@sphereon/oid4vci-client 0.10.4-unstable.2 → 0.10.4-unstable.21

package/lib/MetadataClient.ts

@@ -1,17 +1,18 @@
 import {
   AuthorizationServerMetadata,
   AuthorizationServerType,
-  CredentialIssuerMetadata,
-  CredentialOfferPayload,
+  CredentialIssuerMetadataV1_0_13,
+  CredentialOfferPayloadV1_0_13,
   CredentialOfferRequestWithBaseUrl,
-  EndpointMetadataResult,
+  EndpointMetadataResultV1_0_13,
   getIssuerFromCredentialOfferPayload,
+  IssuerMetadataV1_0_13,
   OpenIDResponse,
-  WellKnownEndpoints,
-} from '@sphereon/oid4vci-common';
+  WellKnownEndpoints
+} from '@sphereon/oid4vci-common'
 import Debug from 'debug';
 
-import { getJson } from './functions';
+import { retrieveWellknown } from './functions/OpenIDUtils'
 
 const debug = Debug('sphereon:oid4vci:metadata');
 
@@ -21,15 +22,15 @@ export class MetadataClient {
    *
    * @param credentialOffer
    */
-  public static async retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResult> {
-    return MetadataClient.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
+  public static async retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_13> {
+    return MetadataClient.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer as CredentialOfferPayloadV1_0_13);
   }
 
   /**
    * Retrieve the metada using the initiation request obtained from a previous step
    * @param request
    */
-  public static async retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResult> {
+  public static async retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayloadV1_0_13): Promise<EndpointMetadataResultV1_0_13> {
     const issuer = getIssuerFromCredentialOfferPayload(request);
     if (issuer) {
       return MetadataClient.retrieveAllMetadata(issuer);
@@ -42,13 +43,13 @@ export class MetadataClient {
    * @param issuer The issuer URL
    * @param opts
    */
-  public static async retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean }): Promise<EndpointMetadataResult> {
+  public static async retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean }): Promise<EndpointMetadataResultV1_0_13> {
     let token_endpoint: string | undefined;
     let credential_endpoint: string | undefined;
     let deferred_credential_endpoint: string | undefined;
     let authorization_endpoint: string | undefined;
     let authorizationServerType: AuthorizationServerType = 'OID4VCI';
-    let authorization_server: string = issuer;
+    let authorization_servers: string[] = [issuer];
     const oid4vciResponse = await MetadataClient.retrieveOpenID4VCIServerMetadata(issuer, { errorOnNotFound: false }); // We will handle errors later, given we will also try other metadata locations
     let credentialIssuerMetadata = oid4vciResponse?.successBody;
     if (credentialIssuerMetadata) {
@@ -58,16 +59,14 @@ export class MetadataClient {
       if (credentialIssuerMetadata.token_endpoint) {
         token_endpoint = credentialIssuerMetadata.token_endpoint;
       }
-      if (credentialIssuerMetadata.authorization_server) {
-        authorization_server = credentialIssuerMetadata.authorization_server;
-      }
-      if (credentialIssuerMetadata.authorization_endpoint) {
-        authorization_endpoint = credentialIssuerMetadata.authorization_endpoint;
+      if (credentialIssuerMetadata.authorization_servers) {
+        authorization_servers = credentialIssuerMetadata.authorization_servers;
       }
     }
     // No specific OID4VCI endpoint. Either can be an OAuth2 AS or an OIDC IDP. Let's start with OIDC first
-    let response: OpenIDResponse<AuthorizationServerMetadata> = await MetadataClient.retrieveWellknown(
-      authorization_server,
+    // TODO: for now we're taking just the first one
+    let response: OpenIDResponse<AuthorizationServerMetadata> = await retrieveWellknown(
+      authorization_servers[0],
       WellKnownEndpoints.OPENID_CONFIGURATION,
       {
         errorOnNotFound: false,
@@ -79,13 +78,14 @@ export class MetadataClient {
       authorizationServerType = 'OIDC';
     } else {
       // Now let's do OAuth2
-      response = await MetadataClient.retrieveWellknown(authorization_server, WellKnownEndpoints.OAUTH_AS, { errorOnNotFound: false });
+      // TODO: for now we're taking just the first one
+      response = await retrieveWellknown(authorization_servers[0], WellKnownEndpoints.OAUTH_AS, { errorOnNotFound: false });
       authMetadata = response.successBody;
     }
     if (!authMetadata) {
       // We will always throw an error, no matter whether the user provided the option not to, because this is bad.
-      if (issuer !== authorization_server) {
-        throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_server}, but that server did not provide metadata`);
+      if (!authorization_servers.includes(issuer)) {
+        throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_servers}, but that server did not provide metadata`);
       }
     } else {
       if (!authorizationServerType) {
@@ -103,7 +103,7 @@ export class MetadataClient {
       }
       authorization_endpoint = authMetadata.authorization_endpoint;
       if (!authMetadata.token_endpoint) {
-        throw Error(`Authorization Sever ${authorization_server} did not provide a token_endpoint`);
+        throw Error(`Authorization Sever ${authorization_servers} did not provide a token_endpoint`);
       } else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
         throw Error(
           `Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`,
@@ -152,7 +152,7 @@ export class MetadataClient {
 
