@sphereon/oid4vci-client 0.2.0 → 0.4.1-next.285

package/dist/AccessTokenClient.d.ts

@@ -0,0 +1,30 @@
+import { AccessTokenRequest, AccessTokenRequestOpts, AccessTokenResponse, AuthorizationServerOpts, EndpointMetadata, IssuerOpts, OpenIDResponse } from '@sphereon/oid4vci-common';
+export declare class AccessTokenClient {
+    acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse>>;
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }: {
+        accessTokenRequest: AccessTokenRequest;
+        isPinRequired?: boolean;
+        metadata?: EndpointMetadata;
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+    }): Promise<OpenIDResponse<AccessTokenResponse>>;
+    createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest>;
+    private assertPreAuthorizedGrantType;
+    private assertAuthorizationGrantType;
+    private isPinRequiredValue;
+    private assertNumericPin;
+    private assertNonEmptyPreAuthorizedCode;
+    private assertNonEmptyCodeVerifier;
+    private assertNonEmptyCode;
+    private assertNonEmptyRedirectUri;
+    private validate;
+    private sendAuthCode;
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }: {
+        asOpts?: AuthorizationServerOpts;
+        issuerOpts?: IssuerOpts;
+        metadata?: EndpointMetadata;
+    }): string;
+    private static creatTokenURLFromURL;
+    private throwNotSupportedFlow;
+}
+//# sourceMappingURL=AccessTokenClient.d.ts.map

package/dist/AccessTokenClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClient.d.ts","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EAEnB,uBAAuB,EACvB,gBAAgB,EAIhB,UAAU,EACV,cAAc,EAKf,MAAM,0BAA0B,CAAC;AASlC,qBAAa,iBAAiB;IACf,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IA6B9F,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GACX,EAAE;QACD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;QAC5B,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAcnC,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsChG,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,+BAA+B;IAOvC,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,yBAAyB;IAOjC,OAAO,CAAC,QAAQ;YAeF,YAAY;WAIZ,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GACT,EAAE;QACD,MAAM,CAAC,EAAE,uBAAuB,CAAC;QACjC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;KAC7B,GAAG,MAAM;IAuBV,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAUnC,OAAO,CAAC,qBAAqB;CAI9B"}

