@sphereon/oid4vci-client 0.15.2-unstable.8 → 0.16.1-next.13

package/lib/OpenID4VCIClient.ts

@@ -1,4 +1,6 @@
+import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common';
 import {
+  AccessTokenRequestOpts,
   AccessTokenResponse,
   Alg,
   AuthorizationRequestOpts,
@@ -15,6 +17,7 @@ import {
   CredentialsSupportedLegacy,
   DefaultURISchemes,
   determineVersionsFromIssuerMetadata,
+  DPoPResponseParams,
   EndpointMetadataResultV1_0_11,
   EndpointMetadataResultV1_0_13,
   ExperimentalSubjectIssuance,
@@ -22,8 +25,7 @@ import {
   getIssuerFromCredentialOfferPayload,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
-  getTypesFromObject, IssuerSessionResponse,
-  JWK,
+  getTypesFromObject,
   KID_JWK_X5C_ERROR,
   NotificationRequest,
   NotificationResult,
@@ -31,7 +33,7 @@ import {
   OpenId4VCIVersion,
   PKCEOpts,
   ProofOfPossessionCallbacks,
-  toAuthorizationResponsePayload
+  toAuthorizationResponsePayload,
 } from '@sphereon/oid4vci-common';
 import { CredentialFormat } from '@sphereon/ssi-types';
 import Debug from 'debug';
@@ -49,7 +51,6 @@ import { OpenID4VCIClientStateV1_0_11 } from './OpenID4VCIClientV1_0_11';
 import { OpenID4VCIClientStateV1_0_13 } from './OpenID4VCIClientV1_0_13';
 import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
 import { generateMissingPKCEOpts, sendNotification } from './functions';
-import { acquireIssuerSessionId } from './IssuerSessionClient';
 
 const debug = Debug('sphereon:oid4vci');
 
@@ -269,16 +270,13 @@ export class OpenID4VCIClient {
     this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce });
   }
 
-  public async acquireAccessToken(opts?: {
-    pin?: string;
-    clientId?: string;
-    codeVerifier?: string;
-    authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
-    code?: string; // Directly pass in a code from an auth response
-    redirectUri?: string;
-    additionalRequestParams?: Record<string, any>;
-    asOpts?: AuthorizationServerOpts;
-  }): Promise<AccessTokenResponse> {
+  public async acquireAccessToken(
+    opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
+      clientId?: string;
+      authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
+      additionalRequestParams?: Record<string, any>;
+    },
+  ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
@@ -337,6 +335,7 @@ export class OpenID4VCIClient {
         code,
         redirectUri,
         asOpts,
+        ...(opts?.createDPoPOpts && { createDPoPOpts: opts.createDPoPOpts }),
         ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
@@ -356,20 +355,11 @@ export class OpenID4VCIClient {
         );
       }
       this._state.accessTokenResponse = response.successBody;
+      this._state.dpopResponseParams = response.params;
       this._state.accessToken = response.successBody.access_token;
     }
 
-    return this.accessTokenResponse;
-  }
-
-  public async acquireIssuerSessionId() : Promise<IssuerSessionResponse | undefined> {
-    if(!this._state.endpointMetadata) {
-      return Promise.reject('endpointMetadata no loaded, retrieveServerMetadata()')
-    }
-    if(!('session_endpoint' in this._state.endpointMetadata) || !this._state.endpointMetadata.session_endpoint) {
-      return undefined
-    }
-    return acquireIssuerSessionId({sessionEndpoint: this._state.endpointMetadata.session_endpoint})
+    return { ...this.accessTokenResponse, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
   }
 
