@sphereon/oid4vci-client 0.12.1-next.2 → 0.12.1-next.21

package/lib/__tests__/IT.spec.ts

@@ -13,32 +13,52 @@ import {
 // @ts-ignore
 import nock from 'nock';
 
-import {
-  AccessTokenClient,
-  AccessTokenClientV1_0_11,
-  CredentialOfferClientV1_0_11,
-  CredentialRequestClientBuilder,
-  CredentialRequestClientBuilderV1_0_11,
-  OpenID4VCIClientV1_0_11,
-  ProofOfPossessionBuilder,
-} from '..';
+import { AccessTokenClient, AccessTokenClientV1_0_11, OpenID4VCIClient, OpenID4VCIClientV1_0_13, ProofOfPossessionBuilder } from '..';
 import { CredentialOfferClient } from '../CredentialOfferClient';
+import { CredentialRequestClientBuilder } from '../CredentialRequestClientBuilder';
 
-import { IDENTIPROOF_AS_METADATA, IDENTIPROOF_AS_URL, IDENTIPROOF_ISSUER_URL, IDENTIPROOF_OID4VCI_METADATA } from './MetadataMocks';
+import {
+  IDENTIPROOF_AS_METADATA,
+  IDENTIPROOF_AS_URL,
+  IDENTIPROOF_ISSUER_URL,
+  IDENTIPROOF_OID4VCI_METADATA,
+  IDENTIPROOF_OID4VCI_METADATA_v13,
+} from './MetadataMocks';
 
 export const UNIT_TEST_TIMEOUT = 30000;
 
 const ISSUER_URL = 'https://issuer.research.identiproof.io';
-const jwt = {
+const jwtDid = {
   header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'openid4vci-proof+jwt' },
   payload: { iss: 'test-clientId', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: ISSUER_URL },
 };
 
+const jwtWithoutDid = {
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'openid4vci-proof+jwt' },
+  payload: { iss: 'test-clientId', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: ISSUER_URL },
+};
+
+const mockedVC =
+  'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzU2NTA0OSIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19LCJpc3MiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwibmJmIjoxMjYyMzA0MDAwLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.z5vgMTK1nfizNCg5N-niCOL3WUIAL7nXy-nGhDZYO_-PNGeE-0djCpWAMH8fD8eWSID5PfkPBYkx_dfLJnQ7NA';
+
+// Access token mocks
+const mockedAccessTokenResponse: AccessTokenResponse = {
+  access_token: 'ey6546.546654.64565',
+  authorization_pending: false,
+  c_nonce: 'c_nonce2022101300',
+  c_nonce_expires_in: 2025101300,
+  interval: 2025101300,
+  token_type: 'Bearer',
+};
+
+const INITIATE_QR_V1_0_13 =
+  'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22:%22https://issuer.research.identiproof.io%22,%22credential_configuration_ids%22:%5B%22OpenBadgeCredentialUrl%22%5D,%22grants%22:%7B%22urn:ietf:params:oauth:grant-type:pre-authorized_code%22:%7B%22pre-authorized_code%22:%22oaKazRN8I0IbtZ0C7JuMn5%22,%22tx_code%22:%7B%22input_mode%22:%22text%22,%22length%22:22,%22description%22:%22Please%20enter%20the%20serial%20number%20of%20your%20physical%20drivers%20license%22%7D%7D%7D%7D';
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
+  return 'ey.val.ue';
+}
 describe('OID4VCI-Client should', () => {
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
-    return 'ey.val.ue';
-  }
   beforeEach(() => {
     nock.cleanAll();
   });
@@ -55,8 +75,6 @@ describe('OID4VCI-Client should', () => {
     interval: 2025101300,
     token_type: 'Bearer',
   };
-  const mockedVC =
-    'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzU2NTA0OSIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19LCJpc3MiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwibmJmIjoxMjYyMzA0MDAwLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.z5vgMTK1nfizNCg5N-niCOL3WUIAL7nXy-nGhDZYO_-PNGeE-0djCpWAMH8fD8eWSID5PfkPBYkx_dfLJnQ7NA';
   const INITIATE_QR_V1_0_08 =
     'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true';
   const OFFER_QR_V1_0_08 =
@@ -67,14 +85,14 @@ describe('OID4VCI-Client should', () => {
     'https://issuer.research.identiproof.io?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fissuer.research.identiproof.io%22%2C%22credentials%22%3A%5B%7B%22format%22%3A%22jwt_vc_json%22%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%5D%2C%22grants%22%3A%7B%22authorization_code%22%3A%7B%22issuer_state%22%3A%22eyJhbGciOiJSU0Et...FYUaBy%22%7D%7D%7D';
   const HTTPS_OFFER_QR_PRE_AUTHORIZED =
     'https://issuer.research.identiproof.io?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fissuer.research.identiproof.io%22%2C%22credentials%22%3A%5B%7B%22format%22%3A%22jwt_vc_json%22%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22adhjhdjajkdkhjhdj%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D';
-
-  const INITIATE_QR_V1_0_13 =
-    'openid-credential-offer://?credential_offer=%7B%22credential_issuer%22:%22https://issuer.research.identiproof.io%22,%22credential_configuration_ids%22:%5B%22OpenBadgeCredentialUrl%22%5D,%22grants%22:%7B%22urn:ietf:params:oauth:grant-type:pre-authorized_code%22:%7B%22pre-authorized_code%22:%22oaKazRN8I0IbtZ0C7JuMn5%22,%22tx_code%22:%7B%22input_mode%22:%22text%22,%22length%22:22,%22description%22:%22Please%20enter%20the%20serial%20number%20of%20your%20physical%20drivers%20license%22%7D%7D%7D%7D';
+  const HTTPS_OFFER_QR_PRE_AUTHORIZED_v13 =
+    'https://issuer.research.identiproof.io?credential_offer=%7B%0A%20%20%20%20%22credential_issuer%22%3A%20%22https%3A%2F%2Fissuer.research.identiproof.io%22%2C%0A%20%20%20%20%22credential_configuration_ids%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%22UniversityDegreeCredential%22%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22grants%22%3A%20%7B%0A%20%20%20%20%20%20%20%20%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22pre-authorized_code%22%3A%20%22adhjhdjajkdkhjhdj%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%22tx_code%22%3A%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22length%22%3A%204%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22input_mode%22%3A%20%22numeric%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22description%22%3A%20%22Please%20provide%20the%20one-time%20code%20that%20was%20sent%20via%20e-mail%22%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D';
 
