@sphereon/oid4vci-client 0.12.1-unstable.9 → 0.13.0

package/lib/AccessTokenClient.ts

@@ -22,6 +22,7 @@ import {
 import { ObjectUtils } from '@sphereon/ssi-types';
 
 import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
+import { createJwtBearerClientAssertion } from './functions';
 import { LOG } from './types';
 
 export class AccessTokenClient {
@@ -48,6 +49,9 @@ export class AccessTokenClient {
         code,
         redirectUri,
         pin,
+        credentialIssuer: issuer,
+        metadata,
+        additionalParams: opts.additionalParams,
         pinMetadata,
       }),
       pinMetadata,
@@ -90,11 +94,12 @@ export class AccessTokenClient {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
     const credentialOfferRequest = opts.credentialOffer ? await toUniformCredentialOfferRequest(opts.credentialOffer) : undefined;
-    const request: Partial<AccessTokenRequest> = {};
-
-    if (asOpts?.clientId) {
-      request.client_id = asOpts.clientId;
+    const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
+    if (asOpts?.clientOpts?.clientId) {
+      request.client_id = asOpts.clientOpts.clientId;
     }
+    const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
+    await createJwtBearerClientAssertion(request, { ...opts, credentialIssuer });
 
     if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
       this.assertAlphanumericPin(opts.pinMetadata, pin);

package/lib/AccessTokenClientV1_0_11.ts

@@ -14,6 +14,7 @@ import {
   GrantTypes,
   IssuerOpts,
   JsonURIMode,
+  OpenId4VCIVersion,
   OpenIDResponse,
   PRE_AUTH_CODE_LITERAL,
   TokenErrorResponse,
@@ -24,6 +25,7 @@ import { ObjectUtils } from '@sphereon/ssi-types';
 import Debug from 'debug';
 
 import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
+import { createJwtBearerClientAssertion } from './functions';
 
 const debug = Debug('sphereon:oid4vci:token');
 
@@ -51,6 +53,10 @@ export class AccessTokenClientV1_0_11 {
         code,
         redirectUri,
         pin,
+        credentialIssuer: issuer,
+        metadata,
+        additionalParams: opts.additionalParams,
+        pinMetadata: opts.pinMetadata,
       }),
       isPinRequired,
       metadata,
@@ -92,11 +98,13 @@ export class AccessTokenClientV1_0_11 {
     const credentialOfferRequest = opts.credentialOffer
       ? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
       : undefined;
-    const request: Partial<AccessTokenRequest> = {};
+    const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
+    const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer ?? opts.metadata?.issuer;
 
-    if (asOpts?.clientId) {
-      request.client_id = asOpts.clientId;
+    if (asOpts?.clientOpts?.clientId) {
+      request.client_id = asOpts.clientOpts.clientId;
     }
+    await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11, credentialIssuer });
 
     if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
       this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);

package/lib/AuthorizationCodeClient.ts

@@ -52,14 +52,14 @@ export async function createSignedAuthRequestWhenNeeded(requestObject: Record<st
     const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id;
 
     const jwt: Jwt = {
-      header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' },
+      header: { alg: 'ES256', kid: opts.kid, typ: 'JWT' },
       payload: { ...requestObject, iss, authorization_details, ...(client_metadata && { client_metadata }) },
     };
     const pop = await ProofOfPossessionBuilder.fromJwt({
       jwt,
       callbacks: opts.signCallbacks,
       version: OpenId4VCIVersion.VER_1_0_11,
-      mode: 'jwt',
+      mode: 'JWT',
     }).build();
     requestObject['request'] = pop.jwt;
   }

package/lib/CredentialRequestClientBuilder.ts

@@ -8,9 +8,9 @@ import {
   ExperimentalSubjectIssuance,
   OID4VCICredentialFormat,
   OpenId4VCIVersion,
-  UniformCredentialOfferRequest
-} from '@sphereon/oid4vci-common'
-import { CredentialFormat } from '@sphereon/ssi-types'
+  UniformCredentialOfferRequest,
+} from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
 
