@sphereon/oid4vci-client 0.10.3 → 0.10.4-next.119

package/lib/ProofOfPossessionBuilder.ts

@@ -1,26 +1,28 @@
 import {
   AccessTokenResponse,
   Alg,
+  createProofOfPossession,
   EndpointMetadata,
   JWK,
   Jwt,
   NO_JWT_PROVIDED,
   OpenId4VCIVersion,
+  PoPMode,
   PROOF_CANT_BE_CONSTRUCTED,
   ProofOfPossession,
   ProofOfPossessionCallbacks,
   Typ,
 } from '@sphereon/oid4vci-common';
 
-import { createProofOfPossession } from './functions';
-
 export class ProofOfPossessionBuilder<DIDDoc> {
   private readonly proof?: ProofOfPossession;
   private readonly callbacks?: ProofOfPossessionCallbacks<DIDDoc>;
   private readonly version: OpenId4VCIVersion;
+  private readonly mode: PoPMode = 'pop';
 
   private kid?: string;
   private jwk?: JWK;
+  private aud?: string | string[];
   private clientId?: string;
   private issuer?: string;
   private jwt?: Jwt;
@@ -35,54 +37,80 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     jwt,
     accessTokenResponse,
     version,
+    mode = 'pop',
   }: {
     proof?: ProofOfPossession;
     callbacks?: ProofOfPossessionCallbacks<DIDDoc>;
     accessTokenResponse?: AccessTokenResponse;
     jwt?: Jwt;
     version: OpenId4VCIVersion;
+    mode?: PoPMode;
   }) {
+    this.mode = mode;
     this.proof = proof;
     this.callbacks = callbacks;
     this.version = version;
     if (jwt) {
       this.withJwt(jwt);
     } else {
-      this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt');
+      this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
     }
     if (accessTokenResponse) {
       this.withAccessTokenResponse(accessTokenResponse);
     }
   }
 
+  static manual<DIDDoc>({
+    jwt,
+    callbacks,
+    version,
+    mode = 'jwt',
+  }: {
+    jwt?: Jwt;
+    callbacks: ProofOfPossessionCallbacks<DIDDoc>;
+    version: OpenId4VCIVersion;
+    mode?: PoPMode;
+  }): ProofOfPossessionBuilder<DIDDoc> {
+    return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
+  }
+
   static fromJwt<DIDDoc>({
     jwt,
     callbacks,
     version,
+    mode = 'pop',
   }: {
     jwt: Jwt;
     callbacks: ProofOfPossessionCallbacks<DIDDoc>;
     version: OpenId4VCIVersion;
+    mode?: PoPMode;
   }): ProofOfPossessionBuilder<DIDDoc> {
-    return new ProofOfPossessionBuilder({ callbacks, jwt, version });
+    return new ProofOfPossessionBuilder({ callbacks, jwt, version, mode });
   }
 
   static fromAccessTokenResponse<DIDDoc>({
     accessTokenResponse,
     callbacks,
     version,
+    mode = 'pop',
   }: {
     accessTokenResponse: AccessTokenResponse;
     callbacks: ProofOfPossessionCallbacks<DIDDoc>;
     version: OpenId4VCIVersion;
+    mode?: PoPMode;
   }): ProofOfPossessionBuilder<DIDDoc> {
-    return new ProofOfPossessionBuilder({ callbacks, accessTokenResponse, version });
+    return new ProofOfPossessionBuilder({ callbacks, accessTokenResponse, version, mode });
   }
 
   static fromProof<DIDDoc>(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder<DIDDoc> {
     return new ProofOfPossessionBuilder({ proof, version });
   }
 
