@sphereon/oid4vci-client 0.10.4-unstable.2 → 0.10.4-unstable.21

package/lib/CredentialOfferClient.ts

@@ -1,9 +1,6 @@
 import {
-  CredentialOffer,
-  CredentialOfferPayload,
-  CredentialOfferPayloadV1_0_09,
   CredentialOfferRequestWithBaseUrl,
-  CredentialOfferV1_0_11,
+  CredentialOfferV1_0_13,
   determineSpecVersionFromURI,
   getClientIdFromCredentialOfferPayload,
   OpenId4VCIVersion,
@@ -25,24 +22,12 @@ export class CredentialOfferClient {
     const scheme = uri.split('://')[0];
     const baseUrl = uri.split('?')[0];
     const version = determineSpecVersionFromURI(uri);
-    let credentialOffer: CredentialOffer;
-    let credentialOfferPayload: CredentialOfferPayload;
-    if (version < OpenId4VCIVersion.VER_1_0_11) {
-      credentialOfferPayload = convertURIToJsonObject(uri, {
-        arrayTypeProperties: ['credential_type'],
-        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['issuer', 'credential_type'],
-      }) as CredentialOfferPayloadV1_0_09;
-      credentialOffer = {
-        credential_offer: credentialOfferPayload,
-      };
-    } else {
-      credentialOffer = convertURIToJsonObject(uri, {
-        arrayTypeProperties: ['credentials'],
-        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['credential_offer'],
-      }) as CredentialOfferV1_0_11;
-      if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
-        throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
-      }
+    const credentialOffer: CredentialOfferV1_0_13 = convertURIToJsonObject(uri, {
+      arrayTypeProperties: ['credential_configuration_ids'],
+      requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['credential_offer'],
+    }) as CredentialOfferV1_0_13;
+    if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
+      throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
     }
 
     const request = await toUniformCredentialOfferRequest(credentialOffer, {
@@ -55,13 +40,16 @@ export class CredentialOfferClient {
     return {
       scheme,
       baseUrl,
-      clientId,
+      ...(clientId && { clientId }),
       ...request,
       ...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
       ...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
         preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
       }),
-      userPinRequired: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false,
+      ...(request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code &&
+        {
+          // txCode: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code,
+        }),
     };
   }
 
@@ -101,7 +89,7 @@ export class CredentialOfferClient {
       arrayTypeProperties: isUri ? [] : ['credential_type'],
       uriTypeProperties: isUri
         ? ['credential_offer_uri']
-        : version >= OpenId4VCIVersion.VER_1_0_11
+        : version >= OpenId4VCIVersion.VER_1_0_13
           ? ['credential_issuer', 'credential_type']
           : ['issuer', 'credential_type'],
       param,

