@sphereon/oid4vci-client 0.2.0 → 0.4.1-next.285

package/lib/functions/ProofUtil.ts

@@ -0,0 +1,120 @@
+import { BAD_PARAMS, JWS_NOT_VALID, Jwt, JWTHeader, JWTPayload, ProofOfPossession, ProofOfPossessionCallbacks, Typ } from '@sphereon/oid4vci-common';
+import Debug from 'debug';
+
+const debug = Debug('sphereon:openid4vci:token');
+
+/**
+ *
+ *  - proofOfPossessionCallback: JWTSignerCallback
+ *    Mandatory if you want to create (sign) ProofOfPossession
+ *  - proofOfPossessionVerifierCallback?: JWTVerifyCallback
+ *    If exists, verifies the ProofOfPossession
+ *  - proofOfPossessionCallbackArgs: ProofOfPossessionCallbackArgs
+ *    arguments needed for signing ProofOfPossession
+ * @param callbacks:
+ *    - proofOfPossessionCallback: JWTSignerCallback
+ *      Mandatory to create (sign) ProofOfPossession
+ *    - proofOfPossessionVerifierCallback?: JWTVerifyCallback
+ *      If exists, verifies the ProofOfPossession
+ * @param jwtProps
+ * @param existingJwt
+ *  - Optional, clientId of the party requesting the credential
+ */
+export const createProofOfPossession = async (
+  callbacks: ProofOfPossessionCallbacks,
+  jwtProps?: JwtProps,
+  existingJwt?: Jwt
+): Promise<ProofOfPossession> => {
+  if (!callbacks.signCallback) {
+    debug(`no jwt signer callback or arguments supplied!`);
+    throw new Error(BAD_PARAMS);
+  }
+
+  const signerArgs = createJWT(jwtProps, existingJwt);
+  const jwt = await callbacks.signCallback(signerArgs, signerArgs.header.kid);
+  const proof = {
+    proof_type: 'jwt',
+    jwt,
+  } as ProofOfPossession;
+
+  try {
+    partiallyValidateJWS(jwt);
+    if (callbacks.verifyCallback) {
+      debug(`Calling supplied verify callback....`);
+      await callbacks.verifyCallback({ jwt, kid: signerArgs.header.kid });
+      debug(`Supplied verify callback return success result`);
+    }
+  } catch {
+    debug(`JWS was not valid`);
+    throw new Error(JWS_NOT_VALID);
+  }
+  debug(`Proof of Possession JWT:\r\n${jwt}`);
+  return proof;
+};
+
+const partiallyValidateJWS = (jws: string): void => {
+  if (jws.split('.').length !== 3 || !jws.startsWith('ey')) {
+    throw new Error(JWS_NOT_VALID);
+  }
+};
+
+export interface JwtProps {
+  typ?: Typ;
+  kid?: string;
+  issuer?: string;
+  clientId?: string;
+  alg?: string;
+  jti?: string;
+  nonce?: string;
+}
+
+const createJWT = (jwtProps?: JwtProps, existingJwt?: Jwt): Jwt => {
+  const aud = getJwtProperty('aud', true, jwtProps?.issuer, existingJwt?.payload?.aud);
+  const iss = getJwtProperty('iss', false, jwtProps?.clientId, existingJwt?.payload?.iss);
+  const jti = getJwtProperty('jti', false, jwtProps?.jti, existingJwt?.payload?.jti);
+  const typ = getJwtProperty('typ', true, jwtProps?.typ, existingJwt?.header?.typ, 'jwt');
+  const nonce = getJwtProperty('nonce', false, jwtProps?.nonce, existingJwt?.payload?.nonce); // Officially this is required, but some implementations don't have it
+  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+  const alg = getJwtProperty('alg', false, jwtProps?.alg, existingJwt?.header?.alg, 'ES256')!;
+  const kid = getJwtProperty('kid', true, jwtProps?.kid, existingJwt?.header?.kid);
+  const jwt: Partial<Jwt> = existingJwt ? existingJwt : {};
+  const now = +new Date();
+  const jwtPayload: Partial<JWTPayload> = {
+    aud,
+    iat: jwt.payload?.iat ? jwt.payload.iat : now / 1000 - 60, // Let's ensure we subtract 60 seconds for potential time offsets
+    exp: jwt.payload?.exp ? jwt.payload.exp : now / 1000 + 10 * 60,
+    nonce,
+    ...(iss ? { iss } : {}),
+    ...(jti ? { jti } : {}),
+  };
+
+  const jwtHeader: JWTHeader = {
+    typ,
+    alg,
+    kid,
+  };
+  return {
+    payload: { ...jwt.payload, ...jwtPayload },
+    header: { ...jwt.header, ...jwtHeader },
+  };
+};
+
+const getJwtProperty = (
+  propertyName: string,
+  required: boolean,
+  option?: string,
+  jwtProperty?: string,
+  defaultValue?: string
+): string | undefined => {
+  if (option && jwtProperty && option !== jwtProperty) {
+    throw Error(`Cannot have a property '${propertyName}' with value '${option}' and different JWT value '${jwtProperty}' at the same time`);
+  }
+  let result = jwtProperty ? jwtProperty : option;
+  if (!result) {
+    if (required) {
+      throw Error(`No ${propertyName} property provided either in a JWT or as option`);
+    }
+    result = defaultValue;
+  }
+  return result;
+};