+  withAud(aud: string | string[]): this {
+    this.aud = aud;
+    return this;
+  }
+
   withClientId(clientId: string): this {
     this.clientId = clientId;
     return this;
@@ -114,7 +142,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
   }
 
   withTyp(typ: Typ): this {
-    if (this.version >= OpenId4VCIVersion.VER_1_0_11) {
+    if (this.mode === 'pop' && this.version >= OpenId4VCIVersion.VER_1_0_11) {
       if (!!typ && typ !== 'openid4vci-proof+jwt') {
         throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
       }
@@ -161,7 +189,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     if (jwt.header.typ) {
       this.withTyp(jwt.header.typ as Typ);
     }
-    if (this.version >= OpenId4VCIVersion.VER_1_0_11) {
+    if (!this.typ && this.version >= OpenId4VCIVersion.VER_1_0_11) {
       this.withTyp('openid4vci-proof+jwt');
     }
     this.withAlg(jwt.header.alg);
@@ -172,8 +200,8 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     }
 
     if (jwt.payload) {
-      if (jwt.payload.iss) this.withClientId(jwt.payload.iss);
-      if (jwt.payload.aud) this.withIssuer(jwt.payload.aud);
+      if (jwt.payload.iss) this.mode === 'pop' ? this.withClientId(jwt.payload.iss) : this.withIssuer(jwt.payload.iss);
+      if (jwt.payload.aud) this.mode === 'pop' ? this.withIssuer(jwt.payload.aud) : this.withAud(jwt.payload.aud);
       if (jwt.payload.jti) this.withJti(jwt.payload.jti);
       if (jwt.payload.nonce) this.withAccessTokenNonce(jwt.payload.nonce);
     }
@@ -185,16 +213,18 @@ export class ProofOfPossessionBuilder<DIDDoc> {
       return Promise.resolve(this.proof);
     } else if (this.callbacks) {
       return await createProofOfPossession(
+        this.mode,
         this.callbacks,
         {
-          typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt'),
+          typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'),
           kid: this.kid,
           jwk: this.jwk,
           jti: this.jti,
           alg: this.alg,
+          aud: this.aud,
           issuer: this.issuer,
           clientId: this.clientId,
-          nonce: this.cNonce,
+          ...(this.cNonce && { nonce: this.cNonce }),
         },
         this.jwt,
       );

package/lib/__tests__/AccessTokenClient.spec.ts

@@ -28,6 +28,7 @@ describe('AccessTokenClient should', () => {
 
       const accessTokenRequest: AccessTokenRequest = {
         grant_type: GrantTypes.PRE_AUTHORIZED_CODE,
+        user_pin: '20221013',
         'pre-authorized_code': '20221013',
         client_id: 'sphereon',
       } as AccessTokenRequest;
@@ -44,6 +45,13 @@ describe('AccessTokenClient should', () => {
 
       const accessTokenResponse: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
+        pinMetadata: {
+          isPinRequired: true,
+          txCode: {
+            length: accessTokenRequest['pre-authorized_code'].length,
+            input_mode: 'numeric',
+          },
+        },
         asOpts: { as: MOCK_URL },
       });
 
@@ -121,10 +129,16 @@ describe('AccessTokenClient should', () => {
       await expect(
         accessTokenClient.acquireAccessTokenUsingRequest({
           accessTokenRequest,
-          isPinRequired: true,
+          pinMetadata: {
+            isPinRequired: true,
+            txCode: {
+              length: 6,
+              input_mode: 'text',
+            },
+          },
           asOpts: { as: MOCK_URL },
         }),
-      ).rejects.toThrow('A valid pin consisting of maximal 8 numeric characters must be present.');
+      ).rejects.toThrow('A valid pin must be present according to the specified transaction code requirements.');
     },
     UNIT_TEST_TIMEOUT,
   );
@@ -146,10 +160,16 @@ describe('AccessTokenClient should', () => {
       await expect(
         accessTokenClient.acquireAccessTokenUsingRequest({
           accessTokenRequest,
-          isPinRequired: true,
+          pinMetadata: {
+            isPinRequired: true,
+            txCode: {
+              length: 6,
+              input_mode: 'text',
+            },
+          },
           asOpts: { as: MOCK_URL },
         }),
-      ).rejects.toThrow(Error('A valid pin consisting of maximal 8 numeric characters must be present.'));
+      ).rejects.toThrow(Error('A valid pin must be present according to the specified transaction code requirements.'));
     },
     UNIT_TEST_TIMEOUT,
   );
@@ -178,7 +198,13 @@ describe('AccessTokenClient should', () => {
 
       const response = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
-        isPinRequired: true,
+        pinMetadata: {
+          isPinRequired: true,
+          txCode: {
+            length: 8,
+            input_mode: 'text',
+          },
+        },
         asOpts: { as: MOCK_URL },
       });
       expect(response.successBody).toEqual(body);
@@ -190,13 +216,15 @@ describe('AccessTokenClient should', () => {
     const accessTokenClient: AccessTokenClient = new AccessTokenClient();
 