 import { CredentialOfferClient } from './CredentialOfferClient';
 import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
@@ -30,12 +30,12 @@ export class CredentialRequestClientBuilder {
   }
 
   public static fromCredentialIssuer({
-                                       credentialIssuer,
-                                       metadata,
-                                       version,
-                                       credentialIdentifier,
-                                       credentialTypes,
-                                     }: {
+    credentialIssuer,
+    metadata,
+    version,
+    credentialIdentifier,
+    credentialTypes,
+  }: {
     credentialIssuer: string;
     metadata?: EndpointMetadata;
     version?: OpenId4VCIVersion;
@@ -99,9 +99,9 @@ export class CredentialRequestClientBuilder {
   }
 
   public static fromCredentialOffer({
-                                      credentialOffer,
-                                      metadata,
-                                    }: {
+    credentialOffer,
+    metadata,
+  }: {
     credentialOffer: CredentialOfferRequestWithBaseUrl;
     metadata?: EndpointMetadata;
   }): CredentialRequestClientBuilder {
@@ -129,9 +129,9 @@ export class CredentialRequestClientBuilder {
 
   public withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata | CredentialIssuerMetadataV1_0_13): this {
     if (isV1_0_13(this._builder)) {
-      this._builder.withCredentialEndpointFromMetadata(metadata as CredentialIssuerMetadataV1_0_13)
+      this._builder.withCredentialEndpointFromMetadata(metadata as CredentialIssuerMetadataV1_0_13);
     } else {
-      this._builder.withCredentialEndpointFromMetadata(metadata as CredentialIssuerMetadata)
+      this._builder.withCredentialEndpointFromMetadata(metadata as CredentialIssuerMetadata);
     }
     return this;
   }

package/lib/OpenID4VCIClient.ts

@@ -3,6 +3,7 @@ import {
   Alg,
   AuthorizationRequestOpts,
   AuthorizationResponse,
+  AuthorizationServerOpts,
   AuthzFlowType,
   CodeChallengeMethod,
   CredentialConfigurationSupported,
@@ -41,8 +42,8 @@ import { createAuthorizationRequestUrl } from './AuthorizationCodeClient';
 import { createAuthorizationRequestUrlV1_0_11 } from './AuthorizationCodeClientV1_0_11';
 import { CredentialOfferClient } from './CredentialOfferClient';
 import { CredentialRequestOpts } from './CredentialRequestClient';
-import { CredentialRequestClientBuilderV1_0_13 } from './CredentialRequestClientBuilderV1_0_13';
 import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
+import { CredentialRequestClientBuilderV1_0_13 } from './CredentialRequestClientBuilderV1_0_13';
 import { MetadataClient } from './MetadataClient';
 import { OpenID4VCIClientStateV1_0_11 } from './OpenID4VCIClientV1_0_11';
 import { OpenID4VCIClientStateV1_0_13 } from './OpenID4VCIClientV1_0_13';
@@ -103,6 +104,7 @@ export class OpenID4VCIClient {
       pkce: { disabled: false, codeChallengeMethod: CodeChallengeMethod.S256, ...pkce },
       authorizationRequestOpts,
       authorizationCodeResponse,
+      accessToken,
       jwk,
       endpointMetadata: endpointMetadata?.credentialIssuerMetadata?.authorization_server
         ? (endpointMetadata as EndpointMetadataResultV1_0_11)
@@ -273,8 +275,10 @@ export class OpenID4VCIClient {
     authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
     code?: string; // Directly pass in a code from an auth response
     redirectUri?: string;
+    additionalRequestParams?: Record<string, any>;
+    asOpts?: AuthorizationServerOpts;
   }): Promise<AccessTokenResponse> {
-    const { pin, clientId } = opts ?? {};
+    const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
       this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
@@ -288,6 +292,26 @@ export class OpenID4VCIClient {
     }
     this.assertIssuerData();
 