package/lib/functions/index.ts

@@ -0,0 +1,3 @@
+export * from '@sphereon/oid4vci-common/dist/functions/Encoding';
+export * from '@sphereon/oid4vci-common/dist/functions/HttpUtils';
+export * from './ProofUtil';

package/{dist/main/lib/index.d.ts → lib/index.ts}

@@ -1,7 +1,8 @@
-export * from './functions';
-export * from './types';
-export * from './MetadataClient';
-export * from './IssuanceInitiation';
-export * from './AccessTokenClient';
-export * from './CredentialRequestClient';
-export * from './CredentialRequestClientBuilder';
+export * from './AccessTokenClient';
+export * from './CredentialOfferClient';
+export * from './CredentialRequestClient';
+export * from './CredentialRequestClientBuilder';
+export * from './functions';
+export * from './MetadataClient';
+export * from './OpenID4VCIClient';
+export * from './ProofOfPossessionBuilder';

package/package.json

@@ -1,71 +1,68 @@
-{
-  "name": "@sphereon/oid4vci-client",
-  "version": "0.2.0",
-  "description": "OpenID for Verifiable Credential Issuance (OID4VCI) client",
-  "main": "dist/main/index.js",
-  "types": "dist/main/index.d.ts",
-  "author": "Sphereon",
-  "license": "Apache-2.0",
-  "private": false,
-  "scripts": {
-    "build": "run-p build:*",
-    "build:main": "tsc -p tsconfig.build.json",
-    "clean": "rimraf dist coverage",
-    "watch": "tsc -w",
-    "fix": "run-s fix:*",
-    "fix:prettier": "prettier \"{lib,tests}/**/*.ts\" --write",
-    "fix:lint": "eslint . --ext .ts --fix",
-    "test": "run-s build test:*",
-    "test:lint": "eslint . --ext .ts",
-    "test:prettier": "prettier \"{lib,tests}/**/*.ts\" --list-different",
-    "test:cov": "jest --ci --coverage && codecov",
-    "uninstall": "rimraf dist coverage yarn.lock package-lock.json node_modules"
-  },
-  "engines": {
-    "node": ">=14"
-  },
-  "dependencies": {
-    "@sphereon/ssi-types": "0.8.1-unstable.74",
-    "debug": "^4.3.4",
-    "bs58": "^5.0.0",
-    "cross-fetch": "^3.1.5",
-    "uint8arrays": "^3.1.1"
-  },
-  "devDependencies": {
-    "@types/jest": "^28.1.8",
-    "@typescript-eslint/eslint-plugin": "^5.36.1",
-    "@typescript-eslint/parser": "^5.36.1",
-    "codecov": "^3.8.3",
-    "dotenv": "^16.0.2",
-    "eslint": "^8.23.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-eslint-comments": "^3.2.0",
-    "eslint-plugin-import": "^2.26.0",
-    "jest": "^29.1.2",
-    "jest-junit": "^14.0.1",
-    "jose": "^4.10.0",
-    "nock": "^13.2.9",
-    "npm-run-all": "^4.1.5",
-    "open-cli": "^7.0.1",
-    "rimraf": "^3.0.2",
-    "prettier": "^2.7.1",
-    "ts-jest": "^29.0.3",
-    "ts-node": "^10.9.1",
-    "typescript": "4.6.4"
-  },
-  "files": [
-    "dist/main"
-  ],
-  "prettier": {
-    "singleQuote": true,
-    "printWidth": 150
-  },
-  "keywords": [
-    "Sphereon",
-    "Verifiable Credentials",
-    "OpenID",
-    "OpenID for Verifiable Credential Issuance",
-    "OIDC4VCI",
-    "OID4VCI"
-  ]
-}
+{
+  "name": "@sphereon/oid4vci-client",
+  "version": "0.4.1-next.285+47fec82",
+  "description": "OpenID for Verifiable Credential Issuance (OpenID4VCI) client",
+  "source": "lib/index.ts",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "author": "Sphereon",
+  "license": "Apache-2.0",
+  "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc"
+  },
+  "dependencies": {
+    "@sphereon/oid4vci-common": "0.4.1-next.285+47fec82",
+    "@sphereon/ssi-types": "^0.9.0",
+    "cross-fetch": "^3.1.5",
+    "debug": "^4.3.4",
+    "uint8arrays": "^3.1.1"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.0",
+    "@types/node": "^18.15.3",
+    "@typescript-eslint/eslint-plugin": "^5.36.1",
+    "@typescript-eslint/parser": "^5.36.1",
+    "codecov": "^3.8.3",
+    "dotenv": "^16.0.2",
+    "eslint": "^8.23.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-eslint-comments": "^3.2.0",
+    "eslint-plugin-import": "^2.26.0",
+    "jest": "^29.1.2",
+    "jest-junit": "^14.0.1",
+    "jose": "^4.10.0",
+    "nock": "^13.2.9",
+    "npm-run-all": "^4.1.5",
+    "open-cli": "^7.0.1",
+    "ts-jest": "^29.0.5",
+    "ts-node": "^10.9.1",
+    "typescript": "4.9.5"
+  },
+  "engines": {
+    "node": ">=16"
+  },
+  "files": [
+    "lib/**/*",
+    "dist/**/*"
+  ],
+  "prettier": {
+    "singleQuote": true,
+    "printWidth": 150
+  },
+  "keywords": [
+    "Sphereon",
+    "Verifiable Credentials",
+    "OpenID",
+    "OpenID for Verifiable Credential Issuance",
+    "OAuth2",
+    "SSI",
+    "OpenID4VCI",
+    "OIDC4VCI",
+    "OID4VCI"
+  ],
+  "gitHead": "47fec82924b0d4a32f25737d7ba7379903fdb4f0"
+}