package/dist/AccessTokenClient.js

@@ -0,0 +1,222 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessTokenClient = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const ssi_types_1 = require("@sphereon/ssi-types");
+const debug_1 = __importDefault(require("debug"));
+const MetadataClient_1 = require("./MetadataClient");
+const functions_1 = require("./functions");
+const debug = (0, debug_1.default)('sphereon:oid4vci:token');
+class AccessTokenClient {
+    acquireAccessToken(opts) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri, metadata } = opts;
+            const credentialOffer = yield (0, oid4vci_common_1.assertedUniformCredentialOffer)(opts.credentialOffer);
+            const isPinRequired = this.isPinRequiredValue(credentialOffer.credential_offer);
+            const issuer = (_a = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(credentialOffer.credential_offer)) !== null && _a !== void 0 ? _a : metadata === null || metadata === void 0 ? void 0 : metadata.issuer;
+            if (!issuer) {
+                throw Error('Issuer required at this point');
+            }
+            const issuerOpts = {
+                issuer,
+            };
+            return yield this.acquireAccessTokenUsingRequest({
+                accessTokenRequest: yield this.createAccessTokenRequest({
+                    credentialOffer,
+                    asOpts,
+                    codeVerifier,
+                    code,
+                    redirectUri,
+                    pin,
+                }),
+                isPinRequired,
+                metadata,
+                asOpts,
+                issuerOpts,
+            });
+        });
+    }
+    acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, issuerOpts, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validate(accessTokenRequest, isPinRequired);
+            const requestTokenURL = AccessTokenClient.determineTokenURL({
+                asOpts,
+                issuerOpts,
+                metadata: metadata
+                    ? metadata
+                    : (issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.fetchMetadata)
+                        ? yield MetadataClient_1.MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
+                        : undefined,
+            });
+            return this.sendAuthCode(requestTokenURL, accessTokenRequest);
+        });
+    }
+    createAccessTokenRequest(opts) {
+        var _a, _b, _c, _d;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
+            const credentialOfferRequest = yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(opts.credentialOffer);
+            const request = {};
+            if (asOpts === null || asOpts === void 0 ? void 0 : asOpts.clientId) {
+                request.client_id = asOpts.clientId;
+            }
+            this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
+            request.user_pin = pin;
+            const isPreAuth = (0, oid4vci_common_1.isPreAuthCode)(credentialOfferRequest);
+            if (isPreAuth) {
+                if (codeVerifier) {
+                    throw new Error('Cannot pass a code_verifier when flow type is pre-authorized');
+                }
+                request.grant_type = oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE;
+                // we actually know it is there because of the isPreAuthCode call
+                request[oid4vci_common_1.PRE_AUTH_CODE_LITERAL] =
+                    (_b = (_a = credentialOfferRequest === null || credentialOfferRequest === void 0 ? void 0 : credentialOfferRequest.credential_offer.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b[oid4vci_common_1.PRE_AUTH_CODE_LITERAL];
+            }
+            if (!isPreAuth && ((_d = (_c = credentialOfferRequest.credential_offer.grants) === null || _c === void 0 ? void 0 : _c.authorization_code) === null || _d === void 0 ? void 0 : _d.issuer_state)) {
+                this.throwNotSupportedFlow(); // not supported yet
+                request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
+            }
+            if (codeVerifier) {
+                request.code_verifier = codeVerifier;
+                request.code = code;
+                request.redirect_uri = redirectUri;
+                request.grant_type = oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE;
+            }
+            if (request.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE && isPreAuth) {
+                throw Error('A pre_authorized_code flow cannot have an issuer state in the credential offer');
+            }
+            return request;
+        });
+    }
+    assertPreAuthorizedGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
+            throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
+        }
+    }
+    assertAuthorizationGrantType(grantType) {
+        if (oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE !== grantType) {
+            throw new Error("grant type must be 'authorization_code'");
+        }
+    }
+    isPinRequiredValue(requestPayload) {
+        var _a, _b, _c;
+        let isPinRequired = false;
+        if (!requestPayload) {
+            throw new Error(oid4vci_common_1.TokenErrorResponse.invalid_request);
+        }
+        const issuer = (0, oid4vci_common_1.getIssuerFromCredentialOfferPayload)(requestPayload);
+        if ((_a = requestPayload.grants) === null || _a === void 0 ? void 0 : _a['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
+            isPinRequired = (_c = (_b = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _b === void 0 ? void 0 : _b.user_pin_required) !== null && _c !== void 0 ? _c : false;
+        }
+        debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
+        return isPinRequired;
+    }
+    assertNumericPin(isPinRequired, pin) {
+        if (isPinRequired) {
+            if (!pin || !/^\d{1,8}$/.test(pin)) {
+                debug(`Pin is not 1 to 8 digits long`);
+                throw new Error('A valid pin consisting of maximal 8 numeric characters must be present.');
+            }
+        }
+        else if (pin) {
+            debug(`Pin set, whilst not required`);
+            throw new Error('Cannot set a pin, when the pin is not required.');
+        }
+    }
+    assertNonEmptyPreAuthorizedCode(accessTokenRequest) {
+        if (!accessTokenRequest[oid4vci_common_1.PRE_AUTH_CODE_LITERAL]) {
+            debug(`No pre-authorized code present, whilst it is required`);
+            throw new Error('Pre-authorization must be proven by presenting the pre-authorized code. Code must be present.');
+        }
+    }
+    assertNonEmptyCodeVerifier(accessTokenRequest) {
+        if (!accessTokenRequest.code_verifier) {
+            debug('No code_verifier present, whilst it is required');
+            throw new Error('Authorization flow requires the code_verifier to be present');
+        }
+    }
+    assertNonEmptyCode(accessTokenRequest) {
+        if (!accessTokenRequest.code) {
+            debug('No code present, whilst it is required');
+            throw new Error('Authorization flow requires the code to be present');
+        }
+    }
+    assertNonEmptyRedirectUri(accessTokenRequest) {
+        if (!accessTokenRequest.redirect_uri) {
+            debug('No redirect_uri present, whilst it is required');
+            throw new Error('Authorization flow requires the redirect_uri to be present');
+        }
+    }
+    validate(accessTokenRequest, isPinRequired) {
+        if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.PRE_AUTHORIZED_CODE) {
+            this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
+            this.assertNumericPin(isPinRequired, accessTokenRequest.user_pin);
+        }
+        else if (accessTokenRequest.grant_type === oid4vci_common_1.GrantTypes.AUTHORIZATION_CODE) {
+            this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
+            this.assertNonEmptyCodeVerifier(accessTokenRequest);
+            this.assertNonEmptyCode(accessTokenRequest);
+            this.assertNonEmptyRedirectUri(accessTokenRequest);
+        }
+        else {
+            this.throwNotSupportedFlow;
+        }
+    }
+    sendAuthCode(requestTokenURL, accessTokenRequest) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0, functions_1.formPost)(requestTokenURL, (0, functions_1.convertJsonToURI)(accessTokenRequest));
+        });
+    }
+    static determineTokenURL({ asOpts, issuerOpts, metadata, }) {
+        if (!asOpts && !(metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) && !issuerOpts) {
+            throw new Error('Cannot determine token URL if no issuer, metadata and no Authorization Server values are present');
+        }
+        let url;
+        if (asOpts && asOpts.as) {
+            url = this.creatTokenURLFromURL(asOpts.as, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, asOpts.tokenEndpoint);
+        }
+        else if (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) {
+            url = metadata.token_endpoint;
+        }
+        else {
+            if (!(issuerOpts === null || issuerOpts === void 0 ? void 0 : issuerOpts.issuer)) {
+                throw Error('Either authorization server options, a token endpoint or issuer options are required at this point');
+            }
+            url = this.creatTokenURLFromURL(issuerOpts.issuer, asOpts === null || asOpts === void 0 ? void 0 : asOpts.allowInsecureEndpoints, issuerOpts.tokenEndpoint);
+        }
+        if (!url || !ssi_types_1.ObjectUtils.isString(url)) {
+            throw new Error('No authorization server token URL present. Cannot acquire access token');
+        }
+        debug(`Token endpoint determined to be ${url}`);
+        return url;
+    }
+    static creatTokenURLFromURL(url, allowInsecureEndpoints, tokenEndpoint) {
+        if (allowInsecureEndpoints !== true && url.startsWith('http:')) {
+            throw Error(`Unprotected token endpoints are not allowed ${url}. Adjust settings if you really need this (dev/test settings only!!)`);
+        }
+        const hostname = url.replace(/https?:\/\//, '').replace(/\/$/, '');
+        const endpoint = tokenEndpoint ? (tokenEndpoint.startsWith('/') ? tokenEndpoint : tokenEndpoint.substring(1)) : '/token';
+        const scheme = url.split('://')[0];
+        return `${scheme ? scheme + '://' : 'https://'}${hostname}${endpoint}`;
+    }
+    throwNotSupportedFlow() {
+        debug(`Only pre-authorized flow supported.`);
+        throw new Error('Only pre-authorized-code flow is supported');
+    }
+}
+exports.AccessTokenClient = AccessTokenClient;
+//# sourceMappingURL=AccessTokenClient.js.map

