@sphereon/oid4vci-client 0.10.4-unstable.8 → 0.10.4-unstable.81

package/README.md

@@ -51,6 +51,8 @@ client you can use to finish the pre-authorized code flows.
 This initiates the client using a URI obtained from the Issuer using a link (URL) or QR code typically. We are also
 already fetching the Server Metadata
 
+Using openid-initiate-issuance scheme
+
 ```typescript
 import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
 
@@ -69,6 +71,7 @@ console.log(client.getAccessTokenEndpoint()); // https://auth.research.identipro
 ```
 
 Using https scheme
+
 ```typescript
 import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
 

package/dist/AccessTokenClient.d.ts

@@ -1,9 +1,9 @@
-import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
+import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse, TxCodeAndPinRequired } from '@sphereon/oid4vci-common';
 export declare class AccessTokenClient {
     acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
-    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
+    acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }: {
         accessTokenRequest: AccessTokenRequest;
-        isPinRequired?: boolean;
+        pinMetadata?: TxCodeAndPinRequired;
         metadata?: EndpointMetadata;
         asOpts?: AuthorizationServerOpts;
         issuerOpts?: IssuerOpts;
@@ -11,8 +11,8 @@ export declare class AccessTokenClient {
     createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
     private assertPreAuthorizedGrantType;
     private assertAuthorizationGrantType;
-    private isPinRequiredValue;
-    private assertNumericPin;
+    private getPinMetadata;
+    private assertAlphanumericPin;
     private assertNonEmptyPreAuthorizedCode;
     private assertNonEmptyCodeVerifier;
     private assertNonEmptyCode;

package/dist/AccessTokenClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAEvB,gBAAgB,EAGhB,UAAU,EAEV,cAAc,EAKf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}
+{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAKvB,gBAAgB,EAGhB,UAAU,EAGV,cAAc,EAId,oBAAoB,EAErB,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgC9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,WAAW,CAAC,EAAE,oBAAoB,CAAC;QACnC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}

package/dist/AccessTokenClient.js

@@ -25,7 +25,7 @@ class AccessTokenClient {
         return __awaiter(this, void 0, void 0, function* () {
             const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
             const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
-            const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
+            const pinMetadata = credentialOffer && this.getPinMetadata(credentialOffer.credential_offer);
             const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
             if (!issuer) {
                 throw Error('Issuer required at this point');
@@ -41,17 +41,18 @@ class AccessTokenClient {
                     code,
                     redirectUri,
                     pin,
+                    pinMetadata,
                 }),
-                isPinRequired,
+                pinMetadata,
                 metadata,
                 asOpts,
                 issuerOpts,
             });
         });
     }
-    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
+    acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, }) {
         return __awaiter(this, void 0, void 0, function* () {
-            this.validate(accessTokenRequest, isPinRequired);
+            this.validate(accessTokenRequest, pinMetadata);
             const requestTokenURL = AccessTokenClient.determineTokenURL({
                 asOpts,
                 issuerOpts,
@@ -68,13 +69,16 @@ class AccessTokenClient {
         var _a, _b;
         return __awaiter(this, void 0, void 0, function* () {
             const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
-            const credentialOfferRequest = opts.credentialOffer ? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer) : undefined;
+            const credentialOfferRequest = opts.credentialOffer &&
+                (0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13.valueOf()
+                ? yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
+                : undefined;
             const request = {};
             if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
                 request.client_id = asOpts.clientId;
             }
             if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
-                this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
+                this.assertAlphanumericPin(opts.pinMetadata, pin);
                 request.user_pin = pin;
                 request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
                 // we actually know it is there because of the isPreAuthCode call
@@ -104,29 +108,45 @@ class AccessTokenClient {
             throw new Error("grant type must be 'authorization_code'");
         }
     }
-    isPinRequiredValue(requestPayload) {
-        var _a, _b, _c;
-        let isPinRequired = false;
+    getPinMetadata(requestPayload) {
+        var _a, _b;
         if (!requestPayload) {
             throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
         }
         const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
-        if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
-            isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
-        }
+        const grantDetails = (_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
+        const isPinRequired = (_b = !!(grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code)) !== null && _b !== void 0 ? _b : false;
         debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
-        return isPinRequired;
+        return {
+            txCode: grantDetails === null || grantDetails === void 0 ? void 0 : grantDetails.tx_code,
+            isPinRequired,
+        };
     }
-    assertNumericPin(isPinRequired, pin) {
-        if (isPinRequired) {
-            if (!pin || !/^\d{1,8}$/.test(pin)) {
-                debug(`Pin is not 1 to 8 digits long`);
-                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
+    assertAlphanumericPin(pinMeta, pin) {
+        var _a, _b;
+        if (pinMeta && pinMeta.isPinRequired) {
+            let regex;
+            if (pinMeta.txCode) {
+                const { input_mode, length } = pinMeta.txCode;
+                if (input_mode === 'numeric') {
+                    // Create a regex for numeric input. If no length specified, allow any length of numeric input.
