@sphereon/oid4vci-client 0.8.2-next.6 → 0.8.2-next.88

package/lib/ProofOfPossessionBuilder.ts

@@ -2,6 +2,7 @@ import {
   AccessTokenResponse,
   Alg,
   EndpointMetadata,
+  JWK,
   Jwt,
   NO_JWT_PROVIDED,
   OpenId4VCIVersion,
@@ -19,6 +20,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
   private readonly version: OpenId4VCIVersion;
 
   private kid?: string;
+  private jwk?: JWK;
   private clientId?: string;
   private issuer?: string;
   private jwt?: Jwt;
@@ -91,6 +93,11 @@ export class ProofOfPossessionBuilder<DIDDoc> {
     return this;
   }
 
+  withJWK(jwk: JWK): this {
+    this.jwk = jwk;
+    return this;
+  }
+
   withIssuer(issuer: string): this {
     this.issuer = issuer;
     return this;
@@ -182,6 +189,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
         {
           typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 ? 'jwt' : 'openid4vci-proof+jwt'),
           kid: this.kid,
+          jwk: this.jwk,
           jti: this.jti,
           alg: this.alg,
           issuer: this.issuer,

package/lib/__tests__/AccessTokenClient.spec.ts

@@ -1,4 +1,6 @@
 import { AccessTokenRequest, AccessTokenResponse, GrantTypes, OpenIDResponse, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
 import nock from 'nock';
 
 import { AccessTokenClient } from '../AccessTokenClient';

package/lib/__tests__/CredentialRequestClient.spec.ts

@@ -3,6 +3,7 @@ import { KeyObject } from 'crypto';
 import {
   Alg,
   EndpointMetadata,
+  getCredentialRequestForVersion,
   getIssuerFromCredentialOfferPayload,
   Jwt,
   OpenId4VCIVersion,
@@ -127,7 +128,7 @@ describe('Credential Request Client ', () => {
       version: OpenId4VCIVersion.VER_1_0_08,
     });
     expect(credentialRequest.proof?.jwt?.includes(partialJWT)).toBeTruthy();
-    expect(credentialRequest.format).toEqual('jwt_vc_json');
+    expect(credentialRequest.format).toEqual('jwt_vc');
     const result = await credReqClient.acquireCredentialsUsingRequest(credentialRequest);
     expect(result?.successBody?.credential).toEqual(mockedVC);
   });
@@ -149,15 +150,20 @@ describe('Credential Request Client ', () => {
       .withKid(kid)
       .withClientId('sphereon:wallet')
       .build();
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    await expect(credReqClient.acquireCredentialsUsingRequest({ format: 'jwt_vc_json-ld', types: ['random'], proof })).rejects.toThrow(
+    await expect(credReqClient.acquireCredentialsUsingRequest({ format: 'jwt_vc_json', types: ['random'], proof })).rejects.toThrow(
       Error(URL_NOT_VALID),
     );
   });
 });
 
 describe('Credential Request Client with Walt.id ', () => {
+  beforeEach(() => {
+    nock.cleanAll();
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
   it('should have correct metadata endpoints', async function () {
     nock.cleanAll();
     const WALT_IRR_URI =
@@ -178,6 +184,13 @@ describe('Credential Request Client with Walt.id ', () => {
 });
 
 describe('Credential Request Client with different issuers ', () => {
+  beforeEach(() => {
+    nock.cleanAll();
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
   it('should create correct CredentialRequest for Spruce', async () => {
     const IRR_URI =
       'openid-initiate-issuance://?issuer=https%3A%2F%2Fngi%2Doidc4vci%2Dtest%2Espruceid%2Exyz&credential_type=OpenBadgeCredential&pre-authorized_code=eyJhbGciOiJFUzI1NiJ9.eyJjcmVkZW50aWFsX3R5cGUiOlsiT3BlbkJhZGdlQ3JlZGVudGlhbCJdLCJleHAiOiIyMDIzLTA0LTIwVDA5OjA0OjM2WiIsIm5vbmNlIjoibWFibmVpT0VSZVB3V3BuRFFweEt3UnRsVVRFRlhGUEwifQ.qOZRPN8sTv_knhp7WaWte2-aDULaPZX--2i9unF6QDQNUllqDhvxgIHMDCYHCV8O2_Gj-T2x1J84fDMajE3asg&user_pin_required=false';
@@ -194,13 +207,15 @@ describe('Credential Request Client with different issuers ', () => {
           jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
         },
         credentialTypes: ['OpenBadgeCredential'],
-        format: 'jwt_vc_json-ld',
+        format: 'jwt_vc',
         version: OpenId4VCIVersion.VER_1_0_08,
       });
-    expect(credentialRequest).toEqual(getMockData('spruce')?.credential.request);
+    const draft8CredentialRequest = getCredentialRequestForVersion(credentialRequest, OpenId4VCIVersion.VER_1_0_08);
+    expect(draft8CredentialRequest).toEqual(getMockData('spruce')?.credential.request);
   });
 