   public async acquireCredentials({
@@ -383,6 +373,7 @@ export class OpenID4VCIClient {
     jti,
     deferredCredentialAwait,
     deferredCredentialIntervalInMS,
+    createDPoPOpts,
   }: {
     credentialTypes: string | string[];
     context?: string[];
@@ -395,7 +386,8 @@ export class OpenID4VCIClient {
     deferredCredentialAwait?: boolean;
     deferredCredentialIntervalInMS?: number;
     experimentalHolderIssuanceSupported?: boolean;
-  }): Promise<CredentialResponse & { access_token: string }> {
+    createDPoPOpts?: CreateDPoPClientOpts;
+  }): Promise<CredentialResponse & { params?: DPoPResponseParams; access_token: string }> {
     if ([jwk, kid].filter((v) => v !== undefined).length > 1) {
       throw new Error(KID_JWK_X5C_ERROR + `. jwk: ${jwk !== undefined}, kid: ${kid !== undefined}`);
     }
@@ -498,7 +490,9 @@ export class OpenID4VCIClient {
       context,
       format,
       subjectIssuance,
+      createDPoPOpts,
     });
+    this._state.dpopResponseParams = response.params;
     if (response.errorBody) {
       debug(`Credential request error:\r\n${JSON.stringify(response.errorBody)}`);
       throw Error(
@@ -514,7 +508,7 @@ export class OpenID4VCIClient {
         } for issuer ${this.getIssuer()} failed as there was no success response body`,
       );
     }
-    return { ...response.successBody, access_token: response.access_token };
+    return { ...response.successBody, ...(this.dpopResponseParams && { params: this.dpopResponseParams }), access_token: response.access_token };
   }
 
   public async exportState(): Promise<string> {
@@ -560,7 +554,7 @@ export class OpenID4VCIClient {
   issuerSupportedFlowTypes(): AuthzFlowType[] {
     return (
       this.credentialOffer?.supportedFlows ??
-      (this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server
+      ((this._state.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint ?? this._state.endpointMetadata?.authorization_server)
         ? [AuthzFlowType.AUTHORIZATION_CODE_FLOW]
         : [])
     );
@@ -636,6 +630,10 @@ export class OpenID4VCIClient {
     return this._state.accessTokenResponse!;
   }
 
+  get dpopResponseParams(): DPoPResponseParams | undefined {
+    return this._state.dpopResponseParams;
+  }
+
   public getIssuer(): string {
     this.assertIssuerData();
     return this._state.credentialIssuer;

package/lib/OpenID4VCIClientV1_0_11.ts

@@ -1,4 +1,6 @@
+import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common';
 import {
+  AccessTokenRequestOpts,
   AccessTokenResponse,
   Alg,
   AuthorizationRequestOpts,
@@ -13,13 +15,13 @@ import {
   CredentialResponse,
   CredentialsSupportedLegacy,
   DefaultURISchemes,
+  DPoPResponseParams,
   EndpointMetadataResultV1_0_11,
   getClientIdFromCredentialOfferPayload,
   getIssuerFromCredentialOfferPayload,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
   getTypesFromObject,
-  JWK,
   KID_JWK_X5C_ERROR,
   OID4VCICredentialFormat,
   OpenId4VCIVersion,
@@ -36,7 +38,7 @@ import { CredentialOfferClientV1_0_11 } from './CredentialOfferClientV1_0_11';
 import { CredentialRequestClientBuilderV1_0_11 } from './CredentialRequestClientBuilderV1_0_11';
 import { MetadataClientV1_0_11 } from './MetadataClientV1_0_11';
 import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
-import { generateMissingPKCEOpts } from './functions/AuthorizationUtil';
+import { generateMissingPKCEOpts } from './functions';
 
 const debug = Debug('sphereon:oid4vci');
 
@@ -49,6 +51,7 @@ export interface OpenID4VCIClientStateV1_0_11 {
   alg?: Alg | string;
   endpointMetadata?: EndpointMetadataResultV1_0_11;
   accessTokenResponse?: AccessTokenResponse;
+  dpopResponseParams?: DPoPResponseParams;
   authorizationRequestOpts?: AuthorizationRequestOpts;
   authorizationCodeResponse?: AuthorizationResponse;
   pkce: PKCEOpts;
@@ -253,16 +256,13 @@ export class OpenID4VCIClientV1_0_11 {
     this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce });
   }
 
