@sphereon/oid4vci-client 0.10.3 → 0.10.4-next.119

package/lib/__tests__/MetadataMocks.ts

@@ -1,4 +1,4 @@
-import { AuthzFlowType, CredentialOfferRequestWithBaseUrl } from '@sphereon/oid4vci-common';
+import { AuthzFlowType, CredentialOfferPayloadV1_0_13, CredentialOfferRequestWithBaseUrl } from '@sphereon/oid4vci-common';
 
 export const IDENTIPROOF_ISSUER_URL = 'https://issuer.research.identiproof.io';
 export const IDENTIPROOF_AS_URL = 'https://auth.research.identiproof.io';
@@ -7,10 +7,50 @@ export const DANUBE_ISSUER_URL = 'https://oidc4vc.uniissuer.io';
 export const WALT_ISSUER_URL = 'https://jff.walt.id/issuer-api/oidc';
 export const INITIATION_TEST_HTTPS_URI =
   'https://server.example.com?issuer=https%3A%2F%2Fserver%2Eexample%2Ecom&credential_type=https%3A%2F%2Fdid%2Eexample%2Eorg%2FhealthCard&credential_type=https%3A%2F%2Fdid%2Eexample%2Eorg%2FdriverLicense&op_state=eyJhbGciOiJSU0Et...FYUaBy';
+export const INITIATION_TEST_HTTPS_URI_V1_0_11 =
+  'https://server.example.com?issuer=https%3A%2F%2Fserver%2Eexample%2Ecom&credential_type=https%3A%2F%2Fdid%2Eexample%2Eorg%2FhealthCard&credential_type=https%3A%2F%2Fdid%2Eexample%2Eorg%2FdriverLicense&op_state=eyJhbGciOiJSU0Et...FYUaBy';
 export const INITIATION_TEST_URI =
+  'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fjff.walt.id%2Fissuer-api%2Foidc%2F%22%2C%22credential_configuration_ids%22%3A%5B%22OpenBadgeCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE%22%2C%22tx_code%22%3A%7B%22description%22%3A%22Please%20provide%20the%20one-time%20code%20that%20was%20sent%20via%20e-mail%22%2C%22input_mode%22%3A%22numeric%22%2C%22length%22%3A4%7D%7D%7D%7D';
+
+export const INITIATION_TEST_URI_V1_0_08 =
   'openid-initiate-issuance://?credential_type=OpenBadgeCredential&issuer=https%3A%2F%2Fjff%2Ewalt%2Eid%2Fissuer-api%2Foidc%2F&pre-authorized_code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE&user_pin_required=false';
 
 export const INITIATION_TEST: CredentialOfferRequestWithBaseUrl = {
+  baseUrl: 'openid-credential-offer://',
+  credential_offer: {
+    credential_configuration_ids: ['OpenBadgeCredential'],
+    credential_issuer: 'https://jff.walt.id/issuer-api/oidc/',
+    grants: {
+      'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+        'pre-authorized_code':
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE',
+        tx_code: {
+          length: 4,
+          description: 'Please provide the one-time code that was sent via e-mail',
+          input_mode: 'numeric',
+        },
+      },
+    },
+  } as CredentialOfferPayloadV1_0_13,
+  original_credential_offer: {
+    credential_issuer: 'https://jff.walt.id/issuer-api/oidc/',
+    credential_configuration_ids: ['OpenBadgeCredential'],
+    grants: {
+      'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+        'pre-authorized_code':
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE',
+        tx_code: { description: 'Please provide the one-time code that was sent via e-mail', input_mode: 'numeric', length: 4 },
+      },
+    },
+  } as CredentialOfferPayloadV1_0_13,
+  preAuthorizedCode:
+    'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhOTUyZjUxNi1jYWVmLTQ4YjMtODIxYy00OTRkYzgyNjljZjAiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.YE5DlalcLC2ChGEg47CQDaN1gTxbaQqSclIVqsSAUHE',
+  scheme: 'openid-credential-offer',
+  supportedFlows: [AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW],
+  version: 1013,
+  userPinRequired: true, // Determined from above tx_code
+};
+export const INITIATION_TEST_V1_0_08: CredentialOfferRequestWithBaseUrl = {
   baseUrl: 'openid-initiate-issuance://',
   credential_offer: {
     credential_issuer: 'https://jff.walt.id/issuer-api/oidc/',
@@ -36,7 +76,7 @@ export const INITIATION_TEST: CredentialOfferRequestWithBaseUrl = {
   supportedFlows: [AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW],
   userPinRequired: false,
   version: 1008,
-};
+} as CredentialOfferRequestWithBaseUrl;
 export const IDENTIPROOF_AS_METADATA = {
   issuer: 'https://auth.research.identiproof.io',
   authorization_endpoint: 'https://auth.research.identiproof.io/oauth2/authorize',