   function succeedWithAFullFlowWithClientSetup() {
     nock(IDENTIPROOF_ISSUER_URL).get('/.well-known/openid-credential-issuer').reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
     nock(IDENTIPROOF_AS_URL).get('/.well-known/oauth-authorization-server').reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
     nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
+    nock(IDENTIPROOF_ISSUER_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(200, {});
     nock(IDENTIPROOF_AS_URL)
       .post(/oauth2\/token.*/)
       .reply(200, JSON.stringify(mockedAccessTokenResponse));
@@ -88,7 +106,7 @@ describe('OID4VCI-Client should', () => {
 
   it('succeed with a full flow with the client using OpenID4VCI version 9', async () => {
     succeedWithAFullFlowWithClientSetup();
-    const client = await OpenID4VCIClientV1_0_11.fromURI({
+    const client = await OpenID4VCIClient.fromURI({
       uri: INITIATE_QR_V1_0_08,
       kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
       alg: Alg.ES256,
@@ -99,7 +117,7 @@ describe('OID4VCI-Client should', () => {
 
   it('succeed with a full flow with the client using OpenID4VCI version 11 and deeplink', async () => {
     succeedWithAFullFlowWithClientSetup();
-    const client = await OpenID4VCIClientV1_0_11.fromURI({
+    const client = await OpenID4VCIClient.fromURI({
       uri: OFFER_QR_V1_0_08,
       kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
       alg: Alg.ES256,
@@ -110,7 +128,7 @@ describe('OID4VCI-Client should', () => {
 
   it('succeed with a full flow with the client using OpenID4VCI draft < 9 and https', async () => {
     succeedWithAFullFlowWithClientSetup();
-    const client = await OpenID4VCIClientV1_0_11.fromURI({
+    const client = await OpenID4VCIClient.fromURI({
       uri: HTTPS_INITIATE_QR,
       kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
       alg: Alg.ES256,
@@ -121,7 +139,7 @@ describe('OID4VCI-Client should', () => {
 