package/lib/CredentialOfferClientV1_0_11.ts

@@ -0,0 +1,112 @@
+import {
+  CredentialOffer,
+  CredentialOfferPayload,
+  CredentialOfferPayloadV1_0_09,
+  CredentialOfferRequestWithBaseUrl,
+  CredentialOfferRequestWithBaseUrlV1_0_11,
+  CredentialOfferV1_0_11,
+  determineSpecVersionFromURI,
+  getClientIdFromCredentialOfferPayload,
+  OpenId4VCIVersion,
+  toUniformCredentialOfferRequestV1_0_11,
+} from '@sphereon/oid4vci-common';
+import Debug from 'debug';
+
+import { convertJsonToURI, convertURIToJsonObject } from './functions';
+
+const debug = Debug('sphereon:oid4vci:offer');
+
+export class CredentialOfferClientV1_0_11 {
+  public static async fromURI(uri: string, opts?: { resolve?: boolean }): Promise<CredentialOfferRequestWithBaseUrlV1_0_11> {
+    debug(`Credential Offer URI: ${uri}`);
+    if (!uri.includes('?') || !uri.includes('://')) {
+      debug(`Invalid Credential Offer URI: ${uri}`);
+      throw Error(`Invalid Credential Offer Request`);
+    }
+    const scheme = uri.split('://')[0];
+    const baseUrl = uri.split('?')[0];
+    const version = determineSpecVersionFromURI(uri);
+    let credentialOffer: CredentialOffer;
+    let credentialOfferPayload: CredentialOfferPayload;
+    if (version < OpenId4VCIVersion.VER_1_0_11) {
+      credentialOfferPayload = convertURIToJsonObject(uri, {
+        arrayTypeProperties: ['credential_type'],
+        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['issuer', 'credential_type'],
+      }) as CredentialOfferPayloadV1_0_09;
+      credentialOffer = {
+        credential_offer: credentialOfferPayload,
+      };
+    } else {
+      credentialOffer = convertURIToJsonObject(uri, {
+        arrayTypeProperties: ['credentials'],
+        requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['credential_offer'],
+      }) as CredentialOfferV1_0_11;
+      if (credentialOffer?.credential_offer_uri === undefined && !credentialOffer?.credential_offer) {
+        throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
+      }
+    }
+
+    const request = await toUniformCredentialOfferRequestV1_0_11(credentialOffer, {
+      ...opts,
+      version,
+    });
+    const clientId = getClientIdFromCredentialOfferPayload(request.credential_offer);
+    const grants = request.credential_offer?.grants;
+
+    return {
+      scheme,
+      baseUrl,
+      clientId,
+      ...request,
+      ...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
+      ...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
+        preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
+      }),
+      userPinRequired: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false,
+    };
+  }
+
+  public static toURI(
+    requestWithBaseUrl: CredentialOfferRequestWithBaseUrl,
+    opts?: {
+      version?: OpenId4VCIVersion;
+    },
+  ): string {
+    debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
+    const version = opts?.version ?? requestWithBaseUrl.version;
+    let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme)
+      ? requestWithBaseUrl.baseUrl
+      : `${requestWithBaseUrl.scheme.replace('://', '')}://${requestWithBaseUrl.baseUrl}`;
+    let param: string | undefined;
+
+    const isUri = requestWithBaseUrl.credential_offer_uri !== undefined;
+
+    if (version.valueOf() >= OpenId4VCIVersion.VER_1_0_11.valueOf()) {
+      // v11 changed from encoding every param to a encoded json object with a credential_offer param key
+      if (!baseUrl.includes('?')) {
+        param = isUri ? 'credential_offer_uri' : 'credential_offer';
+      } else {
+        const split = baseUrl.split('?');
+        if (split.length > 1 && split[1] !== '') {
+          if (baseUrl.endsWith('&')) {
+            param = isUri ? 'credential_offer_uri' : 'credential_offer';
+          } else if (!baseUrl.endsWith('=')) {
+            baseUrl += `&`;
+            param = isUri ? 'credential_offer_uri' : 'credential_offer';
+          }
+        }
+      }
+    }
+    return convertJsonToURI(requestWithBaseUrl.credential_offer_uri ?? requestWithBaseUrl.original_credential_offer, {
+      baseUrl,
+      arrayTypeProperties: isUri ? [] : ['credential_type'],
+      uriTypeProperties: isUri
+        ? ['credential_offer_uri']
+        : version >= OpenId4VCIVersion.VER_1_0_11
+          ? ['credential_issuer', 'credential_type']
+          : ['issuer', 'credential_type'],
+      param,
+      version,
+    });
+  }
+}

package/lib/CredentialRequestClient.ts

@@ -1,5 +1,6 @@
 import {
   acquireDeferredCredential,
+  CredentialRequestV1_0_13,
   CredentialResponse,
   getCredentialRequestForVersion,
   getUniformFormat,
@@ -15,8 +16,8 @@ import { CredentialFormat } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
 import { CredentialRequestClientBuilder } from './CredentialRequestClientBuilder';
-import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
 import { isValidURL, post } from './functions';
+import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
 
 const debug = Debug('sphereon:oid4vci:credential');
 
@@ -41,7 +42,7 @@ export async function buildProof<DIDDoc>(
 ) {
   if ('proof_type' in proofInput) {
     if (opts.cNonce) {
-      throw Error(`Cnonce param is only supported when using a Proof of Posession builder`);
+      throw Error(`Cnonce param is only supported when using a Proof of possession builder`);
     }
     return await ProofOfPossessionBuilder.fromProof(proofInput as ProofOfPossession, opts.version).build();
   }
@@ -88,7 +89,10 @@ export class CredentialRequestClient {
   }
 