+    const asOpts: AuthorizationServerOpts = { ...opts?.asOpts };
+    const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
+    const clientAssertionType =
+      asOpts.clientOpts?.clientAssertionType ??
+      (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
+        ? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+        : undefined);
+    if (this.isEBSI() || (clientId && kid)) {
+      if (!clientId) {
+        throw Error(`Client id expected for EBSI`);
+      }
+      asOpts.clientOpts = {
+        ...asOpts.clientOpts,
+        clientId,
+        ...(kid && { kid }),
+        ...(clientAssertionType && { clientAssertionType }),
+        signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks,
+      };
+    }
+
     if (clientId) {
       this._state.clientId = clientId;
     }
@@ -311,7 +335,8 @@ export class OpenID4VCIClient {
         ...(!this._state.pkce.disabled && { codeVerifier: this._state.pkce.codeVerifier }),
         code,
         redirectUri,
-        asOpts: { clientId: this.clientId },
+        asOpts,
+        ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
       if (response.errorBody) {
@@ -646,6 +671,9 @@ export class OpenID4VCIClient {
     }
     // this.assertIssuerData();
     return (
+      this.clientId?.includes('ebsi') ||
+      this._state.kid?.includes('did:ebsi:') ||
+      this.getIssuer().includes('ebsi') ||
       this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu') ||
       this.endpointMetadata.credentialIssuerMetadata?.authorization_server?.includes('ebsi.eu')
     );

package/lib/OpenID4VCIClientV1_0_11.ts

@@ -3,6 +3,7 @@ import {
   Alg,
   AuthorizationRequestOpts,
   AuthorizationResponse,
+  AuthorizationServerOpts,
   AuthzFlowType,
   CodeChallengeMethod,
   CredentialConfigurationSupported,
@@ -259,8 +260,10 @@ export class OpenID4VCIClientV1_0_11 {
     authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
     code?: string; // Directly pass in a code from an auth response
     redirectUri?: string;
+    additionalRequestParams?: Record<string, any>;
+    asOpts?: AuthorizationServerOpts;
   }): Promise<AccessTokenResponse> {
-    const { pin, clientId } = opts ?? {};
+    const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
       this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
@@ -288,6 +291,25 @@ export class OpenID4VCIClientV1_0_11 {
       if (this._state.authorizationRequestOpts?.redirectUri && !redirectUri) {
         redirectUri = this._state.authorizationRequestOpts.redirectUri;
       }
+      const asOpts: AuthorizationServerOpts = { ...opts?.asOpts };
+      const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
+      const clientAssertionType =
+        asOpts.clientOpts?.clientAssertionType ??
+        (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
+          ? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+          : undefined);
+      if (this.isEBSI() || (clientId && kid)) {
+        if (!clientId) {
+          throw Error(`Client id expected for EBSI`);
+        }
+        asOpts.clientOpts = {
+          ...asOpts.clientOpts,
+          clientId,
+          ...(kid && { kid }),
+          ...(clientAssertionType && { clientAssertionType }),
+          signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks,
+        };
+      }
 
       const response = await accessTokenClient.acquireAccessToken({
         credentialOffer: this.credentialOffer,
@@ -297,7 +319,8 @@ export class OpenID4VCIClientV1_0_11 {
         ...(!this._state.pkce.disabled && { codeVerifier: this._state.pkce.codeVerifier }),
         code,
         redirectUri,
-        asOpts: { clientId: this.clientId },
+        asOpts,
+        ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
       if (response.errorBody) {
@@ -584,8 +607,8 @@ export class OpenID4VCIClientV1_0_11 {
    */
   public isEBSI() {
     if (
-      (this.credentialOffer?.credential_offer as CredentialOfferPayloadV1_0_11)['credentials'] &&
-      (this.credentialOffer?.credential_offer as CredentialOfferPayloadV1_0_11).credentials.find(
+      this.credentialOffer &&
+      (this.credentialOffer?.credential_offer as CredentialOfferPayloadV1_0_11)?.credentials?.find(
         (cred) =>
           // eslint-disable-next-line @typescript-eslint/ban-ts-comment
           // @ts-ignore
@@ -594,8 +617,14 @@ export class OpenID4VCIClientV1_0_11 {
     ) {
       return true;
     }
-    this.assertIssuerData();
-    return this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu') === true;
+    // this.assertIssuerData();
+    return (
+      this.clientId?.includes('ebsi') ||
+      this._state.kid?.includes('did:ebsi:') ||
+      this.getIssuer().includes('ebsi') ||
+      this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu') ||
+      this.endpointMetadata.credentialIssuerMetadata?.authorization_server?.includes('ebsi.eu')
+    );
   }
 
