npm - @sphereon/oid4vci-common - Versions diffs - 0.15.2-unstable.8 → 0.16.1-next.13 - Mend

@sphereon/oid4vci-common 0.15.2-unstable.8 → 0.16.1-next.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/dist/functions/CredentialRequestUtil.d.ts.map +1 -1
package/dist/functions/CredentialRequestUtil.js +3 -0
package/dist/functions/CredentialRequestUtil.js.map +1 -1
package/dist/functions/FormatUtils.js +1 -1
package/dist/functions/FormatUtils.js.map +1 -1
package/dist/functions/HttpUtils.d.ts.map +1 -1
package/dist/functions/HttpUtils.js +2 -1
package/dist/functions/HttpUtils.js.map +1 -1
package/dist/functions/IssuerMetadataUtils.js +1 -1
package/dist/functions/IssuerMetadataUtils.js.map +1 -1
package/dist/functions/ProofUtil.d.ts +4 -2
package/dist/functions/ProofUtil.d.ts.map +1 -1
package/dist/functions/ProofUtil.js +2 -1
package/dist/functions/ProofUtil.js.map +1 -1
package/dist/functions/RandomUtils.js +2 -5
package/dist/functions/RandomUtils.js.map +1 -1
package/dist/functions/TypeConversionUtils.d.ts +4 -4
package/dist/functions/TypeConversionUtils.d.ts.map +1 -1
package/dist/functions/TypeConversionUtils.js +6 -0
package/dist/functions/TypeConversionUtils.js.map +1 -1
package/dist/types/Authorization.types.d.ts +19 -3
package/dist/types/Authorization.types.d.ts.map +1 -1
package/dist/types/Authorization.types.js.map +1 -1
package/dist/types/CredentialIssuance.types.d.ts +3 -37
package/dist/types/CredentialIssuance.types.d.ts.map +1 -1
package/dist/types/CredentialIssuance.types.js.map +1 -1
package/dist/types/Generic.types.d.ts +23 -10
package/dist/types/Generic.types.d.ts.map +1 -1
package/dist/types/Generic.types.js.map +1 -1
package/dist/types/ServerMetadata.d.ts +2 -0
package/dist/types/ServerMetadata.d.ts.map +1 -1
package/dist/types/ServerMetadata.js.map +1 -1
package/dist/types/Token.types.d.ts +2 -1
package/dist/types/Token.types.d.ts.map +1 -1
package/dist/types/Token.types.js +1 -0
package/dist/types/Token.types.js.map +1 -1
package/dist/types/v1_0_09.types.d.ts +2 -2
package/dist/types/v1_0_09.types.d.ts.map +1 -1
package/dist/types/v1_0_11.types.d.ts +2 -2
package/dist/types/v1_0_11.types.d.ts.map +1 -1
package/dist/types/v1_0_13.types.d.ts +11 -6
package/dist/types/v1_0_13.types.d.ts.map +1 -1
package/lib/functions/CredentialRequestUtil.ts +2 -0
package/lib/functions/FormatUtils.ts +1 -1
package/lib/functions/HttpUtils.ts +2 -1
package/lib/functions/IssuerMetadataUtils.ts +1 -1
package/lib/functions/ProofUtil.ts +3 -3
package/lib/functions/RandomUtils.ts +2 -2
package/lib/functions/TypeConversionUtils.ts +23 -5
package/lib/types/Authorization.types.ts +31 -3
package/lib/types/CredentialIssuance.types.ts +3 -41
package/lib/types/Generic.types.ts +35 -13
package/lib/types/ServerMetadata.ts +4 -1
package/lib/types/Token.types.ts +1 -0
package/lib/types/v1_0_09.types.ts +2 -2
package/lib/types/v1_0_11.types.ts +2 -2
package/lib/types/v1_0_13.types.ts +15 -3
package/package.json +9 -6

package/lib/types/Generic.types.ts CHANGED Viewed

@@ -17,7 +17,7 @@ import {
 export type InputCharSet = 'numeric' | 'text';
 export type KeyProofType = 'jwt' | 'cwt' | 'ldp_vp';
-export type PoPMode = 'pop' | 'JWT'; // Proof of posession, or regular JWT
+export type PoPMode = 'pop' | 'JWT'; // Proof of possession, or regular JWT
 /**
  * Important Note: please be aware that these Common interfaces are based on versions v1_0.11 and v1_0.09
@@ -29,7 +29,7 @@ export interface ImageInfo {
   [key: string]: unknown;
 }
-export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc'; // jwt_vc is added for backwards compat /*| 'mso_mdoc'*/; // we do not support mdocs at this point
+export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc'; // jwt_vc is added for backwards compat
 export interface NameAndLocale {
   name?: string; // REQUIRED. String value of a display name for the Credential.
@@ -62,7 +62,7 @@ export interface CredentialSupplierConfig {
 export interface CredentialIssuerMetadataOpts {
   credential_endpoint?: string; // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components.
   batch_credential_endpoint?: string; // OPTIONAL. URL of the Credential Issuer's Batch Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. If omitted, the Credential Issuer does not support the Batch Credential Endpoint.
-  credentials_supported?: CredentialConfigurationSupported[]; // REQUIRED in versions below 13. A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the Section 10.2.3.1.
+  credentials_supported: CredentialsSupportedLegacy[]; // REQUIRED in versions below 13. A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the Section 10.2.3.1.
   credential_issuer: string; // REQUIRED. The Credential Issuer's identifier.
   authorization_server?: string; // OPTIONAL. Identifier of the OAuth 2.0 Authorization Server (as defined in [RFC8414]) the Credential