     nock(MOCK_URL).post(/.*/).reply(200, {});
-
-    await expect(() =>
-      accessTokenClient.acquireAccessToken({
-        credentialOffer: INITIATION_TEST,
-        pin: '1234',
-      }),
-    ).rejects.toThrow(Error('Cannot set a pin, when the pin is not required.'));
+    nock(INITIATION_TEST.credential_offer.credential_issuer + 'token')
+      .post(/.*/)
+      .reply(200, {});
+
+    const response: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessToken({
+      credentialOffer: INITIATION_TEST,
+      pin: '1234',
+    });
+    expect(response.successBody).toBeDefined();
   });
 
   it('get error if no as, issuer and metadata values are present', async () => {

package/lib/__tests__/AuthorizationDetailsBuilder.spec.ts

@@ -50,16 +50,4 @@ describe('AuthorizationDetailsBuilder test', () => {
       new AuthorizationDetailsBuilder().withType('openid_credential').withLocations(['test1']).buildJwtVcJson();
     }).toThrow(Error('Type and format are required properties'));
   });
-  it('should be able to add random field to the object', () => {
-    const actual = new AuthorizationDetailsBuilder()
-      .withFormats('jwt_vc' as OID4VCICredentialFormat)
-      .withType('openid_credential')
-      .buildJwtVcJson();
-    actual['random'] = 'test';
-    expect(actual).toEqual({
-      type: 'openid_credential',
-      format: 'jwt_vc',
-      random: 'test',
-    });
-  });
 });

package/lib/__tests__/CredentialRequestClient.spec.ts

@@ -1,7 +1,11 @@
+// Walt uses a self signed cert
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 import { KeyObject } from 'crypto';
 
 import {
   Alg,
+  CredentialRequestV1_0_13,
   EndpointMetadata,
   getCredentialRequestForVersion,
   getIssuerFromCredentialOfferPayload,
@@ -16,19 +20,29 @@ import * as jose from 'jose';
 // @ts-ignore
 import nock from 'nock';
 
-import { CredentialRequestClientBuilder, MetadataClient, ProofOfPossessionBuilder } from '..';
-import { CredentialOfferClient } from '../CredentialOfferClient';
+import {
+  CredentialOfferClientV1_0_11,
+  CredentialRequestClientBuilder,
+  CredentialRequestClientBuilderV1_0_11,
+  MetadataClientV1_0_11,
+  ProofOfPossessionBuilder,
+} from '..';
 
 import { IDENTIPROOF_ISSUER_URL, IDENTIPROOF_OID4VCI_METADATA, INITIATION_TEST, WALT_OID4VCI_METADATA } from './MetadataMocks';
 import { getMockData } from './data/VciDataFixtures';
 
 const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 
-const jwt: Jwt = {
+const jwt1_0_08: Jwt = {
   header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
+const jwt1_0_13: Jwt = {
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'openid4vci-proof+jwt' },
+  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
+};
+
 const kid = 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1';
 