   public async acquireCredentialsUsingRequest(uniformRequest: UniformCredentialRequest): Promise<OpenIDResponse<CredentialResponse>> {
-    const request = getCredentialRequestForVersion(uniformRequest, this.version());
+    if (this.version() < OpenId4VCIVersion.VER_1_0_13) {
+      throw new Error('Versions below v1.0.13 (draft 13) are not supported.');
+    }
+    const request: CredentialRequestV1_0_13 = getCredentialRequestForVersion(uniformRequest, this.version()) as CredentialRequestV1_0_13;
     const credentialEndpoint: string = this.credentialRequestOpts.credentialEndpoint;
     if (!isValidURL(credentialEndpoint)) {
       debug(`Invalid credential endpoint: ${credentialEndpoint}`);
@@ -154,7 +158,7 @@ export class CredentialRequestClient {
       throw Error(`Credential type(s) need to be provided`);
     }
     // FIXME: this is mixing up the type (as id) from v8/v9 and the types (from the vc.type) from v11
-    else if (!this.isV11OrHigher() && types.length !== 1) {
+    else if (!this.isV13OrHigher() && types.length !== 1) {
       throw Error('Only a single credential type is supported for V8/V9');
     }
     const proof = await buildProof(proofInput, opts);
@@ -199,10 +203,10 @@ export class CredentialRequestClient {
   }
 
   private version(): OpenId4VCIVersion {
-    return this.credentialRequestOpts?.version ?? OpenId4VCIVersion.VER_1_0_11;
+    return this.credentialRequestOpts?.version ?? OpenId4VCIVersion.VER_1_0_13;
   }
 
-  private isV11OrHigher(): boolean {
-    return this.version() >= OpenId4VCIVersion.VER_1_0_11;
+  private isV13OrHigher(): boolean {
+    return this.version() >= OpenId4VCIVersion.VER_1_0_13;
   }
 }

package/lib/CredentialRequestClientBuilder.ts

@@ -1,16 +1,17 @@
 import {
   AccessTokenResponse,
-  CredentialIssuerMetadata,
+  CredentialIssuerMetadataV1_0_13,
   CredentialOfferPayloadV1_0_08,
+  CredentialOfferPayloadV1_0_11,
   CredentialOfferRequestWithBaseUrl,
   determineSpecVersionFromOffer,
   EndpointMetadata,
   getIssuerFromCredentialOfferPayload,
-  getTypesFromOffer,
+  getTypesFromOfferV1_0_11,
   OID4VCICredentialFormat,
   OpenId4VCIVersion,
-  UniformCredentialOfferRequest,
-} from '@sphereon/oid4vci-common';
+  UniformCredentialOfferRequest
+} from '@sphereon/oid4vci-common'
 import { CredentialFormat } from '@sphereon/ssi-types';
 
 import { CredentialOfferClient } from './CredentialOfferClient';
@@ -73,9 +74,9 @@ export class CredentialRequestClientBuilder {
     if (version <= OpenId4VCIVersion.VER_1_0_08) {
       //todo: This basically sets all types available during initiation. Probably the user only wants a subset. So do we want to do this?
       builder.withCredentialType((request.original_credential_offer as CredentialOfferPayloadV1_0_08).credential_type);
-    } else {
+    } else if (version <= OpenId4VCIVersion.VER_1_0_11) {
       // todo: look whether this is correct
-      builder.withCredentialType(getTypesFromOffer(request.credential_offer));
+      builder.withCredentialType(getTypesFromOfferV1_0_11(request.credential_offer as CredentialOfferPayloadV1_0_11));
     }
 
     return builder;
@@ -95,7 +96,7 @@ export class CredentialRequestClientBuilder {
     });
   }
 
-  public withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+  public withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_13): this {
     this.credentialEndpoint = metadata.credential_endpoint;
     return this;
   }
@@ -105,7 +106,7 @@ export class CredentialRequestClientBuilder {
     return this;
   }
 
-  public withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+  public withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_13): this {
     this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
     return this;
   }