+                    regex = length ? new RegExp(`^\\d{1,${length}}$`) : /^\d+$/;
+                }
+                else if (input_mode === 'text') {
+                    // Create a regex for text input. If no length specified, allow any length of alphanumeric input.
+                    regex = length ? new RegExp(`^[a-zA-Z0-9]{1,${length}}$`) : /^[a-zA-Z0-9]+$/;
+                }
+            }
+            // Default regex for alphanumeric with no specific length limit if no input_mode is specified.
+            regex = regex || /^[a-zA-Z0-9]+$|^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/;
+            if (!pin || !regex.test(pin)) {
+                debug(`Pin is not valid. Expected format: ${((_a = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _a === void 0 ? void 0 : _a.input_mode) || 'alphanumeric'}, Length: up to ${((_b = pinMeta === null || pinMeta === void 0 ? void 0 : pinMeta.txCode) === null || _b === void 0 ? void 0 : _b.length) || 'any number of'} characters`);
+                throw new Error('A valid pin must be present according to the specified transaction code requirements.');
             }
         }
         else if (pin) {
-            debug(`Pin set, whilst not required`);
-            throw new Error('Cannot set a pin, when the pin is not required.');
+            debug('Pin set, whilst not required');
+            throw new Error('Cannot set a pin when the pin is not required.');
         }
     }
     assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
@@ -147,11 +167,11 @@ class AccessTokenClient {
             throw new Error('Authorization flow requires the code to be present');
         }
     }
-    validate(accessTokenRequest, isPinRequired) {
+    validate(accessTokenRequest, pinMeta) {
         if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
             this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
             this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
-            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
+            this.assertAlphanumericPin(pinMeta, accessTokenRequest.user_pin);
         }
         else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
             this.assertAuthorizationGrantType(accessTokenRequest.grant_type);

package/dist/AccessTokenClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAiBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9H,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA1ND,8CA0NC"}
+{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAsBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,WAAW,GAAqC,eAAe,IAAI,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC/H,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;oBACH,WAAW;iBACZ,CAAC;gBACF,WAAW;gBACX,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YAE/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAC1B,IAAI,CAAC,eAAe;gBACpB,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;gBACtI,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACvF,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;gBAClD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,cAA6C;;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,CAAC;QACrG,MAAM,aAAa,GAAG,MAAA,CAAC,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,CAAA,mCAAI,KAAK,CAAC;QAEvD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO;YACL,MAAM,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO;YAC7B,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,OAA8B,EAAE,GAAY;;QACxE,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;gBAE9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,+FAA+F;oBAC/F,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,iGAAiG;oBACjG,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,kBAAkB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBAC/E,CAAC;YACH,CAAC;YAED,8FAA8F;YAC9F,KAAK,GAAG,KAAK,IAAI,iEAAiE,CAAC;YAEnF,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,CACH,sCAAsC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,UAAU,KAAI,cAAc,mBAAmB,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,MAAM,KAAI,eAAe,aAAa,CAC9J,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,OAA8B;QACrF,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AArPD,8CAqPC"}

package/dist/AccessTokenClientV1_0_11.d.ts

@@ -0,0 +1,29 @@
+import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
+export declare class AccessTokenClientV1_0_11 {
+    acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
+        accessTokenRequest: AccessTokenRequest;
+        isPinRequired?: boolean;
+        metadata?: EndpointMetadata;
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+    }): Promise<OpenIDResponse<AccessTokenResponse>>;
+    createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
+    private assertPreAuthorizedGrantType;
+    private assertAuthorizationGrantType;
+    private isPinRequiredValue;
+    private assertNumericPin;
+    private assertNonEmptyPreAuthorizedCode;
+    private assertNonEmptyCodeVerifier;
+    private assertNonEmptyCode;
+    private validate;
+    private sendAuthCode;
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+        metadata?: EndpointMetadata;
+    }): string;
+    private static creatTokenURLFromURL;
+    private throwNotSupportedFlow;
+}
+//# sourceMappingURL=AccessTokenClientV1_0_11.d.ts.map

package/dist/AccessTokenClientV1_0_11.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClientV1_0_11.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EAMvB,gBAAgB,EAGhB,UAAU,EAGV,cAAc,EAMf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA+B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAgBnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,QAAQ;YAcF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAYnC,OAAO,CAAC,qBAAqB;CAI9B"}

package/dist/AccessTokenClientV1_0_11.js