package/dist/AccessTokenClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessTokenClient.js","sourceRoot":"","sources":["../lib/AccessTokenClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAgBkC;AAClC,mDAAkD;AAClD,kDAA0B;AAE1B,qDAAkD;AAClD,2CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,iBAAiB;IACf,kBAAkB,CAAC,IAA4B;;;YAC1D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAExE,MAAM,eAAe,GAAG,MAAM,IAAA,+CAA8B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACnF,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAChF,MAAM,MAAM,GAAG,MAAA,IAAA,oDAAmC,EAAC,eAAe,CAAC,gBAAgB,CAAC,mCAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAiB,CAAC;YACrH,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,KAAK,CAAC,+BAA+B,CAAC,CAAC;aAC9C;YACD,MAAM,UAAU,GAAG;gBACjB,MAAM;aACP,CAAC;YAEF,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC;gBAC/C,kBAAkB,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC;oBACtD,eAAe;oBACf,MAAM;oBACN,YAAY;oBACZ,IAAI;oBACJ,WAAW;oBACX,GAAG;iBACJ,CAAC;gBACF,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,UAAU;aACX,CAAC,CAAC;;KACJ;IAEY,8BAA8B,CAAC,EAC1C,kBAAkB,EAClB,aAAa,EACb,QAAQ,EACR,MAAM,EACN,UAAU,GAOX;;YACC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YACjD,MAAM,eAAe,GAAG,iBAAiB,CAAC,iBAAiB,CAAC;gBAC1D,MAAM;gBACN,UAAU;gBACV,QAAQ,EAAE,QAAQ;oBAChB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,aAAa;wBAC3B,CAAC,CAAC,MAAM,+BAAc,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;wBACzF,CAAC,CAAC,SAAS;aACd,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;KAAA;IAEY,wBAAwB,CAAC,IAA4B;;;YAChE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9D,MAAM,sBAAsB,GAAG,MAAM,IAAA,gDAA+B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC3F,MAAM,OAAO,GAAgC,EAAE,CAAC;YAChD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,EAAE;gBACpB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;aACrC;YAED,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;YAC7F,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;YAEvB,MAAM,SAAS,GAAG,IAAA,8BAAa,EAAC,sBAAsB,CAAC,CAAC;YACxD,IAAI,SAAS,EAAE;gBACb,IAAI,YAAY,EAAE;oBAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;iBACjF;gBACD,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,mBAAmB,CAAC;gBACpD,iEAAiE;gBACjE,OAAO,CAAC,sCAAqB,CAAC;oBAC5B,MAAA,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,gBAAgB,CAAC,MAAM,0CAAG,sDAAsD,CAAC,0CAAG,sCAAqB,CAAC,CAAC;aACtI;YACD,IAAI,CAAC,SAAS,KAAI,MAAA,MAAA,sBAAsB,CAAC,gBAAgB,CAAC,MAAM,0CAAE,kBAAkB,0CAAE,YAAY,CAAA,EAAE;gBAClG,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC,oBAAoB;gBAClD,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;aACpD;YACD,IAAI,YAAY,EAAE;gBAChB,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;gBACrC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,OAAO,CAAC,YAAY,GAAG,WAAW,CAAC;gBACnC,OAAO,CAAC,UAAU,GAAG,2BAAU,CAAC,kBAAkB,CAAC;aACpD;YACD,IAAI,OAAO,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,IAAI,SAAS,EAAE;gBACrE,MAAM,KAAK,CAAC,gFAAgF,CAAC,CAAC;aAC/F;YAED,OAAO,OAA6B,CAAC;;KACtC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,mBAAmB,KAAK,SAAS,EAAE;YAChD,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;SAC9F;IACH,CAAC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,IAAI,2BAAU,CAAC,kBAAkB,KAAK,SAAS,EAAE;YAC/C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;SAC5D;IACH,CAAC;IAEO,kBAAkB,CAAC,cAA6C;;QACtE,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,mCAAkB,CAAC,eAAe,CAAC,CAAC;SACrD;QACD,MAAM,MAAM,GAAG,IAAA,oDAAmC,EAAC,cAAc,CAAC,CAAC;QACnE,IAAI,MAAA,cAAc,CAAC,MAAM,0CAAG,sDAAsD,CAAC,EAAE;YACnF,aAAa,GAAG,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,CAAC;SAC3H;QACD,KAAK,CAAC,2BAA2B,MAAM,KAAK,aAAa,EAAE,CAAC,CAAC;QAC7D,OAAO,aAAa,CAAC;IACvB,CAAC;IAEO,gBAAgB,CAAC,aAAuB,EAAE,GAAY;QAC5D,IAAI,aAAa,EAAE;YACjB,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBAClC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;aAC5F;SACF;aAAM,IAAI,GAAG,EAAE;YACd,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;SACpE;IACH,CAAC;IAEO,+BAA+B,CAAC,kBAAsC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,sCAAqB,CAAC,EAAE;YAC9C,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAC;SAClH;IACH,CAAC;IAEO,0BAA0B,CAAC,kBAAsC;QACvE,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE;YACrC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;IACH,CAAC;IAEO,kBAAkB,CAAC,kBAAsC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;YAC5B,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACvE;IACH,CAAC;IAEO,yBAAyB,CAAC,kBAAsC;QACtE,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE;YACpC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;IACH,CAAC;IAEO,QAAQ,CAAC,kBAAsC,EAAE,aAAuB;QAC9E,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,mBAAmB,EAAE;YACpE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,+BAA+B,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;SACnE;aAAM,IAAI,kBAAkB,CAAC,UAAU,KAAK,2BAAU,CAAC,kBAAkB,EAAE;YAC1E,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAC;YACpD,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YAC5C,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,CAAC;SACpD;aAAM;YACL,IAAI,CAAC,qBAAqB,CAAC;SAC5B;IACH,CAAC;IAEa,YAAY,CAAC,eAAuB,EAAE,kBAAsC;;YACxF,OAAO,MAAM,IAAA,oBAAQ,EAAC,eAAe,EAAE,IAAA,4BAAgB,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAC/E,CAAC;KAAA;IAEM,MAAM,CAAC,iBAAiB,CAAC,EAC9B,MAAM,EACN,UAAU,EACV,QAAQ,GAKT;QACC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,IAAI,CAAC,UAAU,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;SACrH;QACD,IAAI,GAAG,CAAC;QACR,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE,EAAE;YACvB,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;SAClG;aAAM,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,EAAE;YACnC,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC;SAC/B;aAAM;YACL,IAAI,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAA,EAAE;gBACvB,MAAM,KAAK,CAAC,oGAAoG,CAAC,CAAC;aACnH;YACD,GAAG,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,sBAAsB,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;SAC9G;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;SAC3F;QACD,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,GAAW,EAAE,sBAAgC,EAAE,aAAsB;QACvG,IAAI,sBAAsB,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;YAC9D,MAAM,KAAK,CAAC,+CAA+C,GAAG,sEAAsE,CAAC,CAAC;SACvI;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzH,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,QAAQ,GAAG,QAAQ,EAAE,CAAC;IACzE,CAAC;IAEO,qBAAqB;QAC3B,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;CACF;AA/ND,8CA+NC"}