   it('should succeed with a full flow with the client using OpenID4VCI draft > 11, https and authorization_code flow', async () => {
     succeedWithAFullFlowWithClientSetup();
-    const client = await OpenID4VCIClientV1_0_11.fromURI({
+    const client = await OpenID4VCIClient.fromURI({
       uri: HTTPS_OFFER_QR_AUTHORIZATION_CODE,
       kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
       alg: Alg.ES256,
@@ -132,7 +150,65 @@ describe('OID4VCI-Client should', () => {
 
   it('should succeed with a full flow with the client using OpenID4VCI draft > 11, https and preauthorized_code flow', async () => {
     succeedWithAFullFlowWithClientSetup();
-    const client = await OpenID4VCIClientV1_0_11.fromURI({
+    const client = await OpenID4VCIClient.fromURI({
+      uri: HTTPS_OFFER_QR_PRE_AUTHORIZED,
+      kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
+      alg: Alg.ES256,
+      clientId: 'test-clientId',
+    });
+    await assertionOfsucceedWithAFullFlowWithClient(client);
+  });
+
+  it('should succeed with a full flow with the client using OpenID4VCI draft >= 13, https and preauthorized_code flow without did', async () => {
+    nock(IDENTIPROOF_ISSUER_URL)
+      .get(WellKnownEndpoints.OPENID_CONFIGURATION)
+      .reply(200, {
+        token_endpoint: `${IDENTIPROOF_ISSUER_URL}/token`,
+        authorization_endpoint: `${IDENTIPROOF_ISSUER_URL}/authorize`,
+      });
+    nock(IDENTIPROOF_ISSUER_URL).post('/token').reply(200, {
+      access_token: 'ey6546.546654.64565',
+      authorization_pending: false,
+      c_nonce: 'c_nonce2022101300',
+      c_nonce_expires_in: 2025101300,
+      interval: 2025101300,
+      token_type: 'Bearer',
+    });
+    nock(IDENTIPROOF_ISSUER_URL).get('/.well-known/openid-credential-issuer').reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA_v13));
+    nock(ISSUER_URL)
+      .post(/credential/)
+      .reply(200, {
+        format: 'jwt-vc',
+        credential: mockedVC,
+      });
+    const client = await OpenID4VCIClientV1_0_13.fromURI({
+      uri: HTTPS_OFFER_QR_PRE_AUTHORIZED_v13,
+      kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1',
+      alg: Alg.ES256,
+      clientId: 'test-clientId',
+    });
+    expect(client.credentialOffer).toBeDefined();
+    expect(client.endpointMetadata).toBeDefined();
+    expect(client.getIssuer()).toEqual('https://issuer.research.identiproof.io');
+    expect(client.getCredentialEndpoint()).toEqual('https://issuer.research.identiproof.io/credential');
+    expect(client.getAccessTokenEndpoint()).toEqual('https://issuer.research.identiproof.io/token');
+
+    const accessToken = await client.acquireAccessToken({ pin: '1234', code: 'ABCD' });
+    expect(accessToken).toEqual(mockedAccessTokenResponse);
+
+    const credentialResponse = await client.acquireCredentials({
+      credentialIdentifier: 'OpenBadgeCredential',
+      format: 'jwt_vc_json-ld',
+      proofCallbacks: {
+        signCallback: proofOfPossessionCallbackFunction,
+      },
+    });
+    expect(credentialResponse.credential).toEqual(mockedVC);
+  });
+
+  it('should succeed with a full flow with the client using OpenID4VCI draft > 11, https and preauthorized_code flow', async () => {
+    succeedWithAFullFlowWithClientSetup();
+    const client = await OpenID4VCIClient.fromURI({
       uri: HTTPS_OFFER_QR_PRE_AUTHORIZED,
       kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1',
       alg: Alg.ES256,
@@ -141,7 +217,7 @@ describe('OID4VCI-Client should', () => {
     await assertionOfsucceedWithAFullFlowWithClient(client);
   });
 