package/CHANGELOG.md

@@ -1,21 +0,0 @@
-# Release Notes
-
-## v0.2.0 - 2022-11-04
-
-Release with support for the pre-authorized code flow only.
-
-Expect breaking changes in the future, as this package still is undergoing heavy development.
-
-- Added:
-  - Support for well-known OID4VCI, oAuth2 and OpenID metadata
-  
-- Fixes:
-  - Several fixes related to pincode handling
-  - Overall fixes
-
-
-## v0.1.0 - 2022-10-18
-
-Initial release with support for the pre-authorized code flow only.
-
-Expect breaking changes in the future, as this package still is undergoing heavy development.

package/dist/main/index.d.ts

@@ -1 +0,0 @@
-export * from './lib';

package/dist/main/lib/AccessTokenClient.d.ts

@@ -1,20 +0,0 @@
-import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, ErrorResponse, IssuanceInitiationRequestPayload, IssuanceInitiationWithBaseUrl, IssuerOpts } from './types';
-export declare class AccessTokenClient {
-    acquireAccessTokenUsingIssuanceInitiation(issuanceInitiation: IssuanceInitiationWithBaseUrl, opts?: AccessTokenRequestOpts): Promise<AccessTokenResponse | ErrorResponse>;
-    acquireAccessTokenUsingRequest(accessTokenRequest: AccessTokenRequest, opts?: {
-        isPinRequired?: boolean;
-        metadata?: EndpointMetadata;
-        asOpts?: AuthorizationServerOpts;
-        issuerOpts?: IssuerOpts;
-    }): Promise<AccessTokenResponse | ErrorResponse>;
-    createAccessTokenRequest(issuanceInitiationRequest: IssuanceInitiationRequestPayload, opts?: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
-    private assertPreAuthorizedGrantType;
-    private isPinRequiredValue;
-    private assertNumericPin;
-    private assertNonEmptyPreAuthorizedCode;
-    private validate;
-    private sendAuthCode;
-    private determineTokenURL;
-    private creatTokenURLFromURL;
-    private throwNotSupportedFlow;
-}