package/dist/AuthorizationDetailsBuilder.d.ts

@@ -0,0 +1,11 @@
+import { AuthorizationDetailsJwtVcJson, OID4VCICredentialFormat } from '@sphereon/oid4vci-common';
+export declare class AuthorizationDetailsBuilder {
+    private readonly authorizationDetails;
+    constructor();
+    withType(type: string): AuthorizationDetailsBuilder;
+    withFormats(format: OID4VCICredentialFormat): AuthorizationDetailsBuilder;
+    withLocations(locations: string[]): AuthorizationDetailsBuilder;
+    addLocation(location: string): AuthorizationDetailsBuilder;
+    buildJwtVcJson(): AuthorizationDetailsJwtVcJson;
+}
+//# sourceMappingURL=AuthorizationDetailsBuilder.d.ts.map

package/dist/AuthorizationDetailsBuilder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationDetailsBuilder.d.ts","sourceRoot":"","sources":["../lib/AuthorizationDetailsBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAGlG,qBAAa,2BAA2B;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAyC;;IAM9E,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,2BAA2B;IAKnD,WAAW,CAAC,MAAM,EAAE,uBAAuB,GAAG,2BAA2B;IAKzE,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,2BAA2B;IAS/D,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,2BAA2B;IAU1D,cAAc,IAAI,6BAA6B;CAMhD"}

package/dist/AuthorizationDetailsBuilder.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationDetailsBuilder = void 0;
+//todo: refactor this builder to be able to create ldp details as well
+class AuthorizationDetailsBuilder {
+    constructor() {
+        this.authorizationDetails = {};
+    }
+    withType(type) {
+        this.authorizationDetails.type = type;
+        return this;
+    }
+    withFormats(format) {
+        this.authorizationDetails.format = format;
+        return this;
+    }
+    withLocations(locations) {
+        if (this.authorizationDetails.locations) {
+            this.authorizationDetails.locations.push(...locations);
+        }
+        else {
+            this.authorizationDetails.locations = locations;
+        }
+        return this;
+    }
+    addLocation(location) {
+        if (this.authorizationDetails.locations) {
+            this.authorizationDetails.locations.push(location);
+        }
+        else {
+            this.authorizationDetails.locations = [location];
+        }
+        return this;
+    }
+    //todo: we have to consider one thing, if this is a general purpose builder, we want to support ldp types here as well. and for that we need a few checks.
+    buildJwtVcJson() {
+        if (this.authorizationDetails.format && this.authorizationDetails.type) {
+            return this.authorizationDetails;
+        }
+        throw new Error('Type and format are required properties');
+    }
+}
+exports.AuthorizationDetailsBuilder = AuthorizationDetailsBuilder;
+//# sourceMappingURL=AuthorizationDetailsBuilder.js.map

package/dist/AuthorizationDetailsBuilder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationDetailsBuilder.js","sourceRoot":"","sources":["../lib/AuthorizationDetailsBuilder.ts"],"names":[],"mappings":";;;AAEA,sEAAsE;AACtE,MAAa,2BAA2B;IAGtC;QACE,IAAI,CAAC,oBAAoB,GAAG,EAAE,CAAC;IACjC,CAAC;IAED,QAAQ,CAAC,IAAY;QACnB,IAAI,CAAC,oBAAoB,CAAC,IAAI,GAAG,IAAI,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,MAA+B;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa,CAAC,SAAmB;QAC/B,IAAI,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE;YACvC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;SACxD;aAAM;YACL,IAAI,CAAC,oBAAoB,CAAC,SAAS,GAAG,SAAS,CAAC;SACjD;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,QAAgB;QAC1B,IAAI,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE;YACvC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACpD;aAAM;YACL,IAAI,CAAC,oBAAoB,CAAC,SAAS,GAAG,CAAC,QAAQ,CAAC,CAAC;SAClD;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0JAA0J;IAC1J,cAAc;QACZ,IAAI,IAAI,CAAC,oBAAoB,CAAC,MAAM,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE;YACtE,OAAO,IAAI,CAAC,oBAAqD,CAAC;SACnE;QACD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;CACF;AA1CD,kEA0CC"}

package/dist/CredentialOfferClient.d.ts

@@ -0,0 +1,10 @@
+import { CredentialOfferRequestWithBaseUrl, OpenId4VCIVersion } from '@sphereon/oid4vci-common';
+export declare class CredentialOfferClient {
+    static fromURI(uri: string, opts?: {
+        resolve?: boolean;
+    }): Promise<CredentialOfferRequestWithBaseUrl>;
+    static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: {
+        version?: OpenId4VCIVersion;
+    }): string;
+}
+//# sourceMappingURL=CredentialOfferClient.d.ts.map