package/lib/__tests__/OpenID4VCIClient.spec.ts

@@ -1,8 +1,16 @@
-import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+import {
+  CodeChallengeMethod,
+  CredentialOfferPayloadV1_0_13,
+  determineSpecVersionFromOffer,
+  determineSpecVersionFromURI,
+  OpenId4VCIVersion,
+  WellKnownEndpoints,
+} from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
 
+import { createCredentialOfferURIFromObject } from '../../../issuer/lib';
 import { OpenID4VCIClient } from '../OpenID4VCIClient';
 
 const MOCK_URL = 'https://server.example.com/';
@@ -16,7 +24,7 @@ describe('OpenID4VCIClient should', () => {
     nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
     client = await OpenID4VCIClient.fromURI({
       clientId: 'test-client',
-      uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
+      uri: 'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fserver.example.com%22%2C%22credential_configuration_ids%22%3A%5B%22TestCredential%22%5D%7D',
       createAuthorizationRequestURL: false,
     });
   });
@@ -102,6 +110,7 @@ describe('OpenID4VCIClient should', () => {
           codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
         },
         authorizationRequest: {
+          clientId: 'clientId',
           redirectUri: 'http://localhost:8881/cb',
         },
       }),
@@ -170,6 +179,7 @@ describe('OpenID4VCIClient should', () => {
       'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     );
   });
+
   it('create an authorization request url with authorization_details and scope', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
@@ -200,3 +210,49 @@ describe('OpenID4VCIClient should', () => {
     );
   });
 });
+describe('should successfully handle isEbsi function', () => {
+  it('should return true when calling isEbsi function', async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
+    const client = await OpenID4VCIClient.fromURI({
+      clientId: 'test-client',
+      uri: 'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fserver.example.com%22%2C%20%22credentials%22%3A%5B%7B%22format%22%3A%22jwt_vc%22%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22VerifiableAttestation%22%2C%22CTWalletSameAuthorisedInTime%22%5D%2C%22trust_framework%22%3A%7B%22name%22%3A%22ebsi%22%2C%22type%22%3A%22Accreditation%22%2C%22uri%22%3A%22TIR%20link%20towards%20accreditation%22%7D%7D%5D%7D',
+      createAuthorizationRequestURL: false,
+    });
+
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata = {
+      credentials_supported: {
+        TestCredential: {
+          trust_framework: {
+            name: 'ebsi_trust',
+          },
+        },
+      },
+    };
+    expect(client.isEBSI()).toBe(true);
+  });
+});
+
+it('determine to be version 13', async () => {
+  const offer = {
+    grants: {
+      'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+        'pre-authorized_code': 'random',
+      },
+    },
+    credential_configuration_ids: ['Omzetbelasting'],
+    credential_issuer: 'https://example.com',
+  } satisfies CredentialOfferPayloadV1_0_13;
+  const offerUri = createCredentialOfferURIFromObject({ credential_offer: offer });
+
+  expect(determineSpecVersionFromOffer(offer)).toEqual(OpenId4VCIVersion.VER_1_0_13);
+  expect(determineSpecVersionFromURI(offerUri)).toEqual(OpenId4VCIVersion.VER_1_0_13);
+});
+it('determine to be version 11', async () => {
+  const offerUri =
+    'openid-credential-offer://?credential_offer=%7B%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22wN39X8fU4FCU2MaykNRkCr%22%2C%22user_pin_required%22%3Afalse%7D%7D%2C%22credentials%22%3A%5B%22dbc2023%22%5D%2C%22credential_issuer%22%3A%22https%3A%2F%2Fssi.dutchblockchaincoalition.org%2Fagent%22%7D';
+  expect(determineSpecVersionFromURI(offerUri)).toEqual(OpenId4VCIVersion.VER_1_0_11);
+});

package/lib/__tests__/{OpenID4VCIClientPAR.spec.ts → OpenID4VCIClientPARV1_0_11.spec.ts}

@@ -3,18 +3,18 @@ import { PARMode, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 // @ts-ignore
 import nock from 'nock';
 