   private assertIssuerData(): void {

package/lib/OpenID4VCIClientV1_0_13.ts

@@ -3,6 +3,7 @@ import {
   Alg,
   AuthorizationRequestOpts,
   AuthorizationResponse,
+  AuthorizationServerOpts,
   AuthzFlowType,
   CodeChallengeMethod,
   CredentialConfigurationSupportedV1_0_13,
@@ -36,8 +37,7 @@ import { CredentialRequestOpts } from './CredentialRequestClient';
 import { CredentialRequestClientBuilder } from './CredentialRequestClientBuilder';
 import { MetadataClientV1_0_13 } from './MetadataClientV1_0_13';
 import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
-import { generateMissingPKCEOpts } from './functions';
-import { sendNotification } from './functions';
+import { generateMissingPKCEOpts, sendNotification } from './functions';
 
 const debug = Debug('sphereon:oid4vci');
 
@@ -265,8 +265,10 @@ export class OpenID4VCIClientV1_0_13 {
     authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
     code?: string; // Directly pass in a code from an auth response
     redirectUri?: string;
+    additionalRequestParams?: Record<string, any>;
+    asOpts?: AuthorizationServerOpts;
   }): Promise<AccessTokenResponse> {
-    const { pin, clientId } = opts ?? {};
+    const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
       this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
@@ -279,6 +281,25 @@ export class OpenID4VCIClientV1_0_13 {
       this._state.pkce.codeVerifier = opts.codeVerifier;
     }
     this.assertIssuerData();
+    const asOpts: AuthorizationServerOpts = { ...opts?.asOpts };
+    const kid = asOpts.clientOpts?.kid ?? this._state.kid ?? this._state.authorizationRequestOpts?.requestObjectOpts?.kid;
+    const clientAssertionType =
+      asOpts.clientOpts?.clientAssertionType ??
+      (kid && clientId && typeof asOpts.clientOpts?.signCallbacks?.signCallback === 'function'
+        ? 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+        : undefined);
+    if (this.isEBSI() || (clientId && kid)) {
+      if (!clientId) {
+        throw Error(`Client id expected for EBSI`);
+      }
+      asOpts.clientOpts = {
+        ...asOpts.clientOpts,
+        clientId,
+        ...(kid && { kid }),
+        ...(clientAssertionType && { clientAssertionType }),
+        signCallbacks: asOpts.clientOpts?.signCallbacks ?? this._state.authorizationRequestOpts?.requestObjectOpts?.signCallbacks,
+      };
+    }
 
     if (clientId) {
       this._state.clientId = clientId;
@@ -302,7 +323,8 @@ export class OpenID4VCIClientV1_0_13 {
         ...(!this._state.pkce.disabled && { codeVerifier: this._state.pkce.codeVerifier }),
         code,
         redirectUri,
-        asOpts: { clientId: this.clientId },
+        asOpts,
+        ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
       if (response.errorBody) {
@@ -636,8 +658,13 @@ export class OpenID4VCIClientV1_0_13 {
       }
     }
 