package/dist/CredentialOfferClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialOfferClient.d.ts","sourceRoot":"","sources":["../lib/CredentialOfferClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,iCAAiC,EAGjC,iBAAiB,EAElB,MAAM,0BAA0B,CAAC;AAOlC,qBAAa,qBAAqB;WACZ,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC;WA+CpG,KAAK,CACjB,kBAAkB,EAAE,iCAAiC,EACrD,IAAI,CAAC,EAAE;QACL,OAAO,CAAC,EAAE,iBAAiB,CAAC;KAC7B,GACA,MAAM;CAsCV"}

package/dist/CredentialOfferClient.js

@@ -0,0 +1,101 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialOfferClient = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const debug_1 = __importDefault(require("debug"));
+const functions_1 = require("./functions");
+const debug = (0, debug_1.default)('sphereon:oid4vci:offer');
+class CredentialOfferClient {
+    static fromURI(uri, opts) {
+        var _a, _b, _c, _d, _e, _f, _g;
+        return __awaiter(this, void 0, void 0, function* () {
+            debug(`Credential Offer URI: ${uri}`);
+            if (!uri.includes('?') || !uri.includes('://')) {
+                debug(`Invalid Credential Offer URI: ${uri}`);
+                throw Error(`Invalid Credential Offer Request`);
+            }
+            const scheme = uri.split('://')[0];
+            const baseUrl = uri.split('?')[0];
+            const version = (0, oid4vci_common_1.determineSpecVersionFromURI)(uri);
+            let credentialOffer;
+            let credentialOfferPayload;
+            if (version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
+                credentialOfferPayload = (0, functions_1.convertURIToJsonObject)(uri, {
+                    arrayTypeProperties: ['credential_type'],
+                    requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['issuer', 'credential_type'],
+                });
+                credentialOffer = {
+                    credential_offer: credentialOfferPayload,
+                };
+            }
+            else {
+                credentialOffer = (0, functions_1.convertURIToJsonObject)(uri, {
+                    arrayTypeProperties: ['credentials'],
+                    requiredProperties: uri.includes('credential_offer_uri=') ? ['credential_offer_uri'] : ['credential_offer'],
+                });
+                if ((credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.credential_offer_uri) === undefined && !(credentialOffer === null || credentialOffer === void 0 ? void 0 : credentialOffer.credential_offer)) {
+                    throw Error('Either a credential_offer or credential_offer_uri should be present in ' + uri);
+                }
+            }
+            const request = yield (0, oid4vci_common_1.toUniformCredentialOfferRequest)(credentialOffer, Object.assign(Object.assign({}, opts), { version }));
+            const grants = (_a = request.credential_offer) === null || _a === void 0 ? void 0 : _a.grants;
+            return Object.assign(Object.assign(Object.assign(Object.assign({ scheme,
+                baseUrl }, request), (((_b = grants === null || grants === void 0 ? void 0 : grants.authorization_code) === null || _b === void 0 ? void 0 : _b.issuer_state) && { issuerState: grants.authorization_code.issuer_state })), (((_c = grants === null || grants === void 0 ? void 0 : grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _c === void 0 ? void 0 : _c['pre-authorized_code']) && {
+                preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
+            })), { userPinRequired: (_g = (_f = (_e = (_d = request.credential_offer) === null || _d === void 0 ? void 0 : _d.grants) === null || _e === void 0 ? void 0 : _e['urn:ietf:params:oauth:grant-type:pre-authorized_code']) === null || _f === void 0 ? void 0 : _f.user_pin_required) !== null && _g !== void 0 ? _g : false });
+        });
+    }
+    static toURI(requestWithBaseUrl, opts) {
+        var _a, _b;
+        debug(`Credential Offer Request with base URL: ${JSON.stringify(requestWithBaseUrl)}`);
+        const version = (_a = opts === null || opts === void 0 ? void 0 : opts.version) !== null && _a !== void 0 ? _a : requestWithBaseUrl.version;
+        let baseUrl = requestWithBaseUrl.baseUrl.includes(requestWithBaseUrl.scheme)
+            ? requestWithBaseUrl.baseUrl
+            : `${requestWithBaseUrl.scheme.replace('://', '')}://${requestWithBaseUrl.baseUrl}`;
+        let param;
+        const isUri = requestWithBaseUrl.credential_offer_uri !== undefined;
+        if (version.valueOf() >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11.valueOf()) {
+            // v11 changed from encoding every param to a encoded json object with a credential_offer param key
+            if (!baseUrl.includes('?')) {
+                param = isUri ? 'credential_offer_uri' : 'credential_offer';
+            }
+            else {
+                const split = baseUrl.split('?');
+                if (split.length > 1 && split[1] !== '') {
+                    if (baseUrl.endsWith('&')) {
+                        param = isUri ? 'credential_offer_uri' : 'credential_offer';
+                    }
+                    else if (!baseUrl.endsWith('=')) {
+                        baseUrl += `&`;
+                        param = isUri ? 'credential_offer_uri' : 'credential_offer';
+                    }
+                }
+            }
+        }
+        return (0, functions_1.convertJsonToURI)((_b = requestWithBaseUrl.credential_offer_uri) !== null && _b !== void 0 ? _b : requestWithBaseUrl.original_credential_offer, {
+            baseUrl,
+            arrayTypeProperties: isUri ? [] : ['credential_type'],
+            uriTypeProperties: isUri
+                ? ['credential_offer_uri']
+                : version >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11
+                    ? ['credential_issuer', 'credential_type']
+                    : ['issuer', 'credential_type'],
+            param,
+            version,
+        });
+    }
+}
+exports.CredentialOfferClient = CredentialOfferClient;
+//# sourceMappingURL=CredentialOfferClient.js.map