 let keypair: KeyPair;
@@ -67,36 +81,6 @@ afterEach(async () => {
   nock.cleanAll();
 });
 describe('Credential Request Client ', () => {
-  it('should get a failed credential response with an unsupported format', async function () {
-    const basePath = 'https://sphereonjunit2022101301.com/';
-    nock(basePath).post(/.*/).reply(500, {
-      error: 'unsupported_format',
-      error_description: 'This is a mock error message',
-    });
-
-    const credReqClient = CredentialRequestClientBuilder.fromCredentialOffer({ credentialOffer: INITIATION_TEST })
-      .withCredentialEndpoint(basePath + '/credential')
-      .withFormat('ldp_vc')
-      .withCredentialType('https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential')
-      .build();
-    const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-      jwt,
-      callbacks: {
-        signCallback: proofOfPossessionCallbackFunction,
-      },
-      version: OpenId4VCIVersion.VER_1_0_08,
-    })
-      // .withEndpointMetadata(metadata)
-      .withClientId('sphereon:wallet')
-      .withKid(kid)
-      .build();
-    expect(credReqClient.getCredentialEndpoint()).toEqual(basePath + '/credential');
-    const credentialRequest = await credReqClient.createCredentialRequest({ proofInput: proof, version: OpenId4VCIVersion.VER_1_0_08 });
-    expect(credentialRequest.proof?.jwt?.includes(partialJWT)).toBeTruthy();
-    const result = await credReqClient.acquireCredentialsUsingRequest(credentialRequest);
-    expect(result?.errorBody?.error).toBe('unsupported_format');
-  });
-
   it('should get success credential response', async function () {
     const mockedVC =
       'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzU2NTA0OSIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19LCJpc3MiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwibmJmIjoxMjYyMzA0MDAwLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.z5vgMTK1nfizNCg5N-niCOL3WUIAL7nXy-nGhDZYO_-PNGeE-0djCpWAMH8fD8eWSID5PfkPBYkx_dfLJnQ7NA';
@@ -112,20 +96,21 @@ describe('Credential Request Client ', () => {
       .withCredentialType('https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential')
       .build();
     const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-      jwt,
+      jwt: jwt1_0_13,
       callbacks: {
         signCallback: proofOfPossessionCallbackFunction,
       },
-      version: OpenId4VCIVersion.VER_1_0_08,
+      version: OpenId4VCIVersion.VER_1_0_13,
     })
       // .withEndpointMetadata(metadata)
       .withKid(kid)
       .withClientId('sphereon:wallet')
       .build();
     const credentialRequest = await credReqClient.createCredentialRequest({
+      credentialTypes: 'OpenBadgeCredential',
       proofInput: proof,
       format: 'jwt',
-      version: OpenId4VCIVersion.VER_1_0_08,
+      version: OpenId4VCIVersion.VER_1_0_13,
     });
     expect(credentialRequest.proof?.jwt?.includes(partialJWT)).toBeTruthy();
     expect(credentialRequest.format).toEqual('jwt_vc');
@@ -137,10 +122,10 @@ describe('Credential Request Client ', () => {
     const credReqClient = CredentialRequestClientBuilder.fromCredentialOfferRequest({ request: INITIATION_TEST })
       .withCredentialEndpoint('httpsf://oidc4vci.demo.spruceid.com/credential')
       .withFormat('jwt_vc')
-      .withCredentialType('https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential')
+      .withCredentialIdentifier('https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential')
       .build();
     const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-      jwt,
+      jwt: jwt1_0_08,
       callbacks: {
         signCallback: proofOfPossessionCallbackFunction,
       },
@@ -164,18 +149,19 @@ describe('Credential Request Client with Walt.id ', () => {
   afterEach(() => {
     nock.cleanAll();
   });
-  it('should have correct metadata endpoints', async function () {
+  // Walt id has cert issue
+  it.skip('should have correct metadata endpoints', async function () {
     nock.cleanAll();
     const WALT_IRR_URI =
       'openid-initiate-issuance://?issuer=https%3A%2F%2Fjff.walt.id%2Fissuer-api%2Foidc%2F&credential_type=OpenBadgeCredential&pre-authorized_code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE&user_pin_required=false';
-    const credentialOffer = await CredentialOfferClient.fromURI(WALT_IRR_URI);
+    const credentialOffer = await CredentialOfferClientV1_0_11.fromURI(WALT_IRR_URI);
 
     const request = credentialOffer.credential_offer;
-    const metadata = await MetadataClient.retrieveAllMetadata(getIssuerFromCredentialOfferPayload(request) as string);
+    const metadata = await MetadataClientV1_0_11.retrieveAllMetadata(getIssuerFromCredentialOfferPayload(request) as string);
     expect(metadata.credential_endpoint).toEqual(WALT_OID4VCI_METADATA.credential_endpoint);
     expect(metadata.token_endpoint).toEqual(WALT_OID4VCI_METADATA.token_endpoint);
 