-import { OpenID4VCIClient } from '../OpenID4VCIClient';
+import { OpenID4VCIClientV1_0_11 } from '../OpenID4VCIClientV1_0_11';
 
 const MOCK_URL = 'https://server.example.com/';
-describe('OpenID4VCIClient', () => {
-  let client: OpenID4VCIClient;
+describe('OpenID4VCIClientV1_0_11', () => {
+  let client: OpenID4VCIClientV1_0_11;
 
   beforeEach(async () => {
     nock(MOCK_URL).get(/.*/).reply(200, {});
     nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
     nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
     nock(`${MOCK_URL}`).post('/v1/auth/par').reply(201, { request_uri: 'test_uri', expires_in: 90 });
-    client = await OpenID4VCIClient.fromURI({
+    client = await OpenID4VCIClientV1_0_11.fromURI({
       createAuthorizationRequestURL: false,
       clientId: 'test-client',
       uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
@@ -59,7 +59,7 @@ describe('OpenID4VCIClient', () => {
           redirectUri: 'http://localhost:8881/cb',
         },
       }),
-    ).rejects.toThrow(Error('Could not create authorization details from credential offer. Please pass in explicit details'));
+    ).rejects.toThrow('Could not create authorization details from credential offer. Please pass in explicit details');
   });
 
   it('should not fail when only authorization_details is present', async () => {

package/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts

@@ -0,0 +1,226 @@
+import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
+import nock from 'nock';
+
+import { OpenID4VCIClientV1_0_11 } from '../OpenID4VCIClientV1_0_11';
+
+const MOCK_URL = 'https://server.example.com/';
+
+describe('OpenID4VCIClientV1_0_11 should', () => {
+  let client: OpenID4VCIClientV1_0_11;
+
+  beforeEach(async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
+    client = await OpenID4VCIClientV1_0_11.fromURI({
+      clientId: 'test-client',
+      uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
+      createAuthorizationRequestURL: false,
+    });
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
+
+  it('should successfully construct an authorization request url', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    const url = await client.createAuthorizationRequestUrl({
+      authorizationRequest: {
+        scope: 'openid TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
+    });
+
+    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
+    const scope = urlSearchParams.get('scope')?.split(' ');
+
+    expect(scope?.[0]).toBe('openid');
+  });
+  it('throw an error if authorization endpoint is not set in server metadata', async () => {
+    await expect(
+      client.createAuthorizationRequestUrl({
+        authorizationRequest: {
+          scope: 'openid TestCredential',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Server metadata does not contain authorization endpoint'));
+  });
+  it("injects 'openid' as the first scope if not provided", async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    const url = await client.createAuthorizationRequestUrl({
+      pkce: {
+        codeChallengeMethod: CodeChallengeMethod.S256,
+        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+      },
+      authorizationRequest: {
+        scope: 'TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
+    });
+
+    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
+    const scope = urlSearchParams.get('scope')?.split(' ');
+
+    expect(scope?.[0]).toBe('openid');
+  });
+  it('throw an error if no scope and no authorization_details is provided', async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(200, {});
+    // Use a client with issuer only to trigger the error
+    client = await OpenID4VCIClientV1_0_11.fromCredentialIssuer({
+      credentialIssuer: MOCK_URL,
+      createAuthorizationRequestURL: false,
+      retrieveServerMetadata: false,
+    });
+
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata = {
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      credentialIssuerMetadata: {
+        authorization_endpoint: `${MOCK_URL}v1/auth/authorize`,
+        token_endpoint: `${MOCK_URL}/token`,
+      },
+    };
+    // client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Please provide a scope or authorization_details if no credential offer is present'));
+  });
+  it('create an authorization request url with authorization_details array property', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: [
+            {
+              type: 'openid_credential',
+              format: 'ldp_vc',
+              credential_definition: {
+                '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+                types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+              },
+            },
+            {
+              type: 'openid_credential',
+              // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+              // @ts-ignore
+              format: 'mso_mdoc',
+              doctype: 'org.iso.18013.5.1.mDL',
+            },
+          ],
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+  it('create an authorization request url with authorization_details object property', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
+          },
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+  it('create an authorization request url with authorization_details and scope', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            locations: ['https://test.com'],
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
+          },
+          scope: 'openid',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22locations%22%3A%5B%22https%3A%2F%2Ftest%2Ecom%22%2C%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+});
+
+it('should return true when calling isEbsi function', async () => {
+  nock(MOCK_URL).get(/.*/).reply(200, {});
+  nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+  nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
+  const client = await OpenID4VCIClientV1_0_11.fromURI({
+    clientId: 'test-client',
+    uri: 'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fserver.example.com%22%2C%20%22credentials%22%3A%5B%7B%22format%22%3A%22jwt_vc%22%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22VerifiableAttestation%22%2C%22CTWalletSameAuthorisedInTime%22%5D%2C%22trust_framework%22%3A%7B%22name%22%3A%22ebsi%22%2C%22type%22%3A%22Accreditation%22%2C%22uri%22%3A%22TIR%20link%20towards%20accreditation%22%7D%7D%5D%7D',
+    createAuthorizationRequestURL: false,
+  });
+
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
+  client._state.endpointMetadata?.credentialIssuerMetadata = {
+    credentials_supported: {
+      TestCredential: {
+        trust_framework: {
+          name: 'ebsi_trust',
+        },
+      },
+    },
+  };
+  expect(client.isEBSI()).toBe(true);
+});