-  async function assertionOfsucceedWithAFullFlowWithClient(client: OpenID4VCIClientV1_0_11) {
+  async function assertionOfsucceedWithAFullFlowWithClient(client: OpenID4VCIClient) {
     expect(client.credentialOffer).toBeDefined();
     expect(client.endpointMetadata).toBeDefined();
     expect(client.getIssuer()).toEqual('https://issuer.research.identiproof.io');
@@ -165,7 +241,7 @@ describe('OID4VCI-Client should', () => {
     'succeed with a full flow without the client v1_0_11',
     async () => {
       /* Convert the URI into an object */
-      const credentialOffer: CredentialOfferRequestWithBaseUrl = await CredentialOfferClientV1_0_11.fromURI(INITIATE_QR_V1_0_08);
+      const credentialOffer: CredentialOfferRequestWithBaseUrl = await CredentialOfferClient.fromURI(INITIATE_QR_V1_0_08);
 
       expect(credentialOffer.baseUrl).toEqual('openid-initiate-issuance://');
       expect(credentialOffer.original_credential_offer).toEqual({
@@ -191,18 +267,14 @@ describe('OID4VCI-Client should', () => {
           format: 'jwt-vc',
           credential: mockedVC,
         });
-      const credReqClient = CredentialRequestClientBuilderV1_0_11.fromCredentialOffer({ credentialOffer: credentialOffer })
+      const credReqClient = CredentialRequestClientBuilder.fromCredentialOffer({ credentialOffer: credentialOffer })
         .withFormat('jwt_vc')
 
         .withTokenFromResponse(accessTokenResponse.successBody!)
         .build();
 
-      //TS2322: Type '(args: ProofOfPossessionCallbackArgs) => Promise<string>'
-      // is not assignable to type 'ProofOfPossessionCallback'.
-      // Types of parameters 'args' and 'args' are incompatible.
-      // Property 'kid' is missing in type '{ header: unknown; payload: unknown; }' but required in type 'ProofOfPossessionCallbackArgs'.
       const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-        jwt,
+        jwt: jwtDid,
         callbacks: {
           signCallback: proofOfPossessionCallbackFunction,
         },
@@ -261,12 +333,8 @@ describe('OID4VCI-Client should', () => {
         .withTokenFromResponse(accessTokenResponse.successBody!)
         .build();
 
-      //TS2322: Type '(args: ProofOfPossessionCallbackArgs) => Promise<string>'
-      // is not assignable to type 'ProofOfPossessionCallback'.
-      // Types of parameters 'args' and 'args' are incompatible.
-      // Property 'kid' is missing in type '{ header: unknown; payload: unknown; }' but required in type 'ProofOfPossessionCallbackArgs'.
       const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-        jwt,
+        jwt: jwtDid,
         callbacks: {
           signCallback: proofOfPossessionCallbackFunction,
         },
@@ -290,9 +358,6 @@ describe('OID4VCI-Client should', () => {
 });
 
 describe('OIDVCI-Client for v1_0_13 should', () => {
-  const INITIATE_QR_V1_0_13_CREDENCO =
-    'openid-credential-offer://mijnkvk.acc.credenco.com/?credential_offer_uri=https%3A%2F%2Fmijnkvk.acc.credenco.com%2Fopenid4vc%2FcredentialOffer%3Fid%3D32fc4ebf-9e31-4149-9877-e3c0b602d559';
-
   const mockedCredentialOffer = {
     credential_issuer: 'https://mijnkvk.acc.credenco.com',
     credential_configuration_ids: ['BevoegdheidUittreksel_jwt_vc_json'],
@@ -320,21 +385,6 @@ describe('OIDVCI-Client for v1_0_13 should', () => {
     nock.cleanAll();
   });
 
-  /*function succeedWithAFullFlowWithClientSetup() {
-    nock(IDENTIPROOF_ISSUER_URL).get('/.well-known/openid-credential-issuer').reply(200, JSON.stringify(IDENTIPROOF_OID4VCI_METADATA));
-    nock(IDENTIPROOF_AS_URL).get('/.well-known/oauth-authorization-server').reply(200, JSON.stringify(IDENTIPROOF_AS_METADATA));
-    nock(IDENTIPROOF_AS_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(404, {});
-    nock(IDENTIPROOF_AS_URL)
-    .post(/oauth2\/token.*!/)
-    .reply(200, JSON.stringify(mockedAccessTokenResponse));
-    nock(ISSUER_URL)
-    .post(/credential/)
-    .reply(200, {
-      format: 'jwt-vc',
-      credential: mockedVC,
-    });
-  }*/
-
   it('should successfully resolve the credential offer URI', async () => {
     const uri = 'https://mijnkvk.acc.credenco.com/openid4vc/credentialOffer?id=32fc4ebf-9e31-4149-9877-e3c0b602d559';
 