package/dist/main/lib/AccessTokenClient.js

@@ -1,141 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AccessTokenClient = void 0;
-const ssi_types_1 = require("@sphereon/ssi-types");
-const MetadataClient_1 = require("./MetadataClient");
-const functions_1 = require("./functions");
-const types_1 = require("./types");
-class AccessTokenClient {
-    acquireAccessTokenUsingIssuanceInitiation(issuanceInitiation, opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { issuanceInitiationRequest } = issuanceInitiation;
-            const isPinRequired = this.isPinRequiredValue(issuanceInitiationRequest);
-            const reqOpts = {
-                isPinRequired,
-                issuerOpts: { issuer: issuanceInitiationRequest.issuer },
-                asOpts: (opts === null || opts === void 0 ? void 0 : opts.asOpts) ? Object.assign({}, opts.asOpts) : undefined,
-                metadata: opts === null || opts === void 0 ? void 0 : opts.metadata,
-            };
-            return yield this.acquireAccessTokenUsingRequest(yield this.createAccessTokenRequest(issuanceInitiationRequest, opts), reqOpts);
-        });
-    }
-    acquireAccessTokenUsingRequest(accessTokenRequest, opts) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            this.validate(accessTokenRequest, opts === null || opts === void 0 ? void 0 : opts.isPinRequired);
-            const requestTokenURL = this.determineTokenURL(opts === null || opts === void 0 ? void 0 : opts.asOpts, opts === null || opts === void 0 ? void 0 : opts.issuerOpts, (opts === null || opts === void 0 ? void 0 : opts.metadata)
-                ? opts === null || opts === void 0 ? void 0 : opts.metadata
-                : ((_a = opts === null || opts === void 0 ? void 0 : opts.issuerOpts) === null || _a === void 0 ? void 0 : _a.fetchMetadata)
-                    ? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(opts === null || opts === void 0 ? void 0 : opts.issuerOpts.issuer, { errorOnNotFound: false })
-                    : undefined);
-            return this.sendAuthCode(requestTokenURL, accessTokenRequest);
-        });
-    }
-    createAccessTokenRequest(issuanceInitiationRequest, opts) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const request = {};
-            if ((_a = opts === null || opts === void 0 ? void 0 : opts.asOpts) === null || _a === void 0 ? void 0 : _a.clientId) {
-                request.client_id = opts.asOpts.clientId;
-            }
-            if (this.isPinRequiredValue(issuanceInitiationRequest)) {
-                this.assertNumericPin(true, opts.pin);
-                request.user_pin = opts.pin;
-            }
-            if (issuanceInitiationRequest[types_1.PRE_AUTH_CODE_LITERAL]) {
-                request.grant_type = types_1.GrantTypes.PRE_AUTHORIZED_CODE;
-                request[types_1.PRE_AUTH_CODE_LITERAL] = issuanceInitiationRequest[types_1.PRE_AUTH_CODE_LITERAL];
-            }
-            if (issuanceInitiationRequest.op_state) {
-                if (issuanceInitiationRequest[types_1.PRE_AUTH_CODE_LITERAL]) {
-                    throw new Error('Cannot have both a pre_authorized_code and a op_state in the same initiation request');
-                }
-                request.grant_type = types_1.GrantTypes.AUTHORIZATION_CODE;
-                this.throwNotSupportedFlow();
-            }
-            return request;
-        });
-    }
-    assertPreAuthorizedGrantType(grantType) {
-        if (types_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
-            throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
-        }
-    }
-    isPinRequiredValue(issuanceInitiationRequest) {
-        let isPinRequired = false;
-        if (issuanceInitiationRequest !== undefined) {
-            if (typeof issuanceInitiationRequest.user_pin_required === 'string') {
-                isPinRequired = issuanceInitiationRequest.user_pin_required.toLowerCase() === 'true';
-            }
-            else if (typeof issuanceInitiationRequest.user_pin_required === 'boolean') {
-                isPinRequired = issuanceInitiationRequest.user_pin_required;
-            }
-        }
-        return isPinRequired;
-    }
-    assertNumericPin(isPinRequired, pin) {
-        if (isPinRequired) {