-  public async acquireAccessToken(opts?: {
-    pin?: string;
-    clientId?: string;
-    codeVerifier?: string;
-    authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
-    code?: string; // Directly pass in a code from an auth response
-    redirectUri?: string;
-    additionalRequestParams?: Record<string, any>;
-    asOpts?: AuthorizationServerOpts;
-  }): Promise<AccessTokenResponse> {
+  public async acquireAccessToken(
+    opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
+      clientId?: string;
+      authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
+      additionalRequestParams?: Record<string, any>;
+    },
+  ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
@@ -320,6 +320,7 @@ export class OpenID4VCIClientV1_0_11 {
         code,
         redirectUri,
         asOpts,
+        ...(opts?.createDPoPOpts && { createDPoPOpts: opts.createDPoPOpts }),
         ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
@@ -339,9 +340,11 @@ export class OpenID4VCIClientV1_0_11 {
         );
       }
       this._state.accessTokenResponse = response.successBody;
+      this._state.dpopResponseParams = response.params;
+      this._state.accessToken = response.successBody.access_token;
     }
 
-    return this.accessTokenResponse;
+    return { ...this.accessTokenResponse, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
   }
 
   public async acquireCredentials({
@@ -355,6 +358,7 @@ export class OpenID4VCIClientV1_0_11 {
     jti,
     deferredCredentialAwait,
     deferredCredentialIntervalInMS,
+    createDPoPOpts,
   }: {
     credentialTypes: string | string[];
     context?: string[];
@@ -366,6 +370,7 @@ export class OpenID4VCIClientV1_0_11 {
     jti?: string;
     deferredCredentialAwait?: boolean;
     deferredCredentialIntervalInMS?: number;
+    createDPoPOpts?: CreateDPoPClientOpts;
   }): Promise<CredentialResponse> {
     if ([jwk, kid].filter((v) => v !== undefined).length > 1) {
       throw new Error(KID_JWK_X5C_ERROR + `. jwk: ${jwk !== undefined}, kid: ${kid !== undefined}`);
@@ -445,7 +450,9 @@ export class OpenID4VCIClientV1_0_11 {
       credentialTypes,
       context,
       format,
+      createDPoPOpts,
     });
+    this._state.dpopResponseParams = response.params;
     if (response.errorBody) {
       debug(`Credential request error:\r\n${JSON.stringify(response.errorBody)}`);
       throw Error(
@@ -461,7 +468,7 @@ export class OpenID4VCIClientV1_0_11 {
         } for issuer ${this.getIssuer()} failed as there was no success response body`,
       );
     }
-    return response.successBody;
+    return { ...response.successBody, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
   }
 
   public async exportState(): Promise<string> {
@@ -576,6 +583,10 @@ export class OpenID4VCIClientV1_0_11 {
     return this._state.accessTokenResponse!;
   }
 
+  get dpopResponseParams(): DPoPResponseParams | undefined {
+    return this._state.dpopResponseParams;
+  }
+
   public getIssuer(): string {
     this.assertIssuerData();
     return this._state.credentialIssuer;

package/lib/OpenID4VCIClientV1_0_13.ts

@@ -1,4 +1,6 @@
+import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common';
 import {
+  AccessTokenRequestOpts,
   AccessTokenResponse,
   Alg,
   AuthorizationRequestOpts,
@@ -11,13 +13,13 @@ import {
   CredentialOfferRequestWithBaseUrl,
   CredentialResponse,
   DefaultURISchemes,
+  DPoPResponseParams,
   EndpointMetadataResultV1_0_13,
   ExperimentalSubjectIssuance,
   getClientIdFromCredentialOfferPayload,
   getIssuerFromCredentialOfferPayload,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
-  JWK,
   KID_JWK_X5C_ERROR,
   NotificationRequest,
   NotificationResult,
@@ -50,6 +52,7 @@ export interface OpenID4VCIClientStateV1_0_13 {
   alg?: Alg | string;
   endpointMetadata?: EndpointMetadataResultV1_0_13;
   accessTokenResponse?: AccessTokenResponse;
+  dpopResponseParams?: DPoPResponseParams;
   authorizationRequestOpts?: AuthorizationRequestOpts;
   authorizationCodeResponse?: AuthorizationResponse;
   pkce: PKCEOpts;
@@ -258,16 +261,13 @@ export class OpenID4VCIClientV1_0_13 {
     this._state.pkce = generateMissingPKCEOpts({ ...this._state.pkce, ...pkce });
   }
 