-    const credReqClient = CredentialRequestClientBuilder.fromCredentialOffer({
+    const credReqClient = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({
       credentialOffer,
       metadata,
     }).build();
@@ -193,7 +179,7 @@ describe('Credential Request Client with different issuers ', () => {
   });
   it('should create correct CredentialRequest for Spruce', async () => {
     const IRR_URI =
-      'openid-initiate-issuance://?issuer=https%3A%2F%2Fngi%2Doidc4vci%2Dtest%2Espruceid%2Exyz&credential_type=OpenBadgeCredential&pre-authorized_code=eyJhbGciOiJFUzI1NiJ9.eyJjcmVkZW50aWFsX3R5cGUiOlsiT3BlbkJhZGdlQ3JlZGVudGlhbCJdLCJleHAiOiIyMDIzLTA0LTIwVDA5OjA0OjM2WiIsIm5vbmNlIjoibWFibmVpT0VSZVB3V3BuRFFweEt3UnRsVVRFRlhGUEwifQ.qOZRPN8sTv_knhp7WaWte2-aDULaPZX--2i9unF6QDQNUllqDhvxgIHMDCYHCV8O2_Gj-T2x1J84fDMajE3asg&user_pin_required=false';
+      'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22:%22https://credential-issuer.example.com%22,%22credential_configuration_ids%22:%5B%22OpenBadgeCredential%22%5D,%22grants%22:%7B%22urn:ietf:params:oauth:grant-type:pre-authorized_code%22:%7B%22pre-authorized_code%22:%22oaKazRN8I0IbtZ0C7JuMn5%22,%22tx_code%22:%7B%22input_mode%22:%22text%22,%22description%22:%22Please%20enter%20the%20serial%20number%20of%20your%20physical%20drivers%20license%22%7D%7D%7D%7D';
     const credentialRequest = await (
       await CredentialRequestClientBuilder.fromURI({
         uri: IRR_URI,
@@ -206,9 +192,9 @@ describe('Credential Request Client with different issuers ', () => {
           proof_type: 'jwt',
           jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
         },
-        credentialTypes: ['OpenBadgeCredential'],
+        credentialTypes: 'OpenBadgeCredential',
         format: 'jwt_vc',
-        version: OpenId4VCIVersion.VER_1_0_08,
+        version: OpenId4VCIVersion.VER_1_0_13,
       });
     const draft8CredentialRequest = getCredentialRequestForVersion(credentialRequest, OpenId4VCIVersion.VER_1_0_08);
     expect(draft8CredentialRequest).toEqual(getMockData('spruce')?.credential.request);
@@ -219,7 +205,7 @@ describe('Credential Request Client with different issuers ', () => {
     const IRR_URI =
       'openid-initiate-issuance://?issuer=https%3A%2F%2Fjff.walt.id%2Fissuer-api%2Fdefault%2Foidc%2F&credential_type=OpenBadgeCredential&pre-authorized_code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwMTc4OTNjYy04ZTY3LTQxNzItYWZlOS1lODcyYmYxNDBlNWMiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.ODfq2AIhOcB61dAb3zMrXBJjPJaf53zkeHh_AssYyYA&user_pin_required=false';
     const credentialOffer = await (
-      await CredentialRequestClientBuilder.fromURI({
+      await CredentialRequestClientBuilderV1_0_11.fromURI({
         uri: IRR_URI,
         metadata: getMockData('walt')?.metadata as unknown as EndpointMetadata,
       })
@@ -253,9 +239,9 @@ describe('Credential Request Client with different issuers ', () => {
           proof_type: 'jwt',
           jwt: getMockData('uniissuer')?.credential.request.proof.jwt as string,
         },
-        credentialTypes: ['OpenBadgeCredential'],
+        credentialIdentifier: 'OpenBadgeCredential',
         format: 'jwt_vc',
-        version: OpenId4VCIVersion.VER_1_0_08,
+        version: OpenId4VCIVersion.VER_1_0_13,
       });
     expect(credentialOffer).toEqual(getMockData('uniissuer')?.credential.request);
   });
@@ -264,7 +250,7 @@ describe('Credential Request Client with different issuers ', () => {
     const IRR_URI =
       'openid-initiate-issuance://?issuer=https://launchpad.mattrlabs.com&credential_type=OpenBadgeCredential&pre-authorized_code=g0UCOj6RAN5AwHU6gczm_GzB4_lH6GW39Z0Dl2DOOiO';
     const credentialOffer = await (
-      await CredentialRequestClientBuilder.fromURI({
+      await CredentialRequestClientBuilderV1_0_11.fromURI({
         uri: IRR_URI,
         metadata: getMockData('mattr')?.metadata as unknown as EndpointMetadata,
       })
@@ -287,7 +273,7 @@ describe('Credential Request Client with different issuers ', () => {
     const IRR_URI =
       'openid-initiate-issuance://?issuer=https://oidc4vc.diwala.io&credential_type=OpenBadgeCredential&pre-authorized_code=eyJhbGciOiJIUzI1NiJ9.eyJjcmVkZW50aWFsX3R5cGUiOiJPcGVuQmFkZ2VDcmVkZW50aWFsIiwiZXhwIjoxNjgxOTg0NDY3fQ.fEAHKz2nuWfiYHw406iNxr-81pWkNkbi31bWsYSf6Ng';
     const credentialOffer = await (
-      await CredentialRequestClientBuilder.fromURI({
+      await CredentialRequestClientBuilderV1_0_11.fromURI({
         uri: IRR_URI,
         metadata: getMockData('diwala')?.metadata as unknown as EndpointMetadata,
       })
@@ -308,4 +294,55 @@ describe('Credential Request Client with different issuers ', () => {
 