-    this.assertIssuerData();
-    return this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu') ?? false;
+    return (
+      this.clientId?.includes('ebsi') ||
+      this._state.kid?.includes('did:ebsi:') ||
+      this.getIssuer().includes('ebsi') ||
+      this.endpointMetadata.credentialIssuerMetadata?.authorization_endpoint?.includes('ebsi.eu') ||
+      this.endpointMetadata.credentialIssuerMetadata?.authorization_server?.includes('ebsi.eu')
+    );
   }
 
   private assertIssuerData(): void {

package/lib/ProofOfPossessionBuilder.ts

@@ -53,7 +53,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     if (jwt) {
       this.withJwt(jwt);
     } else {
-      this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
+      this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt');
     }
     if (accessTokenResponse) {
       this.withAccessTokenResponse(accessTokenResponse);
@@ -64,7 +64,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     jwt,
     callbacks,
     version,
-    mode = 'jwt',
+    mode = 'JWT',
   }: {
     jwt?: Jwt;
     callbacks: ProofOfPossessionCallbacks<DIDDoc>;
@@ -144,11 +144,11 @@ export class ProofOfPossessionBuilder<DIDDoc> {
   withTyp(typ: Typ): this {
     if (this.mode === 'pop' && this.version >= OpenId4VCIVersion.VER_1_0_11) {
       if (!!typ && typ !== 'openid4vci-proof+jwt') {
-        throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
+        throw Error(`typ must be openid4vci-proof+jwt for version 1.0.11 and up. Provided: ${typ}`);
       }
     } else {
-      if (!!typ && typ !== 'jwt') {
-        throw Error('typ must be jwt for version 1.0.10 and below');
+      if (!!typ && typ !== 'JWT') {
+        throw Error(`typ must be jwt for version 1.0.10 and below. Provided: ${typ}`);
       }
     }
     this.typ = typ;
@@ -216,7 +216,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
         this.mode,
         this.callbacks,
         {
-          typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'),
+          typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt'),
           kid: this.kid,
           jwk: this.jwk,
           jti: this.jti,

package/lib/__tests__/CredentialRequestClient.spec.ts

@@ -29,7 +29,7 @@ import { getMockData } from './data/VciDataFixtures';
 const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 
 const jwt1_0_08: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 

package/lib/__tests__/CredentialRequestClientBuilder.spec.ts

@@ -20,7 +20,7 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';
 
 /*const jwtv1_0_08: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };*/
 

package/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts

@@ -31,12 +31,12 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';
 
 const jwt: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
 const jwt_withoutDid: Jwt = {
-  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 

package/lib/__tests__/IT.spec.ts

@@ -1,12 +1,14 @@
 import {
   AccessTokenResponse,
-  Alg, CredentialOfferPayloadV1_0_13,
+  Alg,
+  CredentialOfferPayloadV1_0_13,
   CredentialOfferRequestWithBaseUrl,
   Jwt,
   OpenId4VCIVersion,
-  ProofOfPossession, resolveCredentialOfferURI,
-  WellKnownEndpoints
-} from '@sphereon/oid4vci-common'
+  ProofOfPossession,
+  resolveCredentialOfferURI,
+  WellKnownEndpoints,
+} from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -271,10 +273,6 @@ describe('OID4VCI-Client should', () => {
         .withTokenFromResponse(accessTokenResponse.successBody!)
         .build();
 
-      //TS2322: Type '(args: ProofOfPossessionCallbackArgs) => Promise<string>'
-      // is not assignable to type 'ProofOfPossessionCallback'.
-      // Types of parameters 'args' and 'args' are incompatible.
-      // Property 'kid' is missing in type '{ header: unknown; payload: unknown; }' but required in type 'ProofOfPossessionCallbackArgs'.
       const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
         jwt: jwtDid,
         callbacks: {
@@ -315,8 +313,8 @@ describe('OID4VCI-Client should', () => {
       });
 
       nock(ISSUER_URL)
-      .post(/token.*/)
-      .reply(200, JSON.stringify(mockedAccessTokenResponse));
+        .post(/token.*/)
+        .reply(200, JSON.stringify(mockedAccessTokenResponse));
 
       /* The actual access token calls */
       const accessTokenClient: AccessTokenClient = new AccessTokenClient();
@@ -324,21 +322,17 @@ describe('OID4VCI-Client should', () => {
       expect(accessTokenResponse.successBody).toEqual(mockedAccessTokenResponse);
       // Get the credential
       nock(ISSUER_URL)
-      .post(/credential/)
-      .reply(200, {
-        format: 'jwt-vc',
-        credential: mockedVC,
-      });
+        .post(/credential/)
+        .reply(200, {
+          format: 'jwt-vc',
+          credential: mockedVC,
+        });
       const credReqClient = CredentialRequestClientBuilder.fromCredentialOffer({ credentialOffer: credentialOffer })
-      .withFormat('jwt_vc')
+        .withFormat('jwt_vc')
 