-  public async acquireAccessToken(opts?: {
-    pin?: string;
-    clientId?: string;
-    codeVerifier?: string;
-    authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
-    code?: string; // Directly pass in a code from an auth response
-    redirectUri?: string;
-    additionalRequestParams?: Record<string, any>;
-    asOpts?: AuthorizationServerOpts;
-  }): Promise<AccessTokenResponse> {
+  public async acquireAccessToken(
+    opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
+      clientId?: string;
+      authorizationResponse?: string | AuthorizationResponse; // Pass in an auth response, either as URI/redirect, or object
+      additionalRequestParams?: Record<string, any>;
+    },
+  ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
     if (opts?.authorizationResponse) {
@@ -324,6 +324,7 @@ export class OpenID4VCIClientV1_0_13 {
         code,
         redirectUri,
         asOpts,
+        ...(opts?.createDPoPOpts && { createDPoPOpts: opts.createDPoPOpts }),
         ...(opts?.additionalRequestParams && { additionalParams: opts.additionalRequestParams }),
       });
 
@@ -343,10 +344,11 @@ export class OpenID4VCIClientV1_0_13 {
         );
       }
       this._state.accessTokenResponse = response.successBody;
+      this._state.dpopResponseParams = response.params;
       this._state.accessToken = response.successBody.access_token;
     }
 
-    return this.accessTokenResponse;
+    return { ...this.accessTokenResponse, ...(this.dpopResponseParams && { params: this.dpopResponseParams }) };
   }
 
   public async acquireCredentials({
@@ -361,6 +363,7 @@ export class OpenID4VCIClientV1_0_13 {
     jti,
     deferredCredentialAwait,
     deferredCredentialIntervalInMS,
+    createDPoPOpts,
   }: {
     credentialIdentifier?: string;
     credentialTypes?: string | string[];
@@ -374,6 +377,7 @@ export class OpenID4VCIClientV1_0_13 {
     deferredCredentialAwait?: boolean;
     deferredCredentialIntervalInMS?: number;
     experimentalHolderIssuanceSupported?: boolean;
+    createDPoPOpts?: CreateDPoPClientOpts;
   }): Promise<CredentialResponse & { access_token: string }> {
     if ([jwk, kid].filter((v) => v !== undefined).length > 1) {
       throw new Error(KID_JWK_X5C_ERROR + `. jwk: ${jwk !== undefined}, kid: ${kid !== undefined}`);
@@ -471,7 +475,9 @@ export class OpenID4VCIClientV1_0_13 {
     const response = await credentialRequestClient.acquireCredentialsUsingProof({
       proofInput: proofBuilder,
       ...(credentialIdentifier ? { credentialIdentifier, subjectIssuance } : { format, context, credentialTypes, subjectIssuance }),
+      createDPoPOpts,
     });
+    this._state.dpopResponseParams = response.params;
     if (response.errorBody) {
       debug(`Credential request error:\r\n${JSON.stringify(response.errorBody)}`);
       throw Error(
@@ -487,7 +493,7 @@ export class OpenID4VCIClientV1_0_13 {
         } for issuer ${this.getIssuer()} failed as there was no success response body`,
       );
     }
-    return { ...response.successBody, access_token: response.access_token };
+    return { ...response.successBody, ...(this.dpopResponseParams && { params: this.dpopResponseParams }), access_token: response.access_token };
   }
 
   public async exportState(): Promise<string> {
@@ -604,6 +610,10 @@ export class OpenID4VCIClientV1_0_13 {
     return this._state.accessTokenResponse!;
   }
 