package/dist/CredentialOfferClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialOfferClient.js","sourceRoot":"","sources":["../lib/CredentialOfferClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DASkC;AAClC,kDAA0B;AAE1B,2CAAuE;AAEvE,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC;AAE9C,MAAa,qBAAqB;IACzB,MAAM,CAAO,OAAO,CAAC,GAAW,EAAE,IAA4B;;;YACnE,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;YACtC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;gBAC9C,KAAK,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;gBAC9C,MAAM,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACjD;YACD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,OAAO,GAAG,IAAA,4CAA2B,EAAC,GAAG,CAAC,CAAC;YACjD,IAAI,eAAgC,CAAC;YACrC,IAAI,sBAA8C,CAAC;YACnD,IAAI,OAAO,GAAG,kCAAiB,CAAC,UAAU,EAAE;gBAC1C,sBAAsB,GAAG,IAAA,kCAAsB,EAAC,GAAG,EAAE;oBACnD,mBAAmB,EAAE,CAAC,iBAAiB,CAAC;oBACxC,kBAAkB,EAAE,GAAG,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,iBAAiB,CAAC;iBACrH,CAAkC,CAAC;gBACpC,eAAe,GAAG;oBAChB,gBAAgB,EAAE,sBAAsB;iBACzC,CAAC;aACH;iBAAM;gBACL,eAAe,GAAG,IAAA,kCAAsB,EAAC,GAAG,EAAE;oBAC5C,mBAAmB,EAAE,CAAC,aAAa,CAAC;oBACpC,kBAAkB,EAAE,GAAG,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC;iBAC5G,CAA2B,CAAC;gBAC7B,IAAI,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,oBAAoB,MAAK,SAAS,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,gBAAgB,CAAA,EAAE;oBAC7F,MAAM,KAAK,CAAC,yEAAyE,GAAG,GAAG,CAAC,CAAC;iBAC9F;aACF;YACD,MAAM,OAAO,GAAG,MAAM,IAAA,gDAA+B,EAAC,eAAe,kCAChE,IAAI,KACP,OAAO,IACP,CAAC;YAEH,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,gBAAgB,0CAAE,MAAM,CAAC;YAEhD,iEACE,MAAM;gBACN,OAAO,IACJ,OAAO,GACP,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,kBAAkB,0CAAE,YAAY,KAAI,EAAE,WAAW,EAAE,MAAM,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,GACrG,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,sDAAsD,CAAC,0CAAG,qBAAqB,CAAC,KAAI;gBAC/F,iBAAiB,EAAE,MAAM,CAAC,sDAAsD,CAAC,CAAC,qBAAqB,CAAC;aACzG,CAAC,KACF,eAAe,EAAE,MAAA,MAAA,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,MAAM,0CAAG,sDAAsD,CAAC,0CAAE,iBAAiB,mCAAI,KAAK,IACvI;;KACH;IAEM,MAAM,CAAC,KAAK,CACjB,kBAAqD,EACrD,IAEC;;QAED,KAAK,CAAC,2CAA2C,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACvF,MAAM,OAAO,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,OAAO,mCAAI,kBAAkB,CAAC,OAAO,CAAC;QAC5D,IAAI,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,MAAM,CAAC;YAC1E,CAAC,CAAC,kBAAkB,CAAC,OAAO;YAC5B,CAAC,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,CAAC;QACtF,IAAI,KAAyB,CAAC;QAE9B,MAAM,KAAK,GAAG,kBAAkB,CAAC,oBAAoB,KAAK,SAAS,CAAC;QAEpE,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE;YAC/D,mGAAmG;YACnG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBAC1B,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,kBAAkB,CAAC;aAC7D;iBAAM;gBACL,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE;oBACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;wBACzB,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,kBAAkB,CAAC;qBAC7D;yBAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;wBACjC,OAAO,IAAI,GAAG,CAAC;wBACf,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,kBAAkB,CAAC;qBAC7D;iBACF;aACF;SACF;QACD,OAAO,IAAA,4BAAgB,EAAC,MAAA,kBAAkB,CAAC,oBAAoB,mCAAI,kBAAkB,CAAC,yBAAyB,EAAE;YAC/G,OAAO;YACP,mBAAmB,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC;YACrD,iBAAiB,EAAE,KAAK;gBACtB,CAAC,CAAC,CAAC,sBAAsB,CAAC;gBAC1B,CAAC,CAAC,OAAO,IAAI,kCAAiB,CAAC,UAAU;oBACzC,CAAC,CAAC,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;oBAC1C,CAAC,CAAC,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACjC,KAAK;YACL,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AA3FD,sDA2FC"}

package/dist/CredentialRequestClient.d.ts

@@ -0,0 +1,33 @@
+import { CredentialResponse, OID4VCICredentialFormat, OpenId4VCIVersion, OpenIDResponse, ProofOfPossession, UniformCredentialRequest } from '@sphereon/oid4vci-common';
+import { CredentialFormat } from '@sphereon/ssi-types';
+import { CredentialRequestClientBuilder } from './CredentialRequestClientBuilder';
+import { ProofOfPossessionBuilder } from './ProofOfPossessionBuilder';
+export interface CredentialRequestOpts {
+    credentialEndpoint: string;
+    credentialTypes: string[];
+    format?: CredentialFormat | OID4VCICredentialFormat;
+    proof: ProofOfPossession;
+    token: string;
+    version: OpenId4VCIVersion;
+}
+export declare class CredentialRequestClient {
+    private readonly _credentialRequestOpts;
+    get credentialRequestOpts(): CredentialRequestOpts;
+    getCredentialEndpoint(): string;
+    constructor(builder: CredentialRequestClientBuilder);
+    acquireCredentialsUsingProof(opts: {
+        proofInput: ProofOfPossessionBuilder | ProofOfPossession;
+        credentialTypes?: string | string[];
+        format?: CredentialFormat | OID4VCICredentialFormat;
+    }): Promise<OpenIDResponse<CredentialResponse>>;
+    acquireCredentialsUsingRequest(uniformRequest: UniformCredentialRequest): Promise<OpenIDResponse<CredentialResponse>>;
+    createCredentialRequest(opts: {
+        proofInput: ProofOfPossessionBuilder | ProofOfPossession;
+        credentialTypes?: string | string[];
+        format?: CredentialFormat | OID4VCICredentialFormat;
+        version: OpenId4VCIVersion;
+    }): Promise<UniformCredentialRequest>;
+    private version;
+    private isV11OrHigher;
+}
+//# sourceMappingURL=CredentialRequestClient.d.ts.map