-      .withTokenFromResponse(accessTokenResponse.successBody!)
-      .build();
+        .withTokenFromResponse(accessTokenResponse.successBody!)
+        .build();
 
-      //TS2322: Type '(args: ProofOfPossessionCallbackArgs) => Promise<string>'
-      // is not assignable to type 'ProofOfPossessionCallback'.
-      // Types of parameters 'args' and 'args' are incompatible.
-      // Property 'kid' is missing in type '{ header: unknown; payload: unknown; }' but required in type 'ProofOfPossessionCallbackArgs'.
       const proof: ProofOfPossession = await ProofOfPossessionBuilder.fromJwt({
         jwt: jwtDid,
         callbacks: {
@@ -346,13 +340,13 @@ describe('OID4VCI-Client should', () => {
         },
         version: OpenId4VCIVersion.VER_1_0_11,
       })
-      .withEndpointMetadata({
-        issuer: 'https://issuer.research.identiproof.io',
-        credential_endpoint: 'https://issuer.research.identiproof.io/credential',
-        token_endpoint: 'https://issuer.research.identiproof.io/token',
-      })
-      .withKid('did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1')
-      .build();
+        .withEndpointMetadata({
+          issuer: 'https://issuer.research.identiproof.io',
+          credential_endpoint: 'https://issuer.research.identiproof.io/credential',
+          token_endpoint: 'https://issuer.research.identiproof.io/token',
+        })
+        .withKid('did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1')
+        .build();
       const credResponse = await credReqClient.acquireCredentialsUsingProof({
         proofInput: proof,
         credentialTypes: credentialOffer.original_credential_offer.credential_configuration_ids[0],

package/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -8,12 +8,12 @@ import { ProofOfPossessionBuilder } from '..';
 import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';
 
 const jwt: Jwt = {
-  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
 const jwt_withoutDid: Jwt = {
-  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+  header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
   payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
@@ -62,10 +62,10 @@ describe('ProofOfPossession Builder ', () => {
   it('should fail without supplied proof or callbacks and with kid without did', async function () {
     await expect(
       ProofOfPossessionBuilder.fromProof(undefined as never, OpenId4VCIVersion.VER_1_0_13)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(PROOF_CANT_BE_CONSTRUCTED));
   });
 
@@ -87,11 +87,11 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withJwt(undefined as never)
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withJwt(undefined as never)
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).toThrow(Error(NO_JWT_PROVIDED));
   });
 
@@ -118,10 +118,10 @@ describe('ProofOfPossession Builder ', () => {
       },
       version: OpenId4VCIVersion.VER_1_0_08,
     })
-    .withIssuer(IDENTIPROOF_ISSUER_URL)
-    .withKid(kid_withoutDid)
-    .withClientId('sphereon:wallet')
-    .build();
+      .withIssuer(IDENTIPROOF_ISSUER_URL)
+      .withKid(kid_withoutDid)
+      .withClientId('sphereon:wallet')
+      .build();
     expect(proof).toBeDefined();
   });
 
@@ -152,10 +152,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 
@@ -186,10 +186,10 @@ describe('ProofOfPossession Builder ', () => {
         callbacks: { signCallback: proofOfPossessionCallbackFunction },
         version: OpenId4VCIVersion.VER_1_0_08,
       })
-      .withIssuer(IDENTIPROOF_ISSUER_URL)
-      .withClientId('sphereon:wallet')
-      .withKid(kid_withoutDid)
-      .build(),
+        .withIssuer(IDENTIPROOF_ISSUER_URL)
+        .withClientId('sphereon:wallet')
+        .withKid(kid_withoutDid)
+        .build(),
     ).rejects.toThrow(Error(JWS_NOT_VALID));
   });
 });