+  get dpopResponseParams(): DPoPResponseParams | undefined {
+    return this._state.dpopResponseParams;
+  }
+
   public getIssuer(): string {
     this.assertIssuerData();
     return this._state.credentialIssuer;

package/lib/ProofOfPossessionBuilder.ts

@@ -1,9 +1,9 @@
+import { JWK } from '@sphereon/oid4vc-common';
 import {
   AccessTokenResponse,
   Alg,
   createProofOfPossession,
   EndpointMetadata,
-  JWK,
   Jwt,
   NO_JWT_PROVIDED,
   OpenId4VCIVersion,

package/lib/__tests__/AccessTokenClient.spec.ts

@@ -1,11 +1,4 @@
-import {
-  AccessTokenRequest,
-  AccessTokenResponse,
-  GrantTypes,
-  OpenIDResponse,
-  PRE_AUTH_CODE_LITERAL,
-  WellKnownEndpoints,
-} from '@sphereon/oid4vci-common';
+import { AccessTokenRequest, AccessTokenResponse, GrantTypes, PRE_AUTH_CODE_LITERAL, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -50,7 +43,7 @@ describe('AccessTokenClient should', () => {
       };
       nock(MOCK_URL).post(/.*/).reply(200, JSON.stringify(body));
 
-      const accessTokenResponse: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessTokenUsingRequest({
+      const accessTokenResponse = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
         pinMetadata: {
           isPinRequired: true,
@@ -88,7 +81,7 @@ describe('AccessTokenClient should', () => {
       };
       nock(MOCK_URL).post(/.*/).reply(200, JSON.stringify(body));
 
-      const accessTokenResponse: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessTokenUsingRequest({
+      const accessTokenResponse = await accessTokenClient.acquireAccessTokenUsingRequest({
         accessTokenRequest,
         asOpts: { as: MOCK_URL },
       });
@@ -227,7 +220,7 @@ describe('AccessTokenClient should', () => {
       .post(/.*/)
       .reply(200, {});
 
-    const response: OpenIDResponse<AccessTokenResponse> = await accessTokenClient.acquireAccessToken({
+    const response = await accessTokenClient.acquireAccessToken({
       credentialOffer: INITIATION_TEST,
       pin: '1234',
     });

package/lib/__tests__/SphereonE2E.spec.test.ts

@@ -1,12 +1,12 @@
 import * as crypto from 'crypto';
 
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common';
 import { CredentialMapper } from '@sphereon/ssi-types';
 import * as didts from '@transmute/did-key.js';
 import { fetch } from 'cross-fetch';
 import debug from 'debug';
 import { importJWK, JWK, SignJWT } from 'jose';
-import { v4 } from 'uuid';
 
 import { OpenID4VCIClientV1_0_11 } from '..';
 
@@ -94,7 +94,7 @@ async function getCredentialOffer(format: 'ldp_vc' | 'jwt_vc_json'): Promise<Cre
       credentials: ['GuestCredential'],
       grants: {
         'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
-          'pre-authorized_code': v4().substring(0, 10),
+          'pre-authorized_code': uuidv4().substring(0, 10),
           user_pin_required: false,
         },
       },
@@ -165,7 +165,7 @@ describe('ismapolis bug report #63, https://github.com/Sphereon-Opensource/OID4V
       format: 'jwt_vc_json',
       alg: Alg.ES256K,
       kid: didDocument.verificationMethod[0].id,
-      jti: v4(),
+      jti: uuidv4(),
     });
     console.log(JSON.stringify(credentialResponse.credential));
   });

package/lib/functions/AccessTokenUtil.ts

@@ -1,5 +1,5 @@
+import { uuidv4 } from '@sphereon/oid4vc-common';
 import { AccessTokenRequest, AccessTokenRequestOpts, Jwt, OpenId4VCIVersion } from '@sphereon/oid4vci-common';
-import { v4 } from 'uuid';
 
 import { ProofOfPossessionBuilder } from '../ProofOfPossessionBuilder';
 