     if (!credentialIssuerMetadata && authMetadata) {
       // Apparently everything worked out and the issuer is exposing everything in oAuth2/OIDC well-knowns. Spec is vague about this situation, but we can support it
-      credentialIssuerMetadata = authMetadata as CredentialIssuerMetadata;
+      credentialIssuerMetadata = authMetadata as CredentialIssuerMetadataV1_0_13;
     }
     debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
     return {
@@ -160,7 +160,7 @@ export class MetadataClient {
       token_endpoint,
       credential_endpoint,
       deferred_credential_endpoint,
-      authorization_server,
+      authorization_server: authorization_servers[0],
       authorization_endpoint,
       authorizationServerType,
       credentialIssuerMetadata: credentialIssuerMetadata,
@@ -178,31 +178,9 @@ export class MetadataClient {
     opts?: {
       errorOnNotFound?: boolean;
     },
-  ): Promise<OpenIDResponse<CredentialIssuerMetadata> | undefined> {
-    return MetadataClient.retrieveWellknown(issuerHost, WellKnownEndpoints.OPENID4VCI_ISSUER, {
+  ): Promise<OpenIDResponse<IssuerMetadataV1_0_13> | undefined> {
+    return retrieveWellknown(issuerHost, WellKnownEndpoints.OPENID4VCI_ISSUER, {
       errorOnNotFound: opts?.errorOnNotFound === undefined ? true : opts.errorOnNotFound,
     });
   }
-
-  /**
-   * Allows to retrieve information from a well-known location
-   *
-   * @param host The host
-   * @param endpointType The endpoint type, currently supports OID4VCI, OIDC and OAuth2 endpoint types
-   * @param opts Options, like for instance whether an error should be thrown in case the endpoint doesn't exist
-   */
-  public static async retrieveWellknown<T>(
-    host: string,
-    endpointType: WellKnownEndpoints,
-    opts?: { errorOnNotFound?: boolean },
-  ): Promise<OpenIDResponse<T>> {
-    const result: OpenIDResponse<T> = await getJson(`${host.endsWith('/') ? host.slice(0, -1) : host}${endpointType}`, {
-      exceptionOnHttpErrorStatus: opts?.errorOnNotFound,
-    });
-    if (result.origResponse.status >= 400) {
-      // We only get here when error on not found is false
-      debug(`host ${host} with endpoint type ${endpointType} status: ${result.origResponse.status}, ${result.origResponse.statusText}`);
-    }
-    return result;
-  }
 }