-            if (!pin || !/^\d{1,8}$/.test(pin)) {
-                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
-            }
-        }
-        else if (pin) {
-            throw new Error('Cannot set a pin, when the pin is not required.');
-        }
-    }
-    assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
-        if (!accessTokenRequest[types_1.PRE_AUTH_CODE_LITERAL]) {
-            throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
-        }
-    }
-    validate(accessTokenRequest, isPinRequired) {
-        if (accessTokenRequest.grant_type === types_1.GrantTypes.PRE_AUTHORIZED_CODE) {
-            this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
-            this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
-            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
-        }
-        else {
-            this.throwNotSupportedFlow();
-        }
-    }
-    sendAuthCode(requestTokenURL, accessTokenRequest) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const response = yield (0, functions_1.formPost)(requestTokenURL, (0, functions_1.convertJsonToURI)(accessTokenRequest));
-            return yield response.json();
-        });
-    }
-    determineTokenURL(asOpts, issuerOpts, metadata) {
-        if (!asOpts && !issuerOpts) {
-            throw new Error('Cannot determine token URL if no issuer and no Authorization Server values are present');
-        }
-        const url = asOpts && asOpts.as
-            ? this.creatTokenURLFromURL(asOpts.as, asOpts.tokenEndpoint)
-            : (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint)
-                ? metadata.token_endpoint
-                : this.creatTokenURLFromURL(issuerOpts.issuer, issuerOpts.tokenEndpoint);
-        if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
-            throw new Error('No authorization server token URL present. Cannot acquire access token');
-        }
-        return url;
-    }
-    creatTokenURLFromURL(url, tokenEndpoint) {
-        const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
-        const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
-        // We always require https
-        return `https://${hostname}${endpoint}`;
-    }
-    throwNotSupportedFlow() {
-        throw new Error('Only pre-authorized-code flow is supported');
-    }
-}
-exports.AccessTokenClient = AccessTokenClient;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWNjZXNzVG9rZW5DbGllbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9saWIvQWNjZXNzVG9rZW5DbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7O0FBQUEsbURBQWtEO0FBRWxELHFEQUFrRDtBQUNsRCwyQ0FBeUQ7QUFDekQsbUNBWWlCO0FBRWpCLE1BQWEsaUJBQWlCO0lBQ2YseUNBQXlDLENBQ3BELGtCQUFpRCxFQUNqRCxJQUE2Qjs7WUFFN0IsTUFBTSxFQUFFLHlCQUF5QixFQUFFLEdBQUcsa0JBQWtCLENBQUM7WUFFekQsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDekUsTUFBTSxPQUFPLEdBQUc7Z0JBQ2QsYUFBYTtnQkFDYixVQUFVLEVBQUUsRUFBRSxNQUFNLEVBQUUseUJBQXlCLENBQUMsTUFBTSxFQUFFO2dCQUN4RCxNQUFNLEVBQUUsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsTUFBTSxFQUFDLENBQUMsbUJBQU0sSUFBSSxDQUFDLE1BQU0sRUFBRyxDQUFDLENBQUMsU0FBUztnQkFDckQsUUFBUSxFQUFFLElBQUksYUFBSixJQUFJLHVCQUFKLElBQUksQ0FBRSxRQUFRO2FBQ3pCLENBQUM7WUFDRixPQUFPLE1BQU0sSUFBSSxDQUFDLDhCQUE4QixDQUFDLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixDQUFDLHlCQUF5QixFQUFFLElBQUksQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ2xJLENBQUM7S0FBQTtJQUVZLDhCQUE4QixDQUN6QyxrQkFBc0MsRUFDdEMsSUFBMEg7OztZQUUxSCxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQixFQUFFLElBQUksYUFBSixJQUFJLHVCQUFKLElBQUksQ0FBRSxhQUFhLENBQUMsQ0FBQztZQUN2RCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQzVDLElBQUksYUFBSixJQUFJLHVCQUFKLElBQUksQ0FBRSxNQUFNLEVBQ1osSUFBSSxhQUFKLElBQUksdUJBQUosSUFBSSxDQUFFLFVBQVUsRUFDaEIsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsUUFBUTtnQkFDWixDQUFDLENBQUMsSUFBSSxhQUFKLElBQUksdUJBQUosSUFBSSxDQUFFLFFBQVE7Z0JBQ2hCLENBQUMsQ0FBQyxDQUFBLE1BQUEsSUFBSSxhQUFKLElBQUksdUJBQUosSUFBSSxDQUFFLFVBQVUsMENBQUUsYUFBYTtvQkFDakMsQ0FBQyxDQUFDLE1BQU0sK0JBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsVUFBVSxDQUFDLE1BQU0sRUFBRSxFQUFFLGVBQWUsRUFBRSxLQUFLLEVBQUUsQ0FBQztvQkFDL0YsQ0FBQyxDQUFDLFNBQVMsQ0FDZCxDQUFDO1lBQ0YsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLGVBQWUsRUFBRSxrQkFBa0IsQ0FBQyxDQUFDOztLQUMvRDtJQUVZLHdCQUF3QixDQUNuQyx5QkFBMkQsRUFDM0QsSUFBNkI7OztZQUU3QixNQUFNLE9BQU8sR0FBZ0MsRUFBRSxDQUFDO1lBQ2hELElBQUksTUFBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsTUFBTSwwQ0FBRSxRQUFRLEVBQUU7Z0JBQzFCLE9BQU8sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUM7YUFDMUM7WUFDRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxFQUFFO2dCQUN0RCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDdEMsT0FBTyxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDO2FBQzdCO1lBQ0QsSUFBSSx5QkFBeUIsQ0FBQyw2QkFBcUIsQ0FBQyxFQUFFO2dCQUNwRCxPQUFPLENBQUMsVUFBVSxHQUFHLGtCQUFVLENBQUMsbUJBQW1CLENBQUM7Z0JBQ3BELE9BQU8sQ0FBQyw2QkFBcUIsQ0FBQyxHQUFHLHlCQUF5QixDQUFDLDZCQUFxQixDQUFDLENBQUM7YUFDbkY7WUFDRCxJQUFJLHlCQUF5QixDQUFDLFFBQVEsRUFBRTtnQkFDdEMsSUFBSSx5QkFBeUIsQ0FBQyw2QkFBcUIsQ0FBQyxFQUFFO29CQUNwRCxNQUFNLElBQUksS0FBSyxDQUFDLHNGQUFzRixDQUFDLENBQUM7aUJBQ3pHO2dCQUNELE9BQU8sQ0FBQyxVQUFVLEdBQUcsa0JBQVUsQ0FBQyxrQkFBa0IsQ0FBQztnQkFDbkQsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7YUFDOUI7WUFFRCxPQUFPLE9BQTZCLENBQUM7O0tBQ3RDO0lBRU8sNEJBQTRCLENBQUMsU0FBcUI7UUFDeEQsSUFBSSxrQkFBVSxDQUFDLG1CQUFtQixLQUFLLFNBQVMsRUFBRTtZQUNoRCxNQUFNLElBQUksS0FBSyxDQUFDLDJFQUEyRSxDQUFDLENBQUM7U0FDOUY7SUFDSCxDQUFDO0lBRU8sa0JBQWtCLENBQUMseUJBQTJEO1FBQ3BGLElBQUksYUFBYSxHQUFHLEtBQUssQ0FBQztRQUMxQixJQUFJLHlCQUF5QixLQUFLLFNBQVMsRUFBRTtZQUMzQyxJQUFJLE9BQU8seUJBQXlCLENBQUMsaUJBQWlCLEtBQUssUUFBUSxFQUFFO2dCQUNuRSxhQUFhLEdBQUcseUJBQXlCLENBQUMsaUJBQWlCLENBQUMsV0FBVyxFQUFFLEtBQUssTUFBTSxDQUFDO2FBQ3RGO2lCQUFNLElBQUksT0FBTyx5QkFBeUIsQ0FBQyxpQkFBaUIsS0FBSyxTQUFTLEVBQUU7Z0JBQzNFLGFBQWEsR0FBRyx5QkFBeUIsQ0FBQyxpQkFBaUIsQ0FBQzthQUM3RDtTQUNGO1FBQ0QsT0FBTyxhQUFhLENBQUM7SUFDdkIsQ0FBQztJQUVPLGdCQUFnQixDQUFDLGFBQXVCLEVBQUUsR0FBWTtRQUM1RCxJQUFJLGFBQWEsRUFBRTtZQUNqQixJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRTtnQkFDbEMsTUFBTSxJQUFJLEtBQUssQ0FBQyx5RUFBeUUsQ0FBQyxDQUFDO2FBQzVGO1NBQ0Y7YUFBTSxJQUFJLEdBQUcsRUFBRTtZQUNkLE1BQU0sSUFBSSxLQUFLLENBQUMsaURBQWlELENBQUMsQ0FBQztTQUNwRTtJQUNILENBQUM7SUFFTywrQkFBK0IsQ0FBQyxrQkFBc0M7UUFDNUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLDZCQUFxQixDQUFDLEVBQUU7WUFDOUMsTUFBTSxJQUFJLEtBQUssQ0FBQywrRkFBK0YsQ0FBQyxDQUFDO1NBQ2xIO0lBQ0gsQ0FBQztJQUVPLFFBQVEsQ0FBQyxrQkFBc0MsRUFBRSxhQUF1QjtRQUM5RSxJQUFJLGtCQUFrQixDQUFDLFVBQVUsS0FBSyxrQkFBVSxDQUFDLG1CQUFtQixFQUFFO1lBQ3BFLElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUNqRSxJQUFJLENBQUMsK0JBQStCLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUN6RCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxFQUFFLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1NBQ25FO2FBQU07WUFDTCxJQUFJLENBQUMscUJBQXFCLEVBQUUsQ0FBQztTQUM5QjtJQUNILENBQUM7SUFFYSxZQUFZLENBQUMsZUFBdUIsRUFBRSxrQkFBc0M7O1lBQ3hGLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBQSxvQkFBUSxFQUFDLGVBQWUsRUFBRSxJQUFBLDRCQUFnQixFQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQztZQUN2RixPQUFPLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQy9CLENBQUM7S0FBQTtJQUVPLGlCQUFpQixDQUFDLE1BQWdDLEVBQUUsVUFBdUIsRUFBRSxRQUEyQjtRQUM5RyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsVUFBVSxFQUFFO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsd0ZBQXdGLENBQUMsQ0FBQztTQUMzRztRQUNELE1BQU0sR0FBRyxHQUNQLE1BQU0sSUFBSSxNQUFNLENBQUMsRUFBRTtZQUNqQixDQUFDLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxFQUFFLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQztZQUM1RCxDQUFDLENBQUMsQ0FBQSxRQUFRLGFBQVIsUUFBUSx1QkFBUixRQUFRLENBQUUsY0FBYztnQkFDMUIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFjO2dCQUN6QixDQUFDLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsVUFBVSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzdFLElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyx1QkFBVyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRTtZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLHdFQUF3RSxDQUFDLENBQUM7U0FDM0Y7UUFDRCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFTyxvQkFBb0IsQ0FBQyxHQUFXLEVBQUUsYUFBc0I7UUFDOUQsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNuRSxNQUFNLFFBQVEsR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQztRQUN6SCwwQkFBMEI7UUFDMUIsT0FBTyxXQUFXLFFBQVEsR0FBRyxRQUFRLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8scUJBQXFCO1FBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsNENBQTRDLENBQUMsQ0FBQztJQUNoRSxDQUFDO0NBQ0Y7QUF4SUQsOENBd0lDIn0=