   it('should create correct CredentialRequest for Walt', async () => {
+    nock.cleanAll();
     const IRR_URI =
       'openid-initiate-issuance://?issuer=https%3A%2F%2Fjff.walt.id%2Fissuer-api%2Fdefault%2Foidc%2F&credential_type=OpenBadgeCredential&pre-authorized_code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwMTc4OTNjYy04ZTY3LTQxNzItYWZlOS1lODcyYmYxNDBlNWMiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.ODfq2AIhOcB61dAb3zMrXBJjPJaf53zkeHh_AssYyYA&user_pin_required=false';
     const credentialOffer = await (
@@ -264,7 +279,8 @@ describe('Credential Request Client with different issuers ', () => {
         format: 'ldp_vc',
         version: OpenId4VCIVersion.VER_1_0_08,
       });
-    expect(credentialOffer).toEqual(getMockData('mattr')?.credential.request);
+    const credentialRequest = getCredentialRequestForVersion(credentialOffer, OpenId4VCIVersion.VER_1_0_08);
+    expect(credentialRequest).toEqual(getMockData('mattr')?.credential.request);
   });
 
   it('should create correct CredentialRequest for diwala', async () => {
@@ -286,6 +302,10 @@ describe('Credential Request Client with different issuers ', () => {
         format: 'ldp_vc',
         version: OpenId4VCIVersion.VER_1_0_08,
       });
-    expect(credentialOffer).toEqual(getMockData('diwala')?.credential.request);
+
+    // createCredentialRequest returns uniform format in draft 11
+    const credentialRequest = getCredentialRequestForVersion(credentialOffer, OpenId4VCIVersion.VER_1_0_08);
+
+    expect(credentialRequest).toEqual(getMockData('diwala')?.credential.request);
   });
 });