package/dist/CredentialRequestClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialRequestClient.d.ts","sourceRoot":"","sources":["../lib/CredentialRequestClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,wBAAwB,EAEzB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAKtE,MAAM,WAAW,qBAAqB;IACpC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,MAAM,CAAC,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;IACpD,KAAK,EAAE,iBAAiB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,iBAAiB,CAAC;CAC5B;AAED,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAiC;IAExE,IAAI,qBAAqB,IAAI,qBAAqB,CAEjD;IAEM,qBAAqB,IAAI,MAAM;gBAInB,OAAO,EAAE,8BAA8B;IAI7C,4BAA4B,CAAC,IAAI,EAAE;QAC9C,UAAU,EAAE,wBAAwB,GAAG,iBAAiB,CAAC;QACzD,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACpC,MAAM,CAAC,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;KACrD,GAAG,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;IAOlC,8BAA8B,CAAC,cAAc,EAAE,wBAAwB,GAAG,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;IA+BrH,uBAAuB,CAAC,IAAI,EAAE;QACzC,UAAU,EAAE,wBAAwB,GAAG,iBAAiB,CAAC;QACzD,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACpC,MAAM,CAAC,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;QACpD,OAAO,EAAE,iBAAiB,CAAC;KAC5B,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAwCrC,OAAO,CAAC,OAAO;IAGf,OAAO,CAAC,aAAa;CAGtB"}

package/dist/CredentialRequestClient.js

@@ -0,0 +1,118 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialRequestClient = void 0;
+const oid4vci_common_1 = require("@sphereon/oid4vci-common");
+const debug_1 = __importDefault(require("debug"));
+const ProofOfPossessionBuilder_1 = require("./ProofOfPossessionBuilder");
+const functions_1 = require("./functions");
+const debug = (0, debug_1.default)('sphereon:oid4vci:credential');
+class CredentialRequestClient {
+    get credentialRequestOpts() {
+        return this._credentialRequestOpts;
+    }
+    getCredentialEndpoint() {
+        return this.credentialRequestOpts.credentialEndpoint;
+    }
+    constructor(builder) {
+        this._credentialRequestOpts = Object.assign({}, builder);
+    }
+    acquireCredentialsUsingProof(opts) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { credentialTypes, proofInput, format } = opts;
+            const request = yield this.createCredentialRequest({ proofInput, credentialTypes, format, version: this.version() });
+            return yield this.acquireCredentialsUsingRequest(request);
+        });
+    }
+    acquireCredentialsUsingRequest(uniformRequest) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let request = uniformRequest;
+            if (!this.isV11OrHigher()) {
+                let format = uniformRequest.format;
+                if (format === 'jwt_vc_json') {
+                    format = 'jwt_vc';
+                }
+                else if (format === 'jwt_vc_json-ld') {
+                    format = 'ldp_vc';
+                }
+                request = {
+                    format,
+                    proof: uniformRequest.proof,
+                    type: 'types' in uniformRequest
+                        ? uniformRequest.types.filter((t) => t !== 'VerifiableCredential')[0]
+                        : uniformRequest.credential_definition.types[0],
+                };
+            }
+            const credentialEndpoint = this.credentialRequestOpts.credentialEndpoint;
+            if (!(0, functions_1.isValidURL)(credentialEndpoint)) {
+                debug(`Invalid credential endpoint: ${credentialEndpoint}`);
+                throw new Error(oid4vci_common_1.URL_NOT_VALID);
+            }
+            debug(`Acquiring credential(s) from: ${credentialEndpoint}`);
+            const requestToken = this.credentialRequestOpts.token;
+            const response = yield (0, functions_1.post)(credentialEndpoint, JSON.stringify(request), { bearerToken: requestToken });
+            debug(`Credential endpoint ${credentialEndpoint} response:\r\n${response}`);
+            return response;
+        });
+    }
+    createCredentialRequest(opts) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { proofInput } = opts;
+            const formatSelection = (_a = opts.format) !== null && _a !== void 0 ? _a : this.credentialRequestOpts.format;
+            let format = formatSelection;
+            if (opts.version < oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11) {
+                if (formatSelection === 'jwt_vc' || formatSelection === 'jwt') {
+                    format = 'jwt_vc_json';
+                }
+                else if (formatSelection === 'ldp_vc' || formatSelection === 'ldp') {
+                    format = 'jwt_vc_json-ld';
+                }
+            }
+            if (!format) {
+                throw Error(`Format of credential to be issued is missing`);
+            }
+            else if (format !== 'jwt_vc_json-ld' && format !== 'jwt_vc_json' && format !== 'ldp_vc') {
+                throw Error(`Invalid format of credential to be issued: ${format}`);
+            }
+            const typesSelection = (opts === null || opts === void 0 ? void 0 : opts.credentialTypes) && (typeof opts.credentialTypes === 'string' || opts.credentialTypes.length > 0)
+                ? opts.credentialTypes
+                : this.credentialRequestOpts.credentialTypes;
+            const types = Array.isArray(typesSelection) ? typesSelection : [typesSelection];
+            if (types.length === 0) {
+                throw Error(`Credential type(s) need to be provided`);
+            }
+            else if (!this.isV11OrHigher() && types.length !== 1) {
+                throw Error('Only a single credential type is supported for V8/V9');
+            }
+            const proof = 'proof_type' in proofInput
+                ? yield ProofOfPossessionBuilder_1.ProofOfPossessionBuilder.fromProof(proofInput, opts.version).build()
+                : yield proofInput.build();
+            return {
+                types,
+                format,
+                proof,
+            };
+        });
+    }
+    version() {
+        var _a, _b;
+        return (_b = (_a = this.credentialRequestOpts) === null || _a === void 0 ? void 0 : _a.version) !== null && _b !== void 0 ? _b : oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11;
+    }
+    isV11OrHigher() {
+        return this.version() >= oid4vci_common_1.OpenId4VCIVersion.VER_1_0_11;
+    }
+}
+exports.CredentialRequestClient = CredentialRequestClient;
+//# sourceMappingURL=CredentialRequestClient.js.map