@@ -343,78 +393,65 @@ describe('OIDVCI-Client for v1_0_13 should', () => {
     expect(credentialOffer).toEqual(mockedCredentialOffer);
   });
 
-  // TODO: ksadjad remove the skipped test
-  it.skip(
-    'succeed credenco with a full flow without the client v1_0_13',
+  it(
+    'succeed with a full flow without the client and without did',
     async () => {
       /* Convert the URI into an object */
-      // openid-credential-offer://?credential_offer%3D%7B%22credential_issuer%22%3A%22https%3A%2F%2Fissuer.research.identiproof.io%22%2C%22credentials%22%3A%5B%7B%22format%22%3A%22jwt_vc_json%22%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22adhjhdjajkdkhjhdj%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D
-      const credentialOffer: CredentialOfferRequestWithBaseUrl = await CredentialOfferClient.fromURI(INITIATE_QR_V1_0_13_CREDENCO);
-      /**
-       * {"credential_issuer":"https://mijnkvk.acc.credenco.com","credential_configuration_ids":["BevoegdheidUittreksel_jwt_vc_json"],"grants":{"authorization_code":{"issuer_state":"32fc4ebf-9e31-4149-9877-e3c0b602d559"},"urn:ietf:params:oauth:grant-type:pre-authorized_code":{"pre-authorized_code":"eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiIzMmZjNGViZi05ZTMxLTQxNDktOTg3Ny1lM2MwYjYwMmQ1NTkiLCJpc3MiOiJodHRwczovL21pam5rdmsuYWNjLmNyZWRlbmNvLmNvbSIsImF1ZCI6IlRPS0VOIn0.754aiQ87O0vHYSpRvPqAS9cLOgf-pewdeXbpLziRwsxEp9mENfaXpY62muYpzOaWcYmTOydkzhFul-NDYXJZCA"}}}
-       */
-      const preAuthorizedCode =
-        'eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiIzMmZjNGViZi05ZTMxLTQxNDktOTg3Ny1lM2MwYjYwMmQ1NTkiLCJpc3MiOiJodHRwczovL21pam5rdmsuYWNjLmNyZWRlbmNvLmNvbSIsImF1ZCI6IlRPS0VOIn0.754aiQ87O0vHYSpRvPqAS9cLOgf-pewdeXbpLziRwsxEp9mENfaXpY62muYpzOaWcYmTOydkzhFul-NDYXJZCA';
-      expect(credentialOffer.baseUrl).toEqual('openid-credential-offer://mijnkvk.acc.credenco.com/');
-      expect((credentialOffer.credential_offer as CredentialOfferPayloadV1_0_13).credential_configuration_ids).toEqual([
-        'BevoegdheidUittreksel_jwt_vc_json',
-      ]);
-      expect(credentialOffer.original_credential_offer.grants).toEqual({
-        authorization_code: {
-          issuer_state: '32fc4ebf-9e31-4149-9877-e3c0b602d559',
-        },
-        'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
-          'pre-authorized_code': preAuthorizedCode,
+      const credentialOffer: CredentialOfferRequestWithBaseUrl = await CredentialOfferClient.fromURI(INITIATE_QR_V1_0_13);
+
+      expect(credentialOffer.baseUrl).toEqual('openid-credential-offer://');
+      expect(credentialOffer.original_credential_offer).toEqual({
+        credential_configuration_ids: ['OpenBadgeCredentialUrl'],
+        credential_issuer: ISSUER_URL,
+        grants: {
+          'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+            'pre-authorized_code': 'oaKazRN8I0IbtZ0C7JuMn5',
+            tx_code: {
+              description: 'Please enter the serial number of your physical drivers license',
+              input_mode: 'text',
+              length: 22,
+            },
+          },
         },
       });
 