@@ -0,0 +1,212 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessTokenClientV1_0_11 = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const ssi_types_1 = require("@sphereon/ssi-types");
+const debug_1 = __importDefault(require("debug"));
+const MetadataClient_1 = require("./MetadataClient");
+const functions_1 = require("./functions");
+const debug = (0, debug_1.default)('sphereon:oid4vci:token');
+class AccessTokenClientV1_0_11 {
+    acquireAccessToken(opts) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
+            const credentialOffer = opts.credentialOffer ? yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer) : undefined;
+            const isPinRequired = credentialOffer && this.isPinRequiredValue(credentialOffer.credential_offer);
+            const issuer = (_a = opts.credentialIssuer) !== null && _a !== void 0 ? _a : (credentialOffer ? (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer) : metadata === null || metadata === void 0 ? void 0 : metadata.issuer);
+            if (!issuer) {
+                throw Error('Issuer required at this point');
+            }
+            const issuerOpts = {
+                issuer,
+            };
+            return yield this.acquireAccessTokenUsingRequest({
+                accessTokenRequest: yield this.createAccessTokenRequest({
+                    credentialOffer,
+                    asOpts,
+                    codeVerifier,
+                    code,
+                    redirectUri,
+                    pin,
+                }),
+                isPinRequired,
+                metadata,
+                asOpts,
+                issuerOpts,
+            });
+        });
+    }
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validate(accessTokenRequest, isPinRequired);
+            const requestTokenURL = AccessTokenClientV1_0_11.determineTokenURL({
+                asOpts,
+                issuerOpts,
+                metadata: metadata
+                    ? metadata
+                    : (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
+                        ? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
+                        : undefined,
+            });
+            return this.sendAuthCode(requestTokenURL, accessTokenRequest);
+        });
+    }
+    createAccessTokenRequest(opts) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
+            const credentialOfferRequest = opts.credentialOffer
+                ? (0, oid4vci_common_1.determineSpecVersionFromOffer)(opts.credentialOffer).valueOf() <= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11.valueOf()
+                    ? yield (0, oid4vci_common_1.toUniformCredentialOfferRequestV1_0_11)(opts.credentialOffer)
+                    : yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer)
+                : undefined;
+            const request = {};
+            if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
+                request.client_id = asOpts.clientId;
+            }
+            if (credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
+                this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
+                request.user_pin = pin;
+                request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
+                // we actually know it is there because of the isPreAuthCode call
+                request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
+                    (_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
+                return request;
+            }
+            if (!credentialOfferRequest || credentialOfferRequest.supportedFlows.includes(oid4vci_common_1.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
+                request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
+                request.code = code;
+                request.redirect_uri = redirectUri;
+                if (codeVerifier) {
+                    request.code_verifier = codeVerifier;
+                }
+                return request;
+            }
+            throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
+        });
+    }
+    assertPreAuthorizedGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
+            throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
+        }
+    }
+    assertAuthorizationGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
+            throw new Error("grant type must be 'authorization_code'");
+        }
+    }
+    isPinRequiredValue(requestPayload) {
+        var _a, _b, _c;
+        let isPinRequired = false;
+        if (!requestPayload) {
+            throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
+        }
+        const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
+        if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
+            isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
+        }
+        debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
+        return isPinRequired;
+    }
+    assertNumericPin(isPinRequired, pin) {
+        if (isPinRequired) {
+            if (!pin || !/^\d{1,8}$/.test(pin)) {
+                debug(`Pin is not 1 to 8 digits long`);
+                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
+            }
+        }
+        else if (pin) {
+            debug(`Pin set, whilst not required`);
+            throw new Error('Cannot set a pin, when the pin is not required.');
+        }
+    }
+    assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
+        if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
+            debug(`No pre-authorized code present, whilst it is required`);
+            throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
+        }
+    }
+    assertNonEmptyCodeVerifier(accessTokenRequest) {
+        if (!accessTokenRequest.code_verifier) {
+            debug('No code_verifier present, whilst it is required');
+            throw new Error('Authorization flow requires the code_verifier to be present');