package/lib/__tests__/EBSIE2E.spec.test.ts

@@ -0,0 +1,145 @@
+import { Alg, Jwt } from '@sphereon/oid4vci-common';
+import { toJwk } from '@sphereon/ssi-sdk-ext.key-utils';
+import { CredentialMapper } from '@sphereon/ssi-types';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+//@ts-ignore
+import { from } from '@trust/keyto';
+import { fetch } from 'cross-fetch';
+import debug from 'debug';
+import { base64url, importJWK, JWK, SignJWT } from 'jose';
+import * as u8a from 'uint8arrays';
+
+import { OpenID4VCIClient } from '..';
+
+export const UNIT_TEST_TIMEOUT = 30000;
+
+const ISSUER_URL = 'https://conformance-test.ebsi.eu/conformance/v3/issuer-mock';
+const AUTH_URL = 'https://conformance-test.ebsi.eu/conformance/v3/auth-mock';
+
+const jwk: JWK = {
+  alg: 'ES256',
+  use: 'sig',
+  kty: 'EC',
+  crv: 'P-256',
+  x: 'hUWYK06qFvdudydiqnEhVJhZ-73jcLtuzH8kIyNOSHE',
+  y: 'UZf7oUkJdo65SQekMD5ssiRclEimG2SmlsjXf3QwQJo',
+  d: 'zDeeo3K0Pk8dofeKcajvJYxMZ1vijx_cVDJQl1IpbAM',
+};
+
+console.log(`JWK (private/orig): ${JSON.stringify(jwk, null, 2)}`);
+
+const privateKey = from(jwk, 'jwk').toString('blk', 'private');
+const publicKey = from(jwk, 'jwk').toString('blk', 'public');
+console.log(`Private key: ${privateKey}`);
+console.log(`Public key: ${publicKey}`);
+console.log(`Private key (b64): ${base64url.encode(u8a.fromString(privateKey, 'base16'))}`);
+console.log(`JWK (private 2) ${JSON.stringify(toJwk(privateKey, 'Secp256r1', { isPrivateKey: true }))}`);
+console.log(`JWK (public  2) ${JSON.stringify(toJwk(publicKey, 'Secp256r1', { isPrivateKey: false }))}`);
+
+// const DID_METHOD = 'did:key'
+const DID =
+  'did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE';
+const DID_URL_ENCODED =
+  'did%3Akey%3Az2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE';
+// const PRIVATE_KEY_HEX = '7dd923e40f4615ac496119f7e793cc2899e99b64b88ca8603db986700089532b'
+
+// const PUBLIC_KEY_HEX =
+//   '04a23cb4c83901acc2eb0f852599610de0caeac260bf8ed05e7f902eaac0f9c8d74dd4841b94d13424d32af8ec0e9976db9abfa7e3a59e10d565c5d4d901b4be63'
+
+// pub  hex: 35e03477cb29f3ac518770dccd4e26e703cd21b9741c24b038170c377b0d99d9
+// priv hex: 913466d1a38d1d8c0d3c0fb0fc3b633075085a31372bbd2a8022215a88d9d1e5
+// const did = `did:key:z6Mki5ZwZKN1dBQprfJTikUvkDxrHijiiQngkWviMF5gw2Hv`;
+const kid = `${DID}#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbrm54tL4pRrDDhR1QJ5RHPMXUq5MzYpZL2k35vya5eMiNxschNy9AJ74CC3MmcYiZJGZfyhWQ6qDgTVcDSHdquwPYvLDut383JbrgYdZYYSC2merTMgmQtUi3huYhaky1qE`;
+
+// const jw = jose.importKey()
+
+// EBSI returning a 500 in credential endpoint all of a sudden
+describe.skip('OID4VCI-Client using Sphereon issuer should', () => {
+  async function test(credentialType: 'CTWalletCrossPreAuthorisedInTime' | 'CTWalletCrossPreAuthorisedDeferred' | 'CTWalletCrossAuthorisedInTime') {
+    debug.enable('*');
+    const offer = await getCredentialOffer(credentialType);
+    const client = await OpenID4VCIClient.fromURI({
+      uri: offer,
+      kid,
+      alg: Alg.ES256,
+      clientId: DID_URL_ENCODED,
+    });
+    expect(client.credentialOffer).toBeDefined();
+    expect(client.endpointMetadata).toBeDefined();
+    expect(client.getCredentialEndpoint()).toEqual(`${ISSUER_URL}/credential`);
+    expect(client.getAccessTokenEndpoint()).toEqual(`${AUTH_URL}/token`);
+
+    if (credentialType !== 'CTWalletCrossPreAuthorisedInTime') {
+      const url = await client.createAuthorizationRequestUrl({
+        authorizationRequest: {
+          redirectUri: 'openid4vc%3A',
+        },
+      });
+      const result = await fetch(url);
+      console.log(result.text());
+    }
+
+    const accessToken = await client.acquireAccessToken({ pin: '0891' });
+    // console.log(accessToken);
+    expect(accessToken).toMatchObject({
+      expires_in: 86400,
+      // scope: 'GuestCredential',
+      token_type: 'Bearer',
+    });
+
+    const format = 'jwt_vc';
+    const credentialResponse = await client.acquireCredentials({
+      credentialTypes: client.getCredentialOfferTypes()[0],
+      format,
+      proofCallbacks: {
+        signCallback: proofOfPossessionCallbackFunction,
+      },
+      kid,
+      deferredCredentialAwait: true,
+      deferredCredentialIntervalInMS: 5000,
+    });
+    console.log(JSON.stringify(credentialResponse, null, 2));
+    expect(credentialResponse.credential).toBeDefined();
+    const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credentialResponse.credential!);
+    expect(format.startsWith(wrappedVC.format)).toEqual(true);
+  }
+
+  // Current conformance tests is not stable as changes are being applied it seems
+
+  it(
+    'succeed in a full flow with the client using OpenID4VCI version 11 and jwt_vc_json',
+    async () => {
+      await test('CTWalletCrossPreAuthorisedInTime');
+      await test('CTWalletCrossPreAuthorisedDeferred');
+      // await test('CTWalletCrossAuthorisedInTime');
+    },
+    UNIT_TEST_TIMEOUT,
+  );
+});
+
+async function getCredentialOffer(
+  credentialType: 'CTWalletCrossPreAuthorisedInTime' | 'CTWalletCrossAuthorisedInTime' | 'CTWalletCrossPreAuthorisedDeferred',
+): Promise<string> {
+  const credentialOffer = await fetch(
+    `https://conformance-test.ebsi.eu/conformance/v3/issuer-mock/initiate-credential-offer?credential_type=${credentialType}&client_id=${DID_URL_ENCODED}&credential_offer_endpoint=openid-credential-offer%3A%2F%2F`,
+    {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+      },
+    },
+  );
+
+  return await credentialOffer.text();
+}
+
+async function proofOfPossessionCallbackFunction(args: Jwt, kid?: string): Promise<string> {
+  const importedJwk = await importJWK(jwk);
+  return await new SignJWT({ ...args.payload })
+    .setProtectedHeader({ ...args.header, kid: kid! })
+    .setIssuer(DID)
+    .setIssuedAt()
+    .setExpirationTime('2m')
+    .sign(importedJwk);
+}