package/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts

@@ -0,0 +1,204 @@
+import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
+import nock from 'nock';
+
+import { OpenID4VCIClientV1_0_13 } from '../OpenID4VCIClientV1_0_13';
+
+const MOCK_URL = 'https://server.example.com/';
+
+describe('OpenID4VCIClientV1_0_13 should', () => {
+  let client: OpenID4VCIClientV1_0_13;
+
+  beforeEach(async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(404, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
+    client = await OpenID4VCIClientV1_0_13.fromURI({
+      clientId: 'test-client',
+      uri: 'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fserver.example.com%22%2C%22credential_configuration_ids%22%3A%5B%22TestCredential%22%5D%7D',
+      createAuthorizationRequestURL: false,
+    });
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
+
+  it('should successfully construct an authorization request url', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    const url = await client.createAuthorizationRequestUrl({
+      authorizationRequest: {
+        scope: 'openid TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
+    });
+
+    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
+    const scope = urlSearchParams.get('scope')?.split(' ');
+
+    expect(scope?.[0]).toBe('openid');
+  });
+  it('throw an error if authorization endpoint is not set in server metadata', async () => {
+    await expect(
+      client.createAuthorizationRequestUrl({
+        authorizationRequest: {
+          scope: 'openid TestCredential',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Server metadata does not contain authorization endpoint'));
+  });
+  it("injects 'openid' as the first scope if not provided", async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    const url = await client.createAuthorizationRequestUrl({
+      pkce: {
+        codeChallengeMethod: CodeChallengeMethod.S256,
+        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+      },
+      authorizationRequest: {
+        scope: 'TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
+    });
+
+    const urlSearchParams = new URLSearchParams(url.split('?')[1]);
+    const scope = urlSearchParams.get('scope')?.split(' ');
+
+    expect(scope?.[0]).toBe('openid');
+  });
+  it('throw an error if no scope and no authorization_details is provided', async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(200, {});
+    // Use a client with issuer only to trigger the error
+    client = await OpenID4VCIClientV1_0_13.fromCredentialIssuer({
+      credentialIssuer: MOCK_URL,
+      createAuthorizationRequestURL: false,
+      retrieveServerMetadata: false,
+    });
+
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata = {
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      credentialIssuerMetadata: {
+        authorization_endpoint: `${MOCK_URL}v1/auth/authorize`,
+        token_endpoint: `${MOCK_URL}/token`,
+      },
+    };
+    // client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          clientId: 'clientId',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Please provide a scope or authorization_details if no credential offer is present'));
+  });
+  it('create an authorization request url with authorization_details array property', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: [
+            {
+              type: 'openid_credential',
+              format: 'ldp_vc',
+              credential_definition: {
+                '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+                types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+              },
+            },
+            {
+              type: 'openid_credential',
+              // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+              // @ts-ignore
+              format: 'mso_mdoc',
+              doctype: 'org.iso.18013.5.1.mDL',
+            },
+          ],
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+  it('create an authorization request url with authorization_details object property', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
+          },
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+
+  it('create an authorization request url with authorization_details and scope', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+
+    await expect(
+      client.createAuthorizationRequestUrl({
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            locations: ['https://test.com'],
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
+          },
+          scope: 'openid',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22locations%22%3A%5B%22https%3A%2F%2Ftest%2Ecom%22%2C%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
+    );
+  });
+});

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -9,7 +9,7 @@ import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';
 
 const jwt: Jwt = {
   header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
-  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now()/1000 },
+  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
 const kid = 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1';