     expect(credentialRequest).toEqual(getMockData('diwala')?.credential.request);
   });
+
+  // TODO: ksadjad remove the skipped test
+  it('should create correct CredentialRequest for credenco', async () => {
+    const IRR_URI =
+      'openid-credential-offer://mijnkvk.acc.credenco.com/?credential_offer_uri=https%3A%2F%2Fmijnkvk.acc.credenco.com%2Fopenid4vc%2FcredentialOffer%3Fid%3D32fc4ebf-9e31-4149-9877-e3c0b602d559';
+    nock('https://mijnkvk.acc.credenco.com')
+      .get('/openid4vc/credentialOffer?id=32fc4ebf-9e31-4149-9877-e3c0b602d559')
+      .reply(200, {
+        credential_issuer: 'https://mijnkvk.acc.credenco.com',
+        credential_configuration_ids: ['BevoegdheidUittreksel_jwt_vc_json'],
+        grants: {
+          authorization_code: {
+            issuer_state: '32fc4ebf-9e31-4149-9877-e3c0b602d559',
+          },
+          'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+            'pre-authorized_code':
+              'eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiIzMmZjNGViZi05ZTMxLTQxNDktOTg3Ny1lM2MwYjYwMmQ1NTkiLCJpc3MiOiJodHRwczovL21pam5rdmsuYWNjLmNyZWRlbmNvLmNvbSIsImF1ZCI6IlRPS0VOIn0.754aiQ87O0vHYSpRvPqAS9cLOgf-pewdeXbpLziRwsxEp9mENfaXpY62muYpzOaWcYmTOydkzhFul-NDYXJZCA',
+          },
+        },
+      });
+    const credentialOffer = await (
+      await CredentialRequestClientBuilder.fromURI({
+        uri: IRR_URI,
+        metadata: getMockData('credenco')?.metadata as unknown as EndpointMetadata,
+      })
+    )
+      .build()
+      .createCredentialRequest({
+        proofInput: {
+          proof_type: 'jwt',
+          jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
+        },
+        credentialIdentifier: 'BevoegdheidUittreksel_jwt_vc_json',
+        // format: 'ldp_vc',
+        version: OpenId4VCIVersion.VER_1_0_13,
+      });
+
+    // createCredentialRequest returns uniform format in draft 11
+    const credentialRequest: CredentialRequestV1_0_13 = getCredentialRequestForVersion(
+      credentialOffer,
+      OpenId4VCIVersion.VER_1_0_13,
+    ) as CredentialRequestV1_0_13;
+
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    expect(credentialRequest.credential_identifier).toEqual('BevoegdheidUittreksel_jwt_vc_json');
+    expect(credentialRequest.proof).toEqual({
+      jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
+      proof_type: 'jwt',
+    });
+  });
 });

package/lib/__tests__/CredentialRequestClientBuilder.spec.ts

@@ -2,12 +2,12 @@ import { KeyObject } from 'crypto';
 
 import {
   Alg,
-  CredentialIssuerMetadata,
+  CredentialIssuerMetadataV1_0_13,
+  CredentialRequestV1_0_13,
   Jwt,
   JwtVerifyResult,
   OpenId4VCIVersion,
   ProofOfPossession,
-  UniformCredentialRequest,
 } from '@sphereon/oid4vci-common';
 import * as jose from 'jose';
 
