenIDUtils';
 
 const debug = Debug('sphereon:oid4vci:metadata');
 
@@ -21,18 +29,30 @@ export class MetadataClient {
    *
    * @param credentialOffer
    */
-  public static async retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResult> {
-    return MetadataClient.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
+  public static async retrieveAllMetadataFromCredentialOffer(
+    credentialOffer: CredentialOfferRequestWithBaseUrl,
+  ): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11> {
+    if (determineSpecVersionFromOffer(credentialOffer.credential_offer) >= OpenId4VCIVersion.VER_1_0_13) {
+      return await MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOffer(credentialOffer);
+    } else {
+      return await MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOffer(credentialOffer);
+    }
   }
 
   /**
    * Retrieve the metada using the initiation request obtained from a previous step
    * @param request
    */
-  public static async retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResult> {
+  public static async retrieveAllMetadataFromCredentialOfferRequest(
+    request: CredentialOfferPayload,
+  ): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11> {
     const issuer = getIssuerFromCredentialOfferPayload(request);
     if (issuer) {
-      return MetadataClient.retrieveAllMetadata(issuer);
+      if (determineSpecVersionFromOffer(request) >= OpenId4VCIVersion.VER_1_0_13) {
+        return MetadataClientV1_0_13.retrieveAllMetadataFromCredentialOfferRequest(request as CredentialOfferPayloadV1_0_13);
+      } else {
+        return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(request);
+      }
     }
     throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
   }
@@ -42,32 +62,39 @@ export class MetadataClient {
    * @param issuer The issuer URL
    * @param opts
    */
-  public static async retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean }): Promise<EndpointMetadataResult> {
+  public static async retrieveAllMetadata(
+    issuer: string,
+    opts?: { errorOnNotFound: boolean },
+  ): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11> {
     let token_endpoint: string | undefined;
     let credential_endpoint: string | undefined;
     let deferred_credential_endpoint: string | undefined;
     let authorization_endpoint: string | undefined;
     let authorizationServerType: AuthorizationServerType = 'OID4VCI';
-    let authorization_server: string = issuer;
+    let authorization_servers: string[] | undefined = [issuer];
+    let authorization_server: string | undefined = undefined;
     const oid4vciResponse = await MetadataClient.retrieveOpenID4VCIServerMetadata(issuer, { errorOnNotFound: false }); // We will handle errors later, given we will also try other metadata locations
     let credentialIssuerMetadata = oid4vciResponse?.successBody;
     if (credentialIssuerMetadata) {
       debug(`Issuer ${issuer} OID4VCI well-known server metadata\r\n${JSON.stringify(credentialIssuerMetadata)}`);
       credential_endpoint = credentialIssuerMetadata.credential_endpoint;
-      deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
+      deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint
+        ? (credentialIssuerMetadata.deferred_credential_endpoint as string)
+        : undefined;
       if (credentialIssuerMetadata.token_endpoint) {
         token_endpoint = credentialIssuerMetadata.token_endpoint;
       }
-      if (credentialIssuerMetadata.authorization_server) {
-        authorization_server = credentialIssuerMetadata.authorization_server;
-      }
-      if (credentialIssuerMetadata.authorization_endpoint) {
-        authorization_endpoint = credentialIssuerMetadata.authorization_endpoint;
+      if (credentialIssuerMetadata.authorization_servers) {
+        authorization_servers = credentialIssuerMetadata.authorization_servers as string[];
+      } else if (credentialIssuerMetadata.authorization_server) {
+        authorization_server = credentialIssuerMetadata.authorization_server as string;
+        authorization_servers = [authorization_server];
       }
     }
     // No specific OID4VCI endpoint. Either can be an OAuth2 AS or an OIDC IDP. Let's start with OIDC first
-    let response: OpenIDResponse<AuthorizationServerMetadata> = await MetadataClient.retrieveWellknown(
-      authorization_server,
+    // TODO: for now we're taking just the first one
+    let response: OpenIDResponse<AuthorizationServerMetadata> = await retrieveWellknown(
+      authorization_servers[0],
       WellKnownEndpoints.OPENID_CONFIGURATION,
       {
         errorOnNotFound: false,
@@ -79,13 +106,14 @@ export class MetadataClient {
       authorizationServerType = 'OIDC';
     } else {
       // Now let's do OAuth2
-      response = await MetadataClient.retrieveWellknown(authorization_server, WellKnownEndpoints.OAUTH_AS, { errorOnNotFound: false });
+      // TODO: for now we're taking just the first one
+      response = await retrieveWellknown(authorization_servers[0], WellKnownEndpoints.OAUTH_AS, { errorOnNotFound: false });
       authMetadata = response.successBody;
     }
     if (!authMetadata) {
       // We will always throw an error, no matter whether the user provided the option not to, because this is bad.
-      if (issuer !== authorization_server) {
-        throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_server}, but that server did not provide metadata`);
+      if (!authorization_servers.includes(issuer)) {
+        throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
       }
     } else {
       if (!authorizationServerType) {
@@ -103,7 +131,7 @@ export class MetadataClient {
       }
       authorization_endpoint = authMetadata.authorization_endpoint;
       if (!authMetadata.token_endpoint) {
-        throw Error(`Authorization Sever ${authorization_server} did not provide a token_endpoint`);
+        throw Error(`Authorization Sever ${authorization_servers} did not provide a token_endpoint`);
       } else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
         throw Error(
           `Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`,
@@ -152,7 +180,9 @@ export class MetadataClient {
 