+        }
+    }
+    assertNonEmptyCode(accessTokenRequest) {
+        if (!accessTokenRequest.code) {
+            debug('No code present, whilst it is required');
+            throw new Error('Authorization flow requires the code to be present');
+        }
+    }
+    validate(accessTokenRequest, isPinRequired) {
+        if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
+            this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
+            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
+        }
+        else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
+            this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyCodeVerifier(accessTokenRequest);
+            this.assertNonEmptyCode(accessTokenRequest);
+        }
+        else {
+            this.throwNotSupportedFlow();
+        }
+    }
+    sendAuthCode(requestTokenURL, accessTokenRequest) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0, functions_1.formPost)(requestTokenURL, (0, functions_1.convertJsonToURI)(accessTokenRequest, { mode: oid4vci_common_1.JsonURIMode.X_FORM_WWW_URLENCODED }));
+        });
+    }
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
+        if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
+            throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
+        }
+        let url;
+        if (asOpts && asOpts.as) {
+            url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
+        }
+        else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
+            url = metadata.token_endpoint;
+        }
+        else {
+            if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
+                throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
+            }
+            url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
+        }
+        if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
+            throw new Error('No authorization server token URL present. Cannot acquire access token');
+        }
+        debug(`Token endpoint determined to be ${url}`);
+        return url;
+    }
+    static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
+        if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
+            throw Error(`Unprotected token endpoints are not allowed ${url}. Use the 'allowInsecureEndpoints' param if you really need this for dev/testing!`);
+        }
+        const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
+        const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
+        const scheme = url.split('://')[0];
+        return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
+    }
+    throwNotSupportedFlow() {
+        debug(`Only pre-authorized or authorization code flows supported.`);
+        throw new Error('Only pre-authorized-code or authorization code flows are supported');
+    }
+}
+exports.AccessTokenClientV1_0_11 = AccessTokenClientV1_0_11;
+//# sourceMappingURL=AccessTokenClientV1_0_11.js.map

package/dist/AccessTokenClientV1_0_11.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClientV1_0_11.js","sourceRoot":"","sources":["../lib/AccessTokenClientV1_0_11.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAuBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,wBAAwB;IACtB,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,MAAM,aAAa,GAAG,eAAe,IAAI,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACnG,MAAM,MAAM,GACV,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC,CAAC;YAC3H,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,wBAAwB,CAAC,iBAAiB,CAAC;gBACjE,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBACzB,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe;gBACjD,CAAC,CAAC,IAAA,8CAA6B,EAAC,IAAI,CAAC,eAAgD,CAAC,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE;oBACxI,CAAC,CAAC,MAAM,IAAA,uDAAsC,EAAC,IAAI,CAAC,eAAyC,CAAC;oBAC9F,CAAC,CAAC,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAyC,CAAC;gBACzF,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,OAAO,GAAgC,EAAE,CAAC;YAEhD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YACtC,CAAC;YAED,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5F,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAEvB,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;gBAErI,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,8BAAa,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACrH,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;gBACnD,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBAEnC,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACvC,CAAC;gBAED,OAAO,OAA6B,CAAC;YACvC,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;;KACnI;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE,CAAC;YACpF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;QAC5H,CAAC;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE,CAAC;YACrE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE,CAAC;YAC3E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,4BAAW,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAC5H,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QACnG,CAAC;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE,CAAC;YACpC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;YACpH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,CACT,+CAA+C,GAAG,mFAAmF,CACtI,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,4DAA4D,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;CACF;AA9ND,4DA8NC"}

package/dist/AuthorizationCodeClient.d.ts

@@ -1,9 +1,11 @@
-import { AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl, CredentialSupported, EndpointMetadataResult, PKCEOpts } from '@sphereon/oid4vci-common';
-export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported, }: {
+import { AuthorizationRequestOpts, CredentialConfigurationSupportedV1_0_13, CredentialOfferRequestWithBaseUrl, EndpointMetadataResultV1_0_13, OpenId4VCIVersion, PKCEOpts } from '@sphereon/oid4vci-common';