package/dist/main/lib/CredentialRequestClient.d.ts

@@ -1,31 +0,0 @@
-import { CredentialFormat } from '@sphereon/ssi-types';
-import { CredentialRequestClientBuilder } from './CredentialRequestClientBuilder';
-import { CredentialRequest, CredentialResponse, ErrorResponse, ProofOfPossession, ProofOfPossessionOpts } from './types';
-export declare class CredentialRequestClient {
-    _issuanceRequestOpts: Partial<{
-        credentialEndpoint: string;
-        clientId: string;
-        credentialType: string | string[];
-        format: CredentialFormat | CredentialFormat[];
-        proof: ProofOfPossession;
-        token: string;
-    }>;
-    getCredentialEndpoint(): string;
-    getClientId(): string;
-    constructor(builder: CredentialRequestClientBuilder);
-    static builder(): CredentialRequestClientBuilder;
-    acquireCredentialsUsingProof(proof: ProofOfPossession | ProofOfPossessionOpts, opts?: {
-        credentialType?: string | string[];
-        format?: CredentialFormat | CredentialFormat[];
-        overrideIssuerURL?: string;
-        overrideAccessToken?: string;
-    }): Promise<CredentialResponse | ErrorResponse>;
-    acquireCredentialsUsingRequest(request: CredentialRequest, opts?: {
-        overrideCredentialEndpoint?: string;
-        overrideAccessToken?: string;
-    }): Promise<CredentialResponse | ErrorResponse>;
-    createCredentialRequest(proof: ProofOfPossession | ProofOfPossessionOpts, opts?: {
-        credentialType?: string | string[];
-        format?: CredentialFormat | CredentialFormat[];
-    }): Promise<CredentialRequest>;
-}

package/dist/main/lib/CredentialRequestClient.js

@@ -1,66 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CredentialRequestClient = void 0;
-const CredentialRequestClientBuilder_1 = require("./CredentialRequestClientBuilder");
-const functions_1 = require("./functions");
-const types_1 = require("./types");
-class CredentialRequestClient {
-    constructor(builder) {
-        this._issuanceRequestOpts = Object.assign({}, builder);
-    }
-    getCredentialEndpoint() {
-        return this._issuanceRequestOpts.credentialEndpoint;
-    }
-    getClientId() {
-        return this._issuanceRequestOpts.clientId;
-    }
-    static builder() {
-        return new CredentialRequestClientBuilder_1.CredentialRequestClientBuilder();
-    }
-    acquireCredentialsUsingProof(proof, opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const request = yield this.createCredentialRequest(proof, Object.assign({}, opts));
-            return yield this.acquireCredentialsUsingRequest(request, Object.assign({}, opts));
-        });
-    }
-    acquireCredentialsUsingRequest(request, opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const credentialEndpoint = (opts === null || opts === void 0 ? void 0 : opts.overrideCredentialEndpoint)
-                ? opts.overrideCredentialEndpoint
-                : this._issuanceRequestOpts.credentialEndpoint;
-            if (!(0, functions_1.isValidURL)(credentialEndpoint)) {
-                throw new Error(types_1.URL_NOT_VALID);
-            }
-            const requestToken = (opts === null || opts === void 0 ? void 0 : opts.overrideAccessToken) ? opts.overrideAccessToken : this._issuanceRequestOpts.token;
-            const response = yield (0, functions_1.post)(credentialEndpoint, JSON.stringify(request), { bearerToken: requestToken });
-            const responseJson = yield response.json();
-            if (responseJson.error) {
-                return Object.assign({}, responseJson);
-            }
-            return Object.assign({}, responseJson);
-        });
-    }
-    createCredentialRequest(proof, opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const proofOfPossession = 'jwt' in proof
-                ? proof
-                : yield (0, functions_1.createProofOfPossession)(Object.assign({ issuerURL: proof.issuerURL ? proof.issuerURL : this._issuanceRequestOpts.credentialEndpoint, clientId: proof.clientId ? proof.clientId : this._issuanceRequestOpts.clientId }, proof));
-            return {
-                type: (opts === null || opts === void 0 ? void 0 : opts.credentialType) ? opts.credentialType : this._issuanceRequestOpts.credentialType,
-                format: (opts === null || opts === void 0 ? void 0 : opts.format) ? opts.format : this._issuanceRequestOpts.format,
-                proof: proofOfPossession,
-            };
-        });
-    }
-}
-exports.CredentialRequestClient = CredentialRequestClient;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3JlZGVudGlhbFJlcXVlc3RDbGllbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9saWIvQ3JlZGVudGlhbFJlcXVlc3RDbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7O0FBRUEscUZBQWtGO0FBQ2xGLDJDQUF3RTtBQUN4RSxtQ0FBd0k7QUFFeEksTUFBYSx1QkFBdUI7SUFrQmxDLFlBQW1CLE9BQXVDO1FBQ3hELElBQUksQ0FBQyxvQkFBb0IscUJBQVEsT0FBTyxDQUFFLENBQUM7SUFDN0MsQ0FBQztJQVZNLHFCQUFxQjtRQUMxQixPQUFPLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxrQkFBa0IsQ0FBQztJQUN0RCxDQUFDO0lBRU0sV0FBVztRQUNoQixPQUFPLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxRQUFRLENBQUM7SUFDNUMsQ0FBQztJQU1NLE1BQU0sQ0FBQyxPQUFPO1FBQ25CLE9BQU8sSUFBSSwrREFBOEIsRUFBRSxDQUFDO0lBQzlDLENBQUM7SUFFWSw0QkFBNEIsQ0FDdkMsS0FBZ0QsRUFDaEQsSUFLQzs7WUFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLG9CQUFPLElBQUksRUFBRyxDQUFDO1lBQ3ZFLE9BQU8sTUFBTSxJQUFJLENBQUMsOEJBQThCLENBQUMsT0FBTyxvQkFBTyxJQUFJLEVBQUcsQ0FBQztRQUN6RSxDQUFDO0tBQUE7SUFFWSw4QkFBOEIsQ0FDekMsT0FBMEIsRUFDMUIsSUFBNEU7O1lBRTVFLE1BQU0sa0JBQWtCLEdBQVcsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsMEJBQTBCO2dCQUNqRSxDQUFDLENBQUMsSUFBSSxDQUFDLDBCQUEwQjtnQkFDakMsQ0FBQyxDQUFDLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxrQkFBa0IsQ0FBQztZQUNqRCxJQUFJLENBQUMsSUFBQSxzQkFBVSxFQUFDLGtCQUFrQixDQUFDLEVBQUU7Z0JBQ25DLE1BQU0sSUFBSSxLQUFLLENBQUMscUJBQWEsQ0FBQyxDQUFDO2FBQ2hDO1lBQ0QsTUFBTSxZQUFZLEdBQVcsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsbUJBQW1CLEVBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQztZQUNwSCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsZ0JBQUksRUFBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsV0FBVyxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUM7WUFDeEcsTUFBTSxZQUFZLEdBQUcsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDM0MsSUFBSSxZQUFZLENBQUMsS0FBSyxFQUFFO2dCQUN0QixPQUFPLGtCQUFLLFlBQVksQ0FBbUIsQ0FBQzthQUM3QztZQUNELE9BQU8sa0JBQUssWUFBWSxDQUF3QixDQUFDO1FBQ25ELENBQUM7S0FBQTtJQUVZLHVCQUF1QixDQUNsQyxLQUFnRCxFQUNoRCxJQUdDOztZQUVELE1BQU0saUJBQWlCLEdBQ3JCLEtBQUssSUFBSSxLQUFLO2dCQUNaLENBQUMsQ0FBQyxLQUFLO2dCQUNQLENBQUMsQ0FBQyxNQUFNLElBQUEsbUNBQXVCLGtCQUMzQixTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGtCQUFrQixFQUMzRixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLFFBQVEsSUFDM0UsS0FBSyxFQUNSLENBQUM7WUFDVCxPQUFPO2dCQUNMLElBQUksRUFBRSxDQUFBLElBQUksYUFBSixJQUFJLHVCQUFKLElBQUksQ0FBRSxjQUFjLEVBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxjQUFjO2dCQUMzRixNQUFNLEVBQUUsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsTUFBTSxFQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsb0JBQW9CLENBQUMsTUFBTTtnQkFDckUsS0FBSyxFQUFFLGlCQUFpQjthQUN6QixDQUFDO1FBQ0osQ0FBQztLQUFBO0NBQ0Y7QUEvRUQsMERBK0VDIn0=