package/lib/CredentialRequestClientBuilderV1_0_11.ts

@@ -0,0 +1,156 @@
+import {
+  AccessTokenResponse,
+  CredentialIssuerMetadata,
+  CredentialOfferPayloadV1_0_08,
+  CredentialOfferPayloadV1_0_11,
+  CredentialOfferRequestWithBaseUrl,
+  determineSpecVersionFromOffer,
+  EndpointMetadata,
+  getIssuerFromCredentialOfferPayload,
+  getTypesFromOfferV1_0_11,
+  OID4VCICredentialFormat,
+  OpenId4VCIVersion,
+  UniformCredentialOfferRequest,
+} from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
+
+import { CredentialOfferClientV1_0_11 } from './CredentialOfferClientV1_0_11';
+import { CredentialRequestClientV1_0_11 } from './CredentialRequestClientV1_0_11';
+
+export class CredentialRequestClientBuilderV1_0_11 {
+  credentialEndpoint?: string;
+  deferredCredentialEndpoint?: string;
+  deferredCredentialAwait = false;
+  deferredCredentialIntervalInMS = 5000;
+  credentialTypes: string[] = [];
+  format?: CredentialFormat | OID4VCICredentialFormat;
+  token?: string;
+  version?: OpenId4VCIVersion;
+
+  public static fromCredentialIssuer({
+    credentialIssuer,
+    metadata,
+    version,
+    credentialTypes,
+  }: {
+    credentialIssuer: string;
+    metadata?: EndpointMetadata;
+    version?: OpenId4VCIVersion;
+    credentialTypes: string | string[];
+  }): CredentialRequestClientBuilderV1_0_11 {
+    const issuer = credentialIssuer;
+    const builder = new CredentialRequestClientBuilderV1_0_11();
+    builder.withVersion(version ?? OpenId4VCIVersion.VER_1_0_11);
+    builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith('/') ? `${issuer}credential` : `${issuer}/credential`));
+    if (metadata?.deferred_credential_endpoint) {
+      builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
+    }
+    builder.withCredentialType(credentialTypes);
+    return builder;
+  }
+
+  public static async fromURI({ uri, metadata }: { uri: string; metadata?: EndpointMetadata }): Promise<CredentialRequestClientBuilderV1_0_11> {
+    const offer = await CredentialOfferClientV1_0_11.fromURI(uri);
+    return CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest({ request: offer, ...offer, metadata, version: offer.version });
+  }
+
+  public static fromCredentialOfferRequest(opts: {
+    request: UniformCredentialOfferRequest;
+    scheme?: string;
+    baseUrl?: string;
+    version?: OpenId4VCIVersion;
+    metadata?: EndpointMetadata;
+  }): CredentialRequestClientBuilderV1_0_11 {
+    const { request, metadata } = opts;
+    const version = opts.version ?? request.version ?? determineSpecVersionFromOffer(request.original_credential_offer);
+    const builder = new CredentialRequestClientBuilderV1_0_11();
+    const issuer = getIssuerFromCredentialOfferPayload(request.credential_offer) ?? (metadata?.issuer as string);
+    builder.withVersion(version);
+    builder.withCredentialEndpoint(metadata?.credential_endpoint ?? (issuer.endsWith('/') ? `${issuer}credential` : `${issuer}/credential`));
+    if (metadata?.deferred_credential_endpoint) {
+      builder.withDeferredCredentialEndpoint(metadata.deferred_credential_endpoint);
+    }
+
+    if (version <= OpenId4VCIVersion.VER_1_0_08) {
+      //todo: This basically sets all types available during initiation. Probably the user only wants a subset. So do we want to do this?
+      builder.withCredentialType((request.original_credential_offer as CredentialOfferPayloadV1_0_08).credential_type);
+    } else if (version <= OpenId4VCIVersion.VER_1_0_11) {
+      // todo: look whether this is correct
+      builder.withCredentialType(getTypesFromOfferV1_0_11(request.credential_offer as CredentialOfferPayloadV1_0_11));
+    }
+
+    return builder;
+  }
+
+  public static fromCredentialOffer({
+    credentialOffer,
+    metadata,
+  }: {
+    credentialOffer: CredentialOfferRequestWithBaseUrl;
+    metadata?: EndpointMetadata;
+  }): CredentialRequestClientBuilderV1_0_11 {
+    return CredentialRequestClientBuilderV1_0_11.fromCredentialOfferRequest({
+      request: credentialOffer,
+      metadata,
+      version: credentialOffer.version,
+    });
+  }
+
+  public withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+    this.credentialEndpoint = metadata.credential_endpoint;
+    return this;
+  }
+
+  public withCredentialEndpoint(credentialEndpoint: string): this {
+    this.credentialEndpoint = credentialEndpoint;
+    return this;
+  }
+
+  public withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this {
+    this.deferredCredentialEndpoint = metadata.deferred_credential_endpoint;
+    return this;
+  }
+
+  public withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this {
+    this.deferredCredentialEndpoint = deferredCredentialEndpoint;
+    return this;
+  }
+
+  public withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this {
+    this.deferredCredentialAwait = deferredCredentialAwait;
+    this.deferredCredentialIntervalInMS = deferredCredentialIntervalInMS ?? 5000;
+    return this;
+  }
+
+  public withCredentialType(credentialTypes: string | string[]): this {
+    this.credentialTypes = Array.isArray(credentialTypes) ? credentialTypes : [credentialTypes];
+    return this;
+  }
+
+  public withFormat(format: CredentialFormat | OID4VCICredentialFormat): this {
+    this.format = format;
+    return this;
+  }
+
+  public withToken(accessToken: string): this {
+    this.token = accessToken;
+    return this;
+  }
+
+  public withTokenFromResponse(response: AccessTokenResponse): this {
+    this.token = response.access_token;
+    return this;
+  }
+
+  public withVersion(version: OpenId4VCIVersion): this {
+    this.version = version;
+    return this;
+  }
+
+  public build(): CredentialRequestClientV1_0_11 {
+    if (!this.version) {
+      this.withVersion(OpenId4VCIVersion.VER_1_0_11);
+    }
+    return new CredentialRequestClientV1_0_11(this);
+  }
+}