package/lib/__tests__/MetadataClient.spec.ts

@@ -1,4 +1,6 @@
 import { getIssuerFromCredentialOfferPayload, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
 import nock from 'nock';
 
 import { CredentialOfferClient } from '../CredentialOfferClient';
@@ -211,7 +213,8 @@ describe('Metadataclient with Walt-id should', () => {
   });
 });
 
-describe('Metadataclient with SpruceId should', () => {
+// Spruce gives back 404's these days, so test is disabled
+describe.skip('Metadataclient with SpruceId should', () => {
   beforeAll(() => {
     nock.cleanAll();
   });

package/lib/__tests__/OpenID4VCIClient.spec.ts

@@ -17,6 +17,7 @@ describe('OpenID4VCIClient should', () => {
     client = await OpenID4VCIClient.fromURI({
       clientId: 'test-client',
       uri: 'openid-initiate-issuance://?issuer=https://server.example.com&credential_type=TestCredential',
+      createAuthorizationRequestURL: false,
     });
   });
 
@@ -24,15 +25,15 @@ describe('OpenID4VCIClient should', () => {
     nock.cleanAll();
   });
 
-  it('should create successfully construct an authorization request url', async () => {
+  it('should successfully construct an authorization request url', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
-    const url = client.createAuthorizationRequestUrl({
-      codeChallengeMethod: CodeChallengeMethod.SHA256,
-      codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-      scope: 'openid TestCredential',
-      redirectUri: 'http://localhost:8881/cb',
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    const url = await client.createAuthorizationRequestUrl({
+      authorizationRequest: {
+        scope: 'openid TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
     });
 
     const urlSearchParams = new URLSearchParams(url.split('?')[1]);
@@ -41,25 +42,29 @@ describe('OpenID4VCIClient should', () => {
     expect(scope?.[0]).toBe('openid');
   });
   it('throw an error if authorization endpoint is not set in server metadata', async () => {
-    expect(() => {
+    await expect(
       client.createAuthorizationRequestUrl({
-        codeChallengeMethod: CodeChallengeMethod.SHA256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-        scope: 'openid TestCredential',
-        redirectUri: 'http://localhost:8881/cb',
-      });
-    }).toThrow(Error('Server metadata does not contain authorization endpoint'));
+        authorizationRequest: {
+          scope: 'openid TestCredential',
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Server metadata does not contain authorization endpoint'));
   });
   it("injects 'openid' as the first scope if not provided", async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
-    const url = client.createAuthorizationRequestUrl({
-      codeChallengeMethod: CodeChallengeMethod.SHA256,
-      codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-      scope: 'TestCredential',
-      redirectUri: 'http://localhost:8881/cb',
+    const url = await client.createAuthorizationRequestUrl({
+      pkce: {
+        codeChallengeMethod: CodeChallengeMethod.S256,
+        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+      },
+      authorizationRequest: {
+        scope: 'TestCredential',
+        redirectUri: 'http://localhost:8881/cb',
+      },
     });
 