package/dist/CredentialRequestClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialRequestClient.js","sourceRoot":"","sources":["../lib/CredentialRequestClient.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DASkC;AAElC,kDAA0B;AAG1B,yEAAsE;AACtE,2CAA+C;AAE/C,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC;AAWnD,MAAa,uBAAuB;IAGlC,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,sBAA+C,CAAC;IAC9D,CAAC;IAEM,qBAAqB;QAC1B,OAAO,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAED,YAAmB,OAAuC;QACxD,IAAI,CAAC,sBAAsB,qBAAQ,OAAO,CAAE,CAAC;IAC/C,CAAC;IAEY,4BAA4B,CAAC,IAIzC;;YACC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;YAErD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACrH,OAAO,MAAM,IAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEY,8BAA8B,CAAC,cAAwC;;YAClF,IAAI,OAAO,GAAwD,cAAc,CAAC;YAClF,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE;gBACzB,IAAI,MAAM,GAAW,cAAc,CAAC,MAAM,CAAC;gBAC3C,IAAI,MAAM,KAAK,aAAa,EAAE;oBAC5B,MAAM,GAAG,QAAQ,CAAC;iBACnB;qBAAM,IAAI,MAAM,KAAK,gBAAgB,EAAE;oBACtC,MAAM,GAAG,QAAQ,CAAC;iBACnB;gBAED,OAAO,GAAG;oBACR,MAAM;oBACN,KAAK,EAAE,cAAc,CAAC,KAAK;oBAC3B,IAAI,EACF,OAAO,IAAI,cAAc;wBACvB,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,sBAAsB,CAAC,CAAC,CAAC,CAAC;wBACrE,CAAC,CAAC,cAAc,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;iBACxB,CAAC;aAC/B;YACD,MAAM,kBAAkB,GAAW,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC;YACjF,IAAI,CAAC,IAAA,sBAAU,EAAC,kBAAkB,CAAC,EAAE;gBACnC,KAAK,CAAC,gCAAgC,kBAAkB,EAAE,CAAC,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,8BAAa,CAAC,CAAC;aAChC;YACD,KAAK,CAAC,iCAAiC,kBAAkB,EAAE,CAAC,CAAC;YAC7D,MAAM,YAAY,GAAW,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;YAC9D,MAAM,QAAQ,GAAuC,MAAM,IAAA,gBAAI,EAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;YAC5I,KAAK,CAAC,uBAAuB,kBAAkB,iBAAiB,QAAQ,EAAE,CAAC,CAAC;YAC5E,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAEY,uBAAuB,CAAC,IAKpC;;;YACC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;YAC5B,MAAM,eAAe,GAAG,MAAA,IAAI,CAAC,MAAM,mCAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;YAEzE,IAAI,MAAM,GAA4B,eAA0C,CAAC;YACjF,IAAI,IAAI,CAAC,OAAO,GAAG,kCAAiB,CAAC,UAAU,EAAE;gBAC/C,IAAI,eAAe,KAAK,QAAQ,IAAI,eAAe,KAAK,KAAK,EAAE;oBAC7D,MAAM,GAAG,aAAa,CAAC;iBACxB;qBAAM,IAAI,eAAe,KAAK,QAAQ,IAAI,eAAe,KAAK,KAAK,EAAE;oBACpE,MAAM,GAAG,gBAAgB,CAAC;iBAC3B;aACF;YAED,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,KAAK,CAAC,8CAA8C,CAAC,CAAC;aAC7D;iBAAM,IAAI,MAAM,KAAK,gBAAgB,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,KAAK,QAAQ,EAAE;gBACzF,MAAM,KAAK,CAAC,8CAA8C,MAAM,EAAE,CAAC,CAAC;aACrE;YACD,MAAM,cAAc,GAClB,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,KAAI,CAAC,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;gBACpG,CAAC,CAAC,IAAI,CAAC,eAAe;gBACtB,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC;YACjD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YAChF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;gBACtB,MAAM,KAAK,CAAC,wCAAwC,CAAC,CAAC;aACvD;iBAAM,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;gBACtD,MAAM,KAAK,CAAC,sDAAsD,CAAC,CAAC;aACrE;YAED,MAAM,KAAK,GACT,YAAY,IAAI,UAAU;gBACxB,CAAC,CAAC,MAAM,mDAAwB,CAAC,SAAS,CAAC,UAA+B,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE;gBACjG,CAAC,CAAC,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK;gBACL,MAAM;gBACN,KAAK;aACsB,CAAC;;KAC/B;IAEO,OAAO;;QACb,OAAO,MAAA,MAAA,IAAI,CAAC,qBAAqB,0CAAE,OAAO,mCAAI,kCAAiB,CAAC,UAAU,CAAC;IAC7E,CAAC;IACO,aAAa;QACnB,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,kCAAiB,CAAC,UAAU,CAAC;IACxD,CAAC;CACF;AA5GD,0DA4GC"}