package/lib/CredentialRequestClientV1_0_11.ts

@@ -0,0 +1,190 @@
+import {
+  acquireDeferredCredential,
+  CredentialResponse,
+  getCredentialRequestForVersion,
+  getUniformFormat,
+  isDeferredCredentialResponse,
+  OID4VCICredentialFormat,
+  OpenId4VCIVersion,
+  OpenIDResponse,
+  ProofOfPossession,
+  UniformCredentialRequest,
+  URL_NOT_VALID,
+} from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
+import Debug from 'debug';
+
+import { buildProof } from './CredentialRequestClient';
+import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
+import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
+import { isValidURL, post } from './functions';
+
+const debug = Debug('sphereon:oid4vci:credential');
+
+export interface CredentialRequestOptsV1_0_11 {
+  deferredCredentialAwait?: boolean;
+  deferredCredentialIntervalInMS?: number;
+  credentialEndpoint: string;
+  deferredCredentialEndpoint?: string;
+  credentialTypes: string[];
+  format?: CredentialFormat | OID4VCICredentialFormat;
+  proof: ProofOfPossession;
+  token: string;
+  version: OpenId4VCIVersion;
+}
+
+export class CredentialRequestClientV1_0_11 {
+  private readonly _credentialRequestOpts: Partial<CredentialRequestOptsV1_0_11>;
+  private _isDeferred = false;
+
+  get credentialRequestOpts(): CredentialRequestOptsV1_0_11 {
+    return this._credentialRequestOpts as CredentialRequestOptsV1_0_11;
+  }
+
+  public isDeferred(): boolean {
+    return this._isDeferred;
+  }
+
+  public getCredentialEndpoint(): string {
+    return this.credentialRequestOpts.credentialEndpoint;
+  }
+
+  public getDeferredCredentialEndpoint(): string | undefined {
+    return this.credentialRequestOpts.deferredCredentialEndpoint;
+  }
+
+  public constructor(builder: CredentialRequestClientBuilderV1_0_11) {
+    this._credentialRequestOpts = { ...builder };
+  }
+
+  public async acquireCredentialsUsingProof<DIDDoc>(opts: {
+    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    credentialTypes?: string | string[];
+    context?: string[];
+    format?: CredentialFormat | OID4VCICredentialFormat;
+  }): Promise<OpenIDResponse<CredentialResponse>> {
+    const { credentialTypes, proofInput, format, context } = opts;
+
+    const request = await this.createCredentialRequest({ proofInput, credentialTypes, context, format, version: this.version() });
+    return await this.acquireCredentialsUsingRequest(request);
+  }
+
+  public async acquireCredentialsUsingRequest(uniformRequest: UniformCredentialRequest): Promise<OpenIDResponse<CredentialResponse>> {
+    const request = getCredentialRequestForVersion(uniformRequest, this.version());
+    const credentialEndpoint: string = this.credentialRequestOpts.credentialEndpoint;
+    if (!isValidURL(credentialEndpoint)) {
+      debug(`Invalid credential endpoint: ${credentialEndpoint}`);
+      throw new Error(URL_NOT_VALID);
+    }
+    debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
+    debug(`request\n: ${JSON.stringify(request, null, 2)}`);
+    const requestToken: string = this.credentialRequestOpts.token;
+    let response: OpenIDResponse<CredentialResponse> = await post(credentialEndpoint, JSON.stringify(request), { bearerToken: requestToken });
+    this._isDeferred = isDeferredCredentialResponse(response);
+    if (this.isDeferred() && this.credentialRequestOpts.deferredCredentialAwait && response.successBody) {
+      response = await this.acquireDeferredCredential(response.successBody, { bearerToken: this.credentialRequestOpts.token });
+    }
+
+    debug(`Credential endpoint ${credentialEndpoint} response:\r\n${JSON.stringify(response, null, 2)}`);
+    return response;
+  }
+