     const urlSearchParams = new URLSearchParams(url.split('?')[1]);
@@ -68,94 +73,130 @@ describe('OpenID4VCIClient should', () => {
     expect(scope?.[0]).toBe('openid');
   });
   it('throw an error if no scope and no authorization_details is provided', async () => {
+    nock(MOCK_URL).get(/.*/).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OAUTH_AS).reply(200, {});
+    nock(MOCK_URL).get(WellKnownEndpoints.OPENID_CONFIGURATION).reply(200, {});
+    // Use a client with issuer only to trigger the error
+    client = await OpenID4VCIClient.fromCredentialIssuer({
+      credentialIssuer: MOCK_URL,
+      createAuthorizationRequestURL: false,
+      retrieveServerMetadata: false,
+    });
+
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._state.endpointMetadata = {
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      credentialIssuerMetadata: {
+        authorization_endpoint: `${MOCK_URL}v1/auth/authorize`,
+        token_endpoint: `${MOCK_URL}/token`,
+      },
+    };
+    // client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
-    expect(() => {
+    await expect(
       client.createAuthorizationRequestUrl({
-        codeChallengeMethod: CodeChallengeMethod.SHA256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-        redirectUri: 'http://localhost:8881/cb',
-      });
-    }).toThrow(Error('Please provide a scope or authorization_details'));
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          redirectUri: 'http://localhost:8881/cb',
+        },
+      }),
+    ).rejects.toThrow(Error('Please provide a scope or authorization_details if no credential offer is present'));
   });
   it('create an authorization request url with authorization_details array property', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
-    expect(
+    await expect(
       client.createAuthorizationRequestUrl({
-        codeChallengeMethod: CodeChallengeMethod.SHA256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-        authorizationDetails: [
-          {
-            type: 'openid_credential',
-            format: 'ldp_vc',
-            credential_definition: {
-              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
-              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: [
+            {
+              type: 'openid_credential',
+              format: 'ldp_vc',
+              credential_definition: {
+                '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+                types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+              },
             },
-          },
-          {
-            type: 'openid_credential',
-            format: 'mso_mdoc',
-            doctype: 'org.iso.18013.5.1.mDL',
-          },
-        ],
-        redirectUri: 'http://localhost:8881/cb',
+            {
+              type: 'openid_credential',
+              // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+              // @ts-ignore
+              format: 'mso_mdoc',
+              doctype: 'org.iso.18013.5.1.mDL',
+            },
+          ],
+          redirectUri: 'http://localhost:8881/cb',
+        },
       }),
-    ).toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%5B%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%2C%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22mso_mdoc%22%2C%22doctype%22%3A%22org%2Eiso%2E18013%2E5%2E1%2EmDL%22%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D%5D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     );
   });
   it('create an authorization request url with authorization_details object property', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._state.endpointMetadata?.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
-    expect(
+    await expect(
       client.createAuthorizationRequestUrl({
-        codeChallengeMethod: CodeChallengeMethod.SHA256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-        authorizationDetails: {
-          type: 'openid_credential',
-          format: 'ldp_vc',
-          credential_definition: {
-            '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
-            types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
           },
+          redirectUri: 'http://localhost:8881/cb',
         },
-        redirectUri: 'http://localhost:8881/cb',
       }),
-    ).toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%2C%22locations%22%3A%5B%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     );
   });
   it('create an authorization request url with authorization_details and scope', async () => {
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    client._endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
+    client._state.endpointMetadata.credentialIssuerMetadata.authorization_endpoint = `${MOCK_URL}v1/auth/authorize`;
 
-    expect(
+    await expect(
       client.createAuthorizationRequestUrl({
-        codeChallengeMethod: CodeChallengeMethod.SHA256,
-        codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
-        authorizationDetails: {
-          type: 'openid_credential',
-          format: 'ldp_vc',
-          locations: ['https://test.com'],
-          credential_definition: {
-            '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
-            types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+        pkce: {
+          codeChallengeMethod: CodeChallengeMethod.S256,
+          codeChallenge: 'mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs',
+        },
+        authorizationRequest: {
+          authorizationDetails: {
+            type: 'openid_credential',
+            format: 'ldp_vc',
+            locations: ['https://test.com'],
+            credential_definition: {
+              '@context': ['https://www.w3.org/2018/credentials/v1', 'https://www.w3.org/2018/credentials/examples/v1'],
+              types: ['VerifiableCredential', 'UniversityDegreeCredential'],
+            },
           },
+          scope: 'openid',
+          redirectUri: 'http://localhost:8881/cb',
         },
-        scope: 'openid',
-        redirectUri: 'http://localhost:8881/cb',
       }),
-    ).toEqual(
-      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22locations%22%3A%5B%22https%3A%2F%2Ftest%2Ecom%22%2C%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&scope=openid&client_id=test-client',
+    ).resolves.toEqual(
+      'https://server.example.com/v1/auth/authorize?response_type=code&code_challenge_method=S256&code_challenge=mE2kPHmIprOqtkaYmESWj35yz-PB5vzdiSu0tAZ8sqs&authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22format%22%3A%22ldp_vc%22%2C%22locations%22%3A%5B%22https%3A%2F%2Ftest%2Ecom%22%2C%22https%3A%2F%2Fserver%2Eexample%2Ecom%22%5D%2C%22credential_definition%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fv1%22%2C%22https%3A%2F%2Fwww%2Ew3%2Eorg%2F2018%2Fcredentials%2Fexamples%2Fv1%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22UniversityDegreeCredential%22%5D%7D%7D&redirect_uri=http%3A%2F%2Flocalhost%3A8881%2Fcb&client_id=test-client&scope=openid',
     );
   });
 });