@@ -35,7 +35,7 @@ export const createJwtBearerClientAssertion = async (
         iss: clientId,
         sub: clientId,
         aud: credentialIssuer,
-        jti: v4(),
+        jti: uuidv4(),
         exp: Date.now() / 1000 + 60,
         iat: Date.now() / 1000 - 60,
       },

package/lib/functions/dpopUtil.ts

@@ -0,0 +1,35 @@
+import { dpopTokenRequestNonceError } from '@sphereon/oid4vc-common';
+import { OpenIDResponse } from 'oid4vci-common';
+
+export type RetryRequestWithDPoPNonce = { ok: true; dpopNonce: string } | { ok: false };
+
+export function shouldRetryTokenRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.errorBody.error !== dpopTokenRequestNonceError) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}
+
+export function shouldRetryResourceRequestWithDPoPNonce(response: OpenIDResponse<unknown, unknown>): RetryRequestWithDPoPNonce {
+  if (!response.errorBody || response.origResponse.status !== 401) {
+    return { ok: false };
+  }
+
+  const wwwAuthenticateHeader = response.origResponse.headers.get('WWW-Authenticate');
+  if (!wwwAuthenticateHeader?.includes(dpopTokenRequestNonceError)) {
+    return { ok: false };
+  }
+
+  const dPoPNonce = response.origResponse.headers.get('DPoP-Nonce');
+  if (!dPoPNonce) {
+    throw new Error('Missing required DPoP-Nonce header.');
+  }
+
+  return { ok: true, dpopNonce: dPoPNonce };
+}

package/lib/functions/notifications.ts

@@ -19,12 +19,10 @@ export async function sendNotification(
   const error = response.errorBody?.error !== undefined;
   const result = {
     error,
-    response: error ? await response.errorBody?.json() : undefined,
+    response: error ? response.errorBody : undefined,
   };
   if (error) {
-    LOG.warning(
-      `Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${await response.errorBody?.json()}`,
-    );
+    LOG.warning(`Notification endpoint returned an error for event '${request.event}' and id ${request.notification_id}: ${response.errorBody}`);
   } else {
     LOG.debug(`Notification endpoint returned success for event '${request.event}' and id ${request.notification_id}`);
   }

package/lib/index.ts

@@ -22,5 +22,4 @@ export * from './MetadataClientV1_0_11';
 export * from './OpenID4VCIClient';
 export * from './OpenID4VCIClientV1_0_13';
 export * from './OpenID4VCIClientV1_0_11';
-export * from './IssuerSessionClient';
 export * from './ProofOfPossessionBuilder';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-client",
-  "version": "0.15.2-unstable.8+bdd7117",
+  "version": "0.16.1-next.13+282e7a1",
   "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -15,8 +15,9 @@
     "build": "tsc"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.15.2-unstable.8+bdd7117",
-    "@sphereon/ssi-types": "0.28.0",
+    "@sphereon/oid4vc-common": "0.16.1-next.13+282e7a1",
+    "@sphereon/oid4vci-common": "0.16.1-next.13+282e7a1",
+    "@sphereon/ssi-types": "0.29.0",
     "cross-fetch": "^3.1.8",
     "debug": "^4.3.5"
   },
@@ -69,5 +70,5 @@
     "OIDC4VCI",
     "OID4VCI"
   ],
-  "gitHead": "bdd711734c65ba2a33b14ee5eacd0a9d619d800e"
+  "gitHead": "282e7a1c6b9becaf12b81302a5c84d34f525ae7a"
 }

package/dist/IssuerSessionClient.d.ts

@@ -1,3 +0,0 @@
-import { IssuerSessionIdRequestOpts, IssuerSessionResponse } from '@sphereon/oid4vci-common';
-export declare const acquireIssuerSessionId: (opts: IssuerSessionIdRequestOpts) => Promise<IssuerSessionResponse>;
-//# sourceMappingURL=IssuerSessionClient.d.ts.map