+export declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: {
     pkce: PKCEOpts;
-    endpointMetadata: EndpointMetadataResult;
+    endpointMetadata: EndpointMetadataResultV1_0_13;
     authorizationRequest: AuthorizationRequestOpts;
     credentialOffer?: CredentialOfferRequestWithBaseUrl | undefined;
-    credentialsSupported?: CredentialSupported[] | undefined;
+    credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined;
+    clientId?: string | undefined;
+    version?: OpenId4VCIVersion | undefined;
 }) => Promise<string>;
 //# sourceMappingURL=AuthorizationCodeClient.d.ts.map

package/dist/AuthorizationCodeClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,iCAAiC,EACjC,mBAAmB,EACnB,sBAAsB,EAItB,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAKlC,eAAO,MAAM,6BAA6B;UAOlC,QAAQ;sBACI,sBAAsB;0BAClB,wBAAwB;;;MAG5C,QAAQ,MAAM,CA4FjB,CAAC"}
+{"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../lib/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EAGxB,uCAAuC,EAEvC,iCAAiC,EAEjC,6BAA6B,EAI7B,iBAAiB,EAEjB,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAmBlC,eAAO,MAAM,6BAA6B;UASlC,QAAQ;sBACI,6BAA6B;0BACzB,wBAAwB;;;;;MAK5C,QAAQ,MAAM,CAsIjB,CAAC"}

package/dist/AuthorizationCodeClient.js

@@ -16,9 +16,33 @@ exports.createAuthorizationRequestUrl = void 0;
 const oid4vci_common_1 = require("@sphereon/oid4vci-common");
 const debug_1 = __importDefault(require("debug"));
 const debug = (0, debug_1.default)('sphereon:oid4vci');
-const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported, }) => __awaiter(void 0, void 0, void 0, function* () {
-    var _a, _b, _c, _d;
-    const { redirectUri, clientId } = authorizationRequest;
+function filterSupportedCredentials(credentialOffer, credentialsSupported) {
+    if (!credentialOffer.credential_configuration_ids || !credentialsSupported) {
+        return [];
+    }
+    return Object.entries(credentialsSupported)
+        .filter((entry) => { var _a; return (_a = credentialOffer.credential_configuration_ids) === null || _a === void 0 ? void 0 : _a.includes(entry[0]); })
+        .map((entry) => {
+        return Object.assign(Object.assign({}, entry[1]), { configuration_id: entry[0] });
+    });
+}
+const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b, _c, _d, _e;
+    function removeDisplayAndValueTypes(obj) {
+        for (const prop in obj) {
+            if (['display', 'value_type'].includes(prop)) {
+                delete obj[prop];
+            }
+            else if (typeof obj[prop] === 'object') {
+                removeDisplayAndValueTypes(obj[prop]);
+            }
+        }
+    }
+    const { redirectUri } = authorizationRequest;
+    const client_id = clientId !== null && clientId !== void 0 ? clientId : authorizationRequest.clientId;
+    if (!client_id) {
+        throw Error(`Cannot use PAR without a client_id value set`);
+    }
     let { scope, authorizationDetails } = authorizationRequest;
     const parMode = ((_a = endpointMetadata === null || endpointMetadata === void 0 ? void 0 : endpointMetadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.require_pushed_authorization_requests)
         ? oid4vci_common_1.PARMode.REQUIRE
@@ -29,18 +53,39 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
         if (!credentialOffer) {
             throw Error('Please provide a scope or authorization_details if no credential offer is present');
         }
-        const creds = credentialOffer.credential_offer.credentials;
+        if ('credentials' in credentialOffer.credential_offer) {
+            throw new Error('CredentialOffer format is wrong.');
+        }
+        const ver = (_c = version !== null && version !== void 0 ? version : (0, oid4vci_common_1.determineSpecVersionFromOffer)(credentialOffer.credential_offer)) !== null && _c !== void 0 ? _c : oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13;
+        const creds = ver === oid4vci_common_1.OpenId4VCIVersion.VER_1_0_13
+            ? filterSupportedCredentials(credentialOffer.credential_offer, credentialConfigurationSupported)
+            : [];
         // FIXME: complains about VCT for sd-jwt
         // eslint-disable-next-line @typescript-eslint/ban-ts-comment
         // @ts-ignore
-        authorizationDetails = creds
-            .flatMap((cred) => (typeof cred === 'string' ? credentialsSupported : cred))
-            .filter((cred) => !!cred)
-            .map((cred) => {
-            return Object.assign(Object.assign({}, cred), { type: 'openid_credential', locations: [endpointMetadata.issuer], 
-                // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-                // @ts-ignore
-                format: cred.format });
+        authorizationDetails = creds.flatMap((cred) => {
+            var _a;
+            const locations = [(_a = credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.credential_offer.credential_issuer) !== null && _a !== void 0 ? _a : endpointMetadata.issuer];
+            const credential_configuration_id = cred.configuration_id;
+            const vct = cred.vct;
+            let format;
+            if (!credential_configuration_id) {
+                format = cred.format;
+            }
+            if (!credential_configuration_id && !cred.format) {
+                throw Error('format is required in authorization details');
+            }
+            const meta = {};
+            const credential_definition = cred.credential_definition;
+            if ((credential_definition === null || credential_definition === void 0 ? void 0 : credential_definition.type) && !format) {
+                // ype: OPTIONAL. Array as defined in Appendix A.1.1.2. This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST be present if the claim format is present in the root of the authorization details object. It MUST not be present otherwise.