-      /*nock(ISSUER_URL)
-      .post(/token.*!/)
-      .reply(200, JSON.stringify(mockedAccessTokenResponse));*/
+      nock(ISSUER_URL)
+        .post(/token.*/)
+        .reply(200, JSON.stringify(mockedAccessTokenResponse));
 
       /* The actual access token calls */
       const accessTokenClient: AccessTokenClient = new AccessTokenClient();
-      const accessTokenResponse = await accessTokenClient.acquireAccessToken({
-        credentialOffer: credentialOffer,
-        pin: preAuthorizedCode /*, metadata: {}*/,
-      });
-      expect(accessTokenResponse.successBody).toEqual({});
-      /*// Get the credential
+      const accessTokenResponse = await accessTokenClient.acquireAccessToken({ credentialOffer: credentialOffer, pin: '1234' });
+      expect(accessTokenResponse.successBody).toEqual(mockedAccessTokenResponse);
+      // Get the credential
       nock(ISSUER_URL)
-      .post(/credential/)
-      .reply(200, {
-        format: 'jwt-vc',
-        credential: mockedVC,
-      });
+        .post(/credential/)
+        .reply(200, {
+          format: 'jwt-vc',
+          credential: mockedVC,
+        });
       const credReqClient = CredentialRequestClientBuilder.fromCredentialOffer({ credentialOffer: credentialOffer })
-      .withFormat('jwt_vc')
+        .withFormat('jwt_vc')
 
-      .withTokenFromResponse(accessTokenResponse.successBody!)
-      .build();
+        .withTokenFromResponse(accessTokenResponse.successBody!)
+        .build();
 
-      //TS2322: Type '(args: ProofOfPossessionCallbackArgs) => Promise<string>'
-      // is not assignable to type 'ProofOfPossessionCallback'.
-      // Types of parameters 'args' and 'args' are incompatible.
-      // Property 'kid' is missing in type '{ header: unknown; payload: unknown; }' but required in type 'ProofOfPossessionCallbackArgs'.
       const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
-        jwt,
+        jwt: jwtWithoutDid,
         callbacks: {
           signCallback: proofOfPossessionCallbackFunction,
         },
-        version: OpenId4VCIVersion.VER_1_0_11,
-      })
-      .withEndpointMetadata({
-        issuer: 'https://issuer.research.identiproof.io',
-        credential_endpoint: 'https://issuer.research.identiproof.io/credential',
-        token_endpoint: 'https://issuer.research.identiproof.io/token',
+        version: OpenId4VCIVersion.VER_1_0_13,
       })
-      .withKid('did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1')
-      .build();
-      const credResponse = await credReqClient.acquireCredentialsUsingProof({
-        proofInput: proof,
-        credentialTypes: credentialOffer.original_credential_offer.credential_configuration_ids,
-      });
-      expect(credResponse.successBody?.credential).toEqual(mockedVC);*/
+        .withEndpointMetadata({
+          issuer: 'https://issuer.research.identiproof.io',
+          credential_endpoint: 'https://issuer.research.identiproof.io/credential',
+          token_endpoint: 'https://issuer.research.identiproof.io/token',
+        })
+        .withKid('ebfeb1f712ebc6f1c276e12ec21/keys/1')
+        .build();
+      const credResponse = await credReqClient.acquireCredentialsUsingProof({ proofInput: proof, credentialIdentifier: 'OpenBadgeCredentialUrl' });
+      expect(credResponse.successBody?.credential).toEqual(mockedVC);
     },
     UNIT_TEST_TIMEOUT,
   );