package/lib/MetadataClientV1_0_11.ts

@@ -0,0 +1,186 @@
+import {
+  AuthorizationServerMetadata,
+  AuthorizationServerType,
+  CredentialIssuerMetadataV1_0_11,
+  CredentialOfferPayload,
+  CredentialOfferRequestWithBaseUrl,
+  EndpointMetadataResultV1_0_11,
+  getIssuerFromCredentialOfferPayload, IssuerMetadataV1_0_08,
+  OpenIDResponse,
+  WellKnownEndpoints
+} from '@sphereon/oid4vci-common'
+import Debug from 'debug';
+
+import { retrieveWellknown } from './functions/OpenIDUtils'
+
+const debug = Debug('sphereon:oid4vci:metadata');
+
+export class MetadataClientV1_0_11 {
+  /**
+   * Retrieve metadata using the Initiation obtained from a previous step
+   *
+   * @param credentialOffer
+   */
+  public static async retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_11> {
+    return MetadataClientV1_0_11.retrieveAllMetadataFromCredentialOfferRequest(credentialOffer.credential_offer);
+  }
+
+  /**
+   * Retrieve the metada using the initiation request obtained from a previous step
+   * @param request
+   */
+  public static async retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResultV1_0_11> {
+    const issuer = getIssuerFromCredentialOfferPayload(request);
+    if (issuer) {
+      return MetadataClientV1_0_11.retrieveAllMetadata(issuer);
+    }
+    throw new Error("can't retrieve metadata from CredentialOfferRequest. No issuer field is present");
+  }
+
+  /**
+   * Retrieve all metadata from an issuer
+   * @param issuer The issuer URL
+   * @param opts
+   */
+  public static async retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean }): Promise<EndpointMetadataResultV1_0_11> {
+    let token_endpoint: string | undefined;
+    let credential_endpoint: string | undefined;
+    let deferred_credential_endpoint: string | undefined;
+    let authorization_endpoint: string | undefined;
+    let authorizationServerType: AuthorizationServerType = 'OID4VCI';
+    let authorization_server: string = issuer;
+    const oid4vciResponse = await MetadataClientV1_0_11.retrieveOpenID4VCIServerMetadata(issuer, { errorOnNotFound: false }); // We will handle errors later, given we will also try other metadata locations
+    let credentialIssuerMetadata = oid4vciResponse?.successBody;
+    if (credentialIssuerMetadata) {
+      debug(`Issuer ${issuer} OID4VCI well-known server metadata\r\n${JSON.stringify(credentialIssuerMetadata)}`);
+      credential_endpoint = credentialIssuerMetadata.credential_endpoint;
+      deferred_credential_endpoint = credentialIssuerMetadata.deferred_credential_endpoint;
+      if (credentialIssuerMetadata.token_endpoint) {
+        token_endpoint = credentialIssuerMetadata.token_endpoint;
+      }
+      if (credentialIssuerMetadata.authorization_server) {
+        authorization_server = credentialIssuerMetadata.authorization_server;
+      }
+      if (credentialIssuerMetadata.authorization_endpoint) {
+        authorization_endpoint = credentialIssuerMetadata.authorization_endpoint;
+      }
+    }
+    // No specific OID4VCI endpoint. Either can be an OAuth2 AS or an OIDC IDP. Let's start with OIDC first
+    let response: OpenIDResponse<AuthorizationServerMetadata> = await retrieveWellknown(
+      authorization_server,
+      WellKnownEndpoints.OPENID_CONFIGURATION,
+      {
+        errorOnNotFound: false,
+      },
+    );
+    let authMetadata = response.successBody;
+    if (authMetadata) {
+      debug(`Issuer ${issuer} has OpenID Connect Server metadata in well-known location`);
+      authorizationServerType = 'OIDC';
+    } else {
+      // Now let's do OAuth2
+      response = await retrieveWellknown(authorization_server, WellKnownEndpoints.OAUTH_AS, { errorOnNotFound: false });
+      authMetadata = response.successBody;
+    }
+    if (!authMetadata) {
+      // We will always throw an error, no matter whether the user provided the option not to, because this is bad.
+      if (issuer !== authorization_server) {
+        throw Error(`Issuer ${issuer} provided a separate authorization server ${authorization_server}, but that server did not provide metadata`);
+      }
+    } else {
+      if (!authorizationServerType) {
+        authorizationServerType = 'OAuth 2.0';
+      }
+      debug(`Issuer ${issuer} has ${authorizationServerType} Server metadata in well-known location`);
+      if (!authMetadata.authorization_endpoint) {