package/dist/IssuerSessionClient.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IssuerSessionClient.d.ts","sourceRoot":"","sources":["../lib/IssuerSessionClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,qBAAqB,EAAwB,MAAM,0BAA0B,CAAC;AAInH,eAAO,MAAM,sBAAsB,SAAgB,0BAA0B,KAAG,OAAO,CAAC,qBAAqB,CAY5G,CAAA"}

package/dist/IssuerSessionClient.js

@@ -1,28 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.acquireIssuerSessionId = void 0;
-const oid4vci_common_1 = require("@sphereon/oid4vci-common");
-const index_1 = require("./index");
-const acquireIssuerSessionId = (opts) => __awaiter(void 0, void 0, void 0, function* () {
-    index_1.LOG.debug(`acquiring issuer session endpoint from endpoint ${opts.sessionEndpoint}`);
-    const sessionResponse = yield (0, oid4vci_common_1.post)(opts.sessionEndpoint);
-    if (sessionResponse.errorBody !== undefined) {
-        return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}:
-     ${sessionResponse.errorBody.error} - ${sessionResponse.errorBody.error_description}`);
-    }
-    if (sessionResponse.successBody === undefined || !Object.keys(sessionResponse.successBody).includes('session_id')) {
-        return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}, missing session_token response`);
-    }
-    return sessionResponse.successBody;
-});
-exports.acquireIssuerSessionId = acquireIssuerSessionId;
-//# sourceMappingURL=IssuerSessionClient.js.map

package/dist/IssuerSessionClient.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"IssuerSessionClient.js","sourceRoot":"","sources":["../lib/IssuerSessionClient.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAmH;AAEnH,mCAA8B;AAEvB,MAAM,sBAAsB,GAAG,CAAO,IAAgC,EAAkC,EAAE;IAC/G,WAAG,CAAC,KAAK,CAAC,mDAAmD,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;IACpF,MAAM,eAAe,GAAG,MAAM,IAAA,qBAAI,EAAC,IAAI,CAAC,eAAe,CAA0C,CAAA;IACjG,IAAI,eAAe,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC,MAAM,CAAC,2EAA2E,IAAI,CAAC,eAAe;OAClH,eAAe,CAAC,SAAS,CAAC,KAAK,MAAM,eAAe,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxF,CAAC;IACD,IAAI,eAAe,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClH,OAAO,OAAO,CAAC,MAAM,CAAC,2EAA2E,IAAI,CAAC,eAAe,kCAAkC,CAAC,CAAA;IAE1J,CAAC;IACD,OAAO,eAAe,CAAC,WAAW,CAAA;AACpC,CAAC,CAAA,CAAA;AAZY,QAAA,sBAAsB,0BAYlC"}

package/lib/IssuerSessionClient.ts

@@ -1,17 +0,0 @@
-import { IssuerSessionIdRequestOpts, IssuerSessionResponse, OpenIDResponse, post } from '@sphereon/oid4vci-common';
-
-import { LOG } from './index';
-
-export const acquireIssuerSessionId = async (opts: IssuerSessionIdRequestOpts): Promise<IssuerSessionResponse> => {
-  LOG.debug(`acquiring issuer session endpoint from endpoint ${opts.sessionEndpoint}`)
-  const sessionResponse = await post(opts.sessionEndpoint) as OpenIDResponse<IssuerSessionResponse>
-  if (sessionResponse.errorBody !== undefined) {
-    return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}:
-     ${sessionResponse.errorBody.error} - ${sessionResponse.errorBody.error_description}`)
-  }
-  if (sessionResponse.successBody === undefined || !Object.keys(sessionResponse.successBody).includes('session_id')) {
-    return Promise.reject(`an error occurred while requesting a issuer session token from endpoint ${opts.sessionEndpoint}, missing session_token response`)
-
-  }
-  return sessionResponse.successBody
-}