package/lib/__tests__/MetadataMocks.ts

@@ -127,6 +127,41 @@ export const IDENTIPROOF_OID4VCI_METADATA = {
     },
   },
 };
+export const IDENTIPROOF_OID4VCI_METADATA_v13 = {
+  issuer: 'https://issuer.research.identiproof.io',
+  authorization_server: 'https://auth.research.identiproof.io',
+  credential_endpoint: 'https://issuer.research.identiproof.io/credential',
+  jwks_uri: 'https://issuer.research.identiproof.io/.well-known/did.json',
+  credential_configurations_supported: {
+    'Cyber Security Certificate': {
+      formats: {
+        jwt_vc: {
+          types: ['VerifiableCredential', 'Cyber Security Certificate'],
+          cryptographic_binding_methods_supported: ['did'],
+          cryptographic_suites_supported: ['ES256'],
+        },
+      },
+    },
+    OpenBadgeCredential: {
+      formats: {
+        jwt_vc: {
+          types: ['VerifiableCredential', 'OpenBadgeCredential'],
+          cryptographic_binding_methods_supported: ['did'],
+          cryptographic_suites_supported: ['ES256'],
+        },
+      },
+    },
+    OpenBadgeExtendedCredential: {
+      formats: {
+        jwt_vc: {
+          types: ['VerifiableCredential', 'OpenBadgeExtendedCredential'],
+          cryptographic_binding_methods_supported: ['did'],
+          cryptographic_suites_supported: ['ES256'],
+        },
+      },
+    },
+  },
+};
 
 export const SPRUCE_OID4VCI_METADATA = {
   issuer: 'https://ngi-oidc4vci-test.spruceid.xyz',

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -12,8 +12,15 @@ const jwt: Jwt = {
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
+const jwt_withoutDid: Jwt = {
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
+};
+
 const kid = 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1';
 
+const kid_withoutDid = 'ebfeb1f712ebc6f1c276e12ec21/keys/1';
+
 let keypair: KeyPair;
 
 async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> {
@@ -52,6 +59,16 @@ describe('ProofOfPossession Builder ', () => {
     ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
   });
 
+  it('should fail without supplied proof or callbacks and with kid without did', async function () {
+    await expect(
+      ProofOfPossessionBuilder.fromProof(undefined as never, OpenId4VCIVersion.VER_1_0_13)
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
+  });
+
   it('should fail wit undefined jwt supplied', async function () {
     await expect(() =>
       ProofOfPossessionBuilder.fromJwt({ jwt, callbacks: { signCallback: proofOfPossessionCallbackFunction }, version: OpenId4VCIVersion.VER_1_0_08 })
@@ -63,6 +80,21 @@ describe('ProofOfPossession Builder ', () => {
     ).toThrow(Error(NO_JWT_PROVIDED));
   });
 
+  it('should fail with undefined jwt supplied and kid without did', async function () {
+    await expect(() =>
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withJwt(undefined as never)
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).toThrow(Error(NO_JWT_PROVIDED));
+  });
+
   it('should build a proof with all required params present', async function () {
     const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
       jwt,
@@ -78,6 +110,21 @@ describe('ProofOfPossession Builder ', () => {
     expect(proof).toBeDefined();
   });
 
+  it('should build a proof with all required params present without did', async function () {
+    const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
+      jwt: jwt_withoutDid,
+      callbacks: {
+        signCallback: proofOfPossessionCallbackFunction,
+      },
+      version: OpenId4VCIVersion.VER_1_0_08,
+    })
+    .withIssuer(IDENTIPROOF_ISSUER_URL)
+    .withKid(kid_withoutDid)
+    .withClientId('sphereon:wallet')
+    .build();
+    expect(proof).toBeDefined();
+  });
+
   it('should fail creating a proof of possession with simple verification', async () => {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
@@ -93,6 +140,25 @@ describe('ProofOfPossession Builder ', () => {
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 
+  it('should fail creating a proof of possession with simple verification and without did', async () => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
+      throw new Error(JWS_NOT_VALID);
+    }
+
+    await expect(
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(JWS_NOT_VALID));
+  });
+
   it('should fail creating a proof of possession without verify callback', async () => {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
@@ -107,4 +173,23 @@ describe('ProofOfPossession Builder ', () => {
         .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
+
+  it('should fail creating a proof of possession without verify callback and without did', async () => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async function proofOfPossessionCallbackFunction(_args: Jwt, _kid?: string): Promise<string> {
+      throw new Error(JWS_NOT_VALID);
+    }
+
+    await expect(
+      ProofOfPossessionBuilder.fromJwt({
+        jwt: jwt_withoutDid,
+        callbacks: { signCallback: proofOfPossessionCallbackFunction },
+        version: OpenId4VCIVersion.VER_1_0_08,
+      })
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withClientId('sphereon:wallet')
+      .withKid(kid_withoutDid)
+      .build(),
+    ).rejects.toThrow(Error(JWS_NOT_VALID));
+  });
 });