+        console.warn(
+          `Issuer ${issuer} of type ${authorizationServerType} has no authorization_endpoint! Will use ${authorization_endpoint}. This only works for pre-authorized flows`,
+        );
+      } else if (authorization_endpoint && authMetadata.authorization_endpoint !== authorization_endpoint) {
+        throw Error(
+          `Credential issuer has a different authorization_endpoint (${authorization_endpoint}) from the Authorization Server (${authMetadata.authorization_endpoint})`,
+        );
+      }
+      authorization_endpoint = authMetadata.authorization_endpoint;
+      if (!authMetadata.token_endpoint) {
+        throw Error(`Authorization Sever ${authorization_server} did not provide a token_endpoint`);
+      } else if (token_endpoint && authMetadata.token_endpoint !== token_endpoint) {
+        throw Error(
+          `Credential issuer has a different token_endpoint (${token_endpoint}) from the Authorization Server (${authMetadata.token_endpoint})`,
+        );
+      }
+      token_endpoint = authMetadata.token_endpoint;
+      if (authMetadata.credential_endpoint) {
+        if (credential_endpoint && authMetadata.credential_endpoint !== credential_endpoint) {
+          debug(
+            `Credential issuer has a different credential_endpoint (${credential_endpoint}) from the Authorization Server (${authMetadata.credential_endpoint}). Will use the issuer value`,
+          );
+        } else {
+          credential_endpoint = authMetadata.credential_endpoint;
+        }
+      }
+      if (authMetadata.deferred_credential_endpoint) {
+        if (deferred_credential_endpoint && authMetadata.deferred_credential_endpoint !== deferred_credential_endpoint) {
+          debug(
+            `Credential issuer has a different deferred_credential_endpoint (${deferred_credential_endpoint}) from the Authorization Server (${authMetadata.deferred_credential_endpoint}). Will use the issuer value`,
+          );
+        } else {
+          deferred_credential_endpoint = authMetadata.deferred_credential_endpoint;
+        }
+      }
+    }
+
+    if (!authorization_endpoint) {
+      debug(`Issuer ${issuer} does not expose authorization_endpoint, so only pre-auth will be supported`);
+    }
+    if (!token_endpoint) {
+      debug(`Issuer ${issuer} does not have a token_endpoint listed in well-known locations!`);
+      if (opts?.errorOnNotFound) {
+        throw Error(`Could not deduce the token_endpoint for ${issuer}`);
+      } else {
+        token_endpoint = `${issuer}${issuer.endsWith('/') ? 'token' : '/token'}`;
+      }
+    }
+    if (!credential_endpoint) {
+      debug(`Issuer ${issuer} does not have a credential_endpoint listed in well-known locations!`);
+      if (opts?.errorOnNotFound) {
+        throw Error(`Could not deduce the credential endpoint for ${issuer}`);
+      } else {
+        credential_endpoint = `${issuer}${issuer.endsWith('/') ? 'credential' : '/credential'}`;
+      }
+    }
+
+    if (!credentialIssuerMetadata && authMetadata) {
+      // Apparently everything worked out and the issuer is exposing everything in oAuth2/OIDC well-knowns. Spec is vague about this situation, but we can support it
+      credentialIssuerMetadata = authMetadata as CredentialIssuerMetadataV1_0_11;
+    }
+    debug(`Issuer ${issuer} token endpoint ${token_endpoint}, credential endpoint ${credential_endpoint}`);
+    return {
+      issuer,
+      token_endpoint,
+      credential_endpoint,
+      deferred_credential_endpoint,
+      authorization_server,
+      authorization_endpoint,
+      authorizationServerType,
+      credentialIssuerMetadata: credentialIssuerMetadata as unknown as (Partial<AuthorizationServerMetadata> & IssuerMetadataV1_0_08),
+      authorizationServerMetadata: authMetadata,
+    };
+  }
+
+  /**
+   * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata
+   *
+   * @param issuerHost The issuer hostname
+   */
+  public static async retrieveOpenID4VCIServerMetadata(
+    issuerHost: string,
+    opts?: {
+      errorOnNotFound?: boolean;
+    },
+  ): Promise<OpenIDResponse<CredentialIssuerMetadataV1_0_11> | undefined> {
+    return retrieveWellknown(issuerHost, WellKnownEndpoints.OPENID4VCI_ISSUER, {
+      errorOnNotFound: opts?.errorOnNotFound === undefined ? true : opts.errorOnNotFound,
+    });
+  }
+}