+                // It meens we have a config_id, already mapping it to an explicit format and types
+                delete credential_definition.type;
+            }
+            if (credential_definition.credentialSubject) {
+                removeDisplayAndValueTypes(credential_definition.credentialSubject);
+            }
+            return Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ type: 'openid_credential' }, meta), { locations }), (credential_definition && { credential_definition })), (credential_configuration_id && { credential_configuration_id })), (format && { format })), (vct && { vct })), (cred.claims && { claims: removeDisplayAndValueTypes(JSON.parse(JSON.stringify(cred.claims))) }));
         });
         if (!authorizationDetails || authorizationDetails.length === 0) {
             throw Error(`Could not create authorization details from credential offer. Please pass in explicit details`);
@@ -49,15 +94,15 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
     if (!(endpointMetadata === null || endpointMetadata === void 0 ? void 0 : endpointMetadata.authorization_endpoint)) {
         throw Error('Server metadata does not contain authorization endpoint');
     }
-    const parEndpoint = (_c = endpointMetadata.credentialIssuerMetadata) === null || _c === void 0 ? void 0 : _c.pushed_authorization_request_endpoint;
+    const parEndpoint = (_d = endpointMetadata.credentialIssuerMetadata) === null || _d === void 0 ? void 0 : _d.pushed_authorization_request_endpoint;
     // add 'openid' scope if not present
     if (!(scope === null || scope === void 0 ? void 0 : scope.includes('openid'))) {
         scope = ['openid', scope].filter((s) => !!s).join(' ');
     }
     let queryObj = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ response_type: oid4vci_common_1.ResponseType.AUTH_CODE }, (!pkce.disabled && {
-        code_challenge_method: (_d = pkce.codeChallengeMethod) !== null && _d !== void 0 ? _d : oid4vci_common_1.CodeChallengeMethod.S256,
+        code_challenge_method: (_e = pkce.codeChallengeMethod) !== null && _e !== void 0 ? _e : oid4vci_common_1.CodeChallengeMethod.S256,
         code_challenge: pkce.codeChallenge,
-    })), { authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)) }), (redirectUri && { redirect_uri: redirectUri })), (clientId && { client_id: clientId })), ((credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.issuerState) && { issuer_state: credentialOffer.issuerState })), { scope });
+    })), { authorization_details: JSON.stringify(handleAuthorizationDetails(endpointMetadata, authorizationDetails)) }), (redirectUri && { redirect_uri: redirectUri })), { client_id }), ((credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.issuerState) && { issuer_state: credentialOffer.issuerState })), { scope });
     if (!parEndpoint && parMode === oid4vci_common_1.PARMode.REQUIRE) {
         throw Error(`PAR mode is set to required by Authorization Server does not support PAR!`);
     }
@@ -76,7 +121,7 @@ const createAuthorizationRequestUrl = ({ pkce, endpointMetadata, authorizationRe
         }
         else {
             debug(`PAR response: ${(parResponse.successBody, null, 2)}`);
-            queryObj = { request_uri: parResponse.successBody.request_uri };
+            queryObj = { /*response_type: ResponseType.AUTH_CODE,*/ client_id, request_uri: parResponse.successBody.request_uri };
         }
     }
     debug(`Object that will become query params: ` + JSON.stringify(queryObj, null, 2));