package/dist/main/lib/CredentialRequestClientBuilder.d.ts

@@ -1,21 +0,0 @@
-import { CredentialFormat } from '@sphereon/ssi-types';
-import { CredentialRequestClient } from './CredentialRequestClient';
-import { AccessTokenResponse, EndpointMetadata, IssuanceInitiationRequestPayload, IssuanceInitiationWithBaseUrl, OID4VCIServerMetadata } from './types';
-export declare class CredentialRequestClientBuilder {
-    credentialEndpoint: string;
-    clientId: string;
-    credentialType: string | string[];
-    format: CredentialFormat | CredentialFormat[];
-    token: string;
-    static fromIssuanceInitiationURI(issuanceInitiationURI: string, metadata?: EndpointMetadata): CredentialRequestClientBuilder;
-    static fromIssuanceInitiationRequest(issuanceInitiationRequest: IssuanceInitiationRequestPayload, metadata?: EndpointMetadata): CredentialRequestClientBuilder;
-    static fromIssuanceInitiation(issuanceInitiation: IssuanceInitiationWithBaseUrl, metadata?: EndpointMetadata): CredentialRequestClientBuilder;
-    withCredentialEndpointFromMetadata(metadata: OID4VCIServerMetadata): CredentialRequestClientBuilder;
-    withCredentialEndpoint(credentialEndpoint: string): CredentialRequestClientBuilder;
-    withCredentialType(credentialType: string | string[]): CredentialRequestClientBuilder;
-    withFormat(format: CredentialFormat | CredentialFormat[]): CredentialRequestClientBuilder;
-    withClientId(clientId: string): CredentialRequestClientBuilder;
-    withToken(accessToken: string): CredentialRequestClientBuilder;
-    withTokenFromResponse(response: AccessTokenResponse): CredentialRequestClientBuilder;
-    build(): CredentialRequestClient;
-}