package/lib/OpenID4VCIClient.ts

@@ -5,12 +5,11 @@ import {
   AuthorizationResponse,
   AuthzFlowType,
   CodeChallengeMethod,
-  CredentialOfferPayloadV1_0_08,
   CredentialOfferRequestWithBaseUrl,
   CredentialResponse,
   CredentialSupported,
   DefaultURISchemes,
-  EndpointMetadataResult,
+  EndpointMetadataResultV1_0_13,
   getClientIdFromCredentialOfferPayload,
   getIssuerFromCredentialOfferPayload,
   getSupportedCredentials,
@@ -20,9 +19,8 @@ import {
   OID4VCICredentialFormat,
   OpenId4VCIVersion,
   PKCEOpts,
-  ProofOfPossessionCallbacks,
-  toAuthorizationResponsePayload,
-} from '@sphereon/oid4vci-common';
+  ProofOfPossessionCallbacks, toAuthorizationResponsePayload
+} from '@sphereon/oid4vci-common'
 import { CredentialFormat } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
@@ -43,7 +41,7 @@ export interface OpenID4VCIClientState {
   kid?: string;
   jwk?: JWK;
   alg?: Alg | string;
-  endpointMetadata?: EndpointMetadataResult;
+  endpointMetadata?: EndpointMetadataResultV1_0_13;
   accessTokenResponse?: AccessTokenResponse;
   authorizationRequestOpts?: AuthorizationRequestOpts;
   authorizationCodeResponse?: AuthorizationResponse;
@@ -77,7 +75,7 @@ export class OpenID4VCIClient {
     pkce?: PKCEOpts;
     authorizationRequest?: AuthorizationRequestOpts; // Can be provided here, or when manually calling createAuthorizationUrl
     jwk?: JWK;
-    endpointMetadata?: EndpointMetadataResult;
+    endpointMetadata?: EndpointMetadataResultV1_0_13;
     accessTokenResponse?: AccessTokenResponse;
     authorizationRequestOpts?: AuthorizationRequestOpts;
     authorizationCodeResponse?: AuthorizationResponse;
@@ -223,13 +221,13 @@ export class OpenID4VCIClient {
         endpointMetadata: this.endpointMetadata,
         authorizationRequest: this._state.authorizationRequestOpts,
         credentialOffer: this.credentialOffer,
-        credentialsSupported: this.getCredentialsSupported(true),
+        credentialConfigurationSupported: this.getCredentialsSupported(),
       });
     }
     return this._state.authorizationURL;
   }
 
-  public async retrieveServerMetadata(): Promise<EndpointMetadataResult> {
+  public async retrieveServerMetadata(): Promise<EndpointMetadataResultV1_0_13> {
     this.assertIssuerData();
     if (!this._state.endpointMetadata) {
       if (this.credentialOffer) {
@@ -284,7 +282,6 @@ export class OpenID4VCIClient {
       if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
         redirectUri = this._state.authorizationRequestOpts.redirectUri;
       }
-
       const response = await accessTokenClient.acquireAccessToken({
         credentialOffer: this.credentialOffer,
         metadata: this.endpointMetadata,
@@ -441,46 +438,17 @@ export class OpenID4VCIClient {
     return JSON.stringify(this._state);
   }
 
-  // FIXME: We really should convert <v11 to v12 objects first. Right now the logic doesn't map nicely and is brittle.
-  // We should resolve IDs to objects first in case of strings.
-  // When < v11 convert into a v12 object. When v12 object retain it.
-  // Then match the object array on server metadata
   getCredentialsSupported(
-    restrictToInitiationTypes: boolean,
     format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[],
-  ): CredentialSupported[] {
+  ): Record<string, CredentialSupported> {
     return getSupportedCredentials({
       issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
       version: this.version(),
       format: format,
-      types: restrictToInitiationTypes ? this.getCredentialOfferTypes() : undefined,
+      types: undefined,
     });
   }
 