+  public async acquireDeferredCredential(
+    response: Pick<CredentialResponse, 'transaction_id' | 'acceptance_token' | 'c_nonce'>,
+    opts?: {
+      bearerToken?: string;
+    },
+  ): Promise<OpenIDResponse<CredentialResponse>> {
+    const transactionId = response.transaction_id;
+    const bearerToken = response.acceptance_token ?? opts?.bearerToken;
+    const deferredCredentialEndpoint = this.getDeferredCredentialEndpoint();
+    if (!deferredCredentialEndpoint) {
+      throw Error(`No deferred credential endpoint supplied.`);
+    } else if (!bearerToken) {
+      throw Error(`No bearer token present and refresh for defered endpoint not supported yet`);
+      // todo updated bearer token with new c_nonce
+    }
+    return await acquireDeferredCredential({
+      bearerToken,
+      transactionId,
+      deferredCredentialEndpoint,
+      deferredCredentialAwait: this.credentialRequestOpts.deferredCredentialAwait,
+      deferredCredentialIntervalInMS: this.credentialRequestOpts.deferredCredentialIntervalInMS,
+    });
+  }
+
+  public async createCredentialRequest<DIDDoc>(opts: {
+    proofInput: ProofOfPossessionBuilder<DIDDoc> | ProofOfPossession;
+    credentialTypes?: string | string[];
+    context?: string[];
+    format?: CredentialFormat | OID4VCICredentialFormat;
+    version: OpenId4VCIVersion;
+  }): Promise<UniformCredentialRequest> {
+    const { proofInput } = opts;
+    const formatSelection = opts.format ?? this.credentialRequestOpts.format;
+
+    if (!formatSelection) {
+      throw Error(`Format of credential to be issued is missing`);
+    }
+    const format = getUniformFormat(formatSelection);
+    const typesSelection =
+      opts?.credentialTypes && (typeof opts.credentialTypes === 'string' || opts.credentialTypes.length > 0)
+        ? opts.credentialTypes
+        : this.credentialRequestOpts.credentialTypes;
+    const types = Array.isArray(typesSelection) ? typesSelection : [typesSelection];
+    if (types.length === 0) {
+      throw Error(`Credential type(s) need to be provided`);
+    }
+    // FIXME: this is mixing up the type (as id) from v8/v9 and the types (from the vc.type) from v11
+    else if (!this.isV11OrHigher() && types.length !== 1) {
+      throw Error('Only a single credential type is supported for V8/V9');
+    }
+    const proof = await buildProof(proofInput, opts);
+
+    // TODO: we should move format specific logic
+    if (format === 'jwt_vc_json' || format === 'jwt_vc') {
+      return {
+        types,
+        format,
+        proof,
+      };
+    } else if (format === 'jwt_vc_json-ld' || format === 'ldp_vc') {
+      if (this.version() >= OpenId4VCIVersion.VER_1_0_12 && !opts.context) {
+        throw Error('No @context value present, but it is required');
+      }
+
+      return {
+        format,
+        proof,
+
+        // Ignored because v11 does not have the context value, but it is required in v12
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        credential_definition: {
+          types,
+          ...(opts.context && { '@context': opts.context }),
+        },
+      };
+    } else if (format === 'vc+sd-jwt') {
+      if (types.length > 1) {
+        throw Error(`Only a single credential type is supported for ${format}`);
+      }
+
+      return {
+        format,
+        proof,
+        vct: types[0],
+      };
+    }
+
+    throw new Error(`Unsupported format: ${format}`);
+  }
+
+  private version(): OpenId4VCIVersion {
+    return this.credentialRequestOpts?.version ?? OpenId4VCIVersion.VER_1_0_11;
+  }
+
+  private isV11OrHigher(): boolean {
+    return this.version() >= OpenId4VCIVersion.VER_1_0_11;
+  }
+}