@@ -17,9 +17,14 @@ import { IDENTIPROOF_ISSUER_URL, IDENTIPROOF_OID4VCI_METADATA, INITIATION_TEST_U
 
 const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 
-const jwt: Jwt = {
+/*const jwtv1_0_08: Jwt = {
   header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
+};*/
+
+const jwtv1_0_11: Jwt = {
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'openid4vci-proof+jwt' },
+  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
 const kid = 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1';
@@ -71,12 +76,12 @@ describe('Credential Request Client Builder', () => {
     const credReqClient = (await CredentialRequestClientBuilder.fromURI({ uri: INITIATION_TEST_URI }))
       .withCredentialEndpoint('https://oidc4vci.demo.spruceid.com/credential')
       .withFormat('jwt_vc')
-      .withCredentialType('credentialType')
+      .withCredentialIdentifier('credentialType')
       .withToken('token')
       .build();
     expect(credReqClient.credentialRequestOpts.credentialEndpoint).toBe('https://oidc4vci.demo.spruceid.com/credential');
     expect(credReqClient.credentialRequestOpts.format).toBe('jwt_vc');
-    expect(credReqClient.credentialRequestOpts.credentialTypes).toStrictEqual(['credentialType']);
+    expect(credReqClient.credentialRequestOpts.credentialIdentifier).toStrictEqual('credentialType');
     expect(credReqClient.credentialRequestOpts.token).toBe('token');
   });
 
@@ -84,26 +89,27 @@ describe('Credential Request Client Builder', () => {
     const credReqClient = (await CredentialRequestClientBuilder.fromURI({ uri: INITIATION_TEST_URI }))
       .withCredentialEndpoint('https://oidc4vci.demo.spruceid.com/credential')
       .withFormat('jwt_vc')
-      .withCredentialType('https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential')
+      .withCredentialIdentifier('OpenBadgeCredential')
       .build();
     const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-      jwt,
+      jwt: jwtv1_0_11,
       callbacks: {
         signCallback: proofOfPossessionCallbackFunction,
         verifyCallback: proofOfPossessionVerifierCallbackFunction,
       },
-      version: OpenId4VCIVersion.VER_1_0_08,
+      version: OpenId4VCIVersion.VER_1_0_13,
     })
       .withClientId('sphereon:wallet')
       .withKid(kid)
       .build();
     await proofOfPossessionVerifierCallbackFunction({ ...proof, kid });
-    const credentialRequest: UniformCredentialRequest = await credReqClient.createCredentialRequest({
+    const credentialRequest: CredentialRequestV1_0_13 = await credReqClient.createCredentialRequest({
       proofInput: proof,
-      version: OpenId4VCIVersion.VER_1_0_08,
+      credentialIdentifier: 'OpenBadgeCredential',
+      version: OpenId4VCIVersion.VER_1_0_13,
     });
     expect(credentialRequest.proof?.jwt).toContain(partialJWT);
-    expect('types' in credentialRequest).toBe(true);
+    expect('credential_identifier' in credentialRequest).toBe(true);
     if ('types' in credentialRequest) {
       expect(credentialRequest.types).toStrictEqual(['https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#OpenBadgeCredential']);
     }
@@ -124,7 +130,7 @@ describe('Credential Request Client Builder', () => {
   it('should build correctly with endpoint from metadata', async () => {
     const credReqClient = (await CredentialRequestClientBuilder.fromURI({ uri: INITIATION_TEST_URI }))
       .withFormat('jwt_vc')
-      .withCredentialEndpointFromMetadata(IDENTIPROOF_OID4VCI_METADATA as unknown as CredentialIssuerMetadata)
+      .withCredentialEndpointFromMetadata(IDENTIPROOF_OID4VCI_METADATA as unknown as CredentialIssuerMetadataV1_0_13)
       .build();
     expect(credReqClient.credentialRequestOpts.credentialEndpoint).toBe(`${IDENTIPROOF_ISSUER_URL}/credential`);
   });