-  getCredentialOfferTypes(): string[][] {
-    if (!this.credentialOffer) {
-      return [];
-    } else if (this.credentialOffer.version < OpenId4VCIVersion.VER_1_0_11) {
-      const orig = this.credentialOffer.original_credential_offer as CredentialOfferPayloadV1_0_08;
-      const types: string[] = typeof orig.credential_type === 'string' ? [orig.credential_type] : orig.credential_type;
-      const result: string[][] = [];
-      result[0] = types;
-      return result;
-    } else {
-      return this.credentialOffer.credential_offer.credentials.map((c) => {
-        if (typeof c === 'string') {
-          return [c];
-        } else if ('types' in c) {
-          return c.types;
-        } else if ('vct' in c) {
-          return [c.vct];
-        } else {
-          return c.credential_definition.types;
-        }
-      });
-    }
-  }
-
   issuerSupportedFlowTypes(): AuthzFlowType[] {
     return (
       this.credentialOffer?.supportedFlows ??
@@ -488,18 +456,6 @@ export class OpenID4VCIClient {
     );
   }
 
-  isFlowTypeSupported(flowType: AuthzFlowType): boolean {
-    return this.issuerSupportedFlowTypes().includes(flowType);
-  }
-
-  get authorizationURL(): string | undefined {
-    return this._state.authorizationURL;
-  }
-
-  public hasAuthorizationURL(): boolean {
-    return !!this.authorizationURL;
-  }
-
   get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined {
     return this._state.credentialOffer;
   }
@@ -508,7 +464,7 @@ export class OpenID4VCIClient {
     return this.credentialOffer?.version ?? OpenId4VCIVersion.VER_1_0_11;
   }
 
-  public get endpointMetadata(): EndpointMetadataResult {
+  public get endpointMetadata(): EndpointMetadataResultV1_0_13 {
     this.assertServerMetadata();
     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     return this._state.endpointMetadata!;
@@ -538,10 +494,6 @@ export class OpenID4VCIClient {
     return this._state.clientId;
   }
 
-  public hasAccessTokenResponse(): boolean {
-    return !!this._state.accessTokenResponse;
-  }
-
   get accessTokenResponse(): AccessTokenResponse {
     this.assertAccessToken();
     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
@@ -553,45 +505,11 @@ export class OpenID4VCIClient {
     return this._state.credentialIssuer;
   }
 
-  public getAccessTokenEndpoint(): string {
-    this.assertIssuerData();
-    return this.endpointMetadata
-      ? this.endpointMetadata.token_endpoint
-      : AccessTokenClient.determineTokenURL({ issuerOpts: { issuer: this.getIssuer() } });
-  }
-
-  public getCredentialEndpoint(): string {
-    this.assertIssuerData();
-    return this.endpointMetadata ? this.endpointMetadata.credential_endpoint : `${this.getIssuer()}/credential`;
-  }
-
-  public hasDeferredCredentialEndpoint(): boolean {
-    return !!this.getAccessTokenEndpoint();
-  }
-
   public getDeferredCredentialEndpoint(): string {
     this.assertIssuerData();
     return this.endpointMetadata ? this.endpointMetadata.credential_endpoint : `${this.getIssuer()}/credential`;
   }
 
-  /**
-   * Too bad we need a method like this, but EBSI is not exposing metadata
-   */
-  public isEBSI() {
-    if (
-      this.credentialOffer?.credential_offer.credentials.find(
-        (cred) =>
-          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-          // @ts-ignore
-          typeof cred !== 'string' && 'trust_framework' in cred && 'name' in cred.trust_framework && cred.trust_framework.name.includes('ebsi'),
-      )
-    ) {
-      return true;
-    }
-    this.assertIssuerData();
-    return this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu');
-  }
-
   private assertIssuerData(): void {
     if (!this._state.credentialIssuer) {
       throw Error(`No credential issuer value present`);