     if (!credentialIssuerMetadata && authMetadata) {
       // Apparently everything worked out and the issuer is exposing everything in oAuth2/OIDC well-knowns. Spec is vague about this situation, but we can support it
-      credentialIssuerMetadata = authMetadata as CredentialIssuerMetadata;
+      credentialIssuerMetadata = authorization_server
+        ? (authMetadata as CredentialIssuerMetadataV1_0_11)
+        : (authMetadata as CredentialIssuerMetadataV1_0_13);
     }
     debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
     return {
@@ -160,12 +190,14 @@ export class MetadataClient {
       token_endpoint,
       credential_endpoint,
       deferred_credential_endpoint,
-      authorization_server,
+      ...(authorization_server ? { authorization_server } : { authorization_servers: authorization_servers }),
       authorization_endpoint,
       authorizationServerType,
-      credentialIssuerMetadata: credentialIssuerMetadata,
+      credentialIssuerMetadata: authorization_server
+        ? (credentialIssuerMetadata as IssuerMetadataV1_0_08 & Partial<AuthorizationServerMetadata>)
+        : (credentialIssuerMetadata as CredentialIssuerMetadataV1_0_13),
       authorizationServerMetadata: authMetadata,
-    };
+    } as EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11;
   }
 
   /**
@@ -178,31 +210,14 @@ export class MetadataClient {
     opts?: {
       errorOnNotFound?: boolean;
     },
-  ): Promise<OpenIDResponse<CredentialIssuerMetadata> | undefined> {
-    return MetadataClient.retrieveWellknown(issuerHost, WellKnownEndpoints.OPENID4VCI_ISSUER, {
+  ): Promise<
+    | OpenIDResponse<
+        CredentialIssuerMetadataV1_0_11 | CredentialIssuerMetadataV1_0_13 | (IssuerMetadataV1_0_08 & Partial<AuthorizationServerMetadata>)
+      >
+    | undefined
+  > {
+    return retrieveWellknown(issuerHost, WellKnownEndpoints.OPENID4VCI_ISSUER, {
       errorOnNotFound: opts?.errorOnNotFound === undefined ? true : opts.errorOnNotFound,
     });
   }
-
-  /**
-   * Allows to retrieve information from a well-known location
-   *
-   * @param host The host
-   * @param endpointType The endpoint type, currently supports OID4VCI, OIDC and OAuth2 endpoint types
-   * @param opts Options, like for instance whether an error should be thrown in case the endpoint doesn't exist
-   */
-  public static async retrieveWellknown<T>(
-    host: string,
-    endpointType: WellKnownEndpoints,
-    opts?: { errorOnNotFound?: boolean },
-  ): Promise<OpenIDResponse<T>> {
-    const result: OpenIDResponse<T> = await getJson(`${host.endsWith('/') ? host.slice(0, -1) : host}${endpointType}`, {
-      exceptionOnHttpErrorStatus: opts?.errorOnNotFound,
-    });
-    if (result.origResponse.status >= 400) {
-      // We only get here when error on not found is false
-      debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
-    }
-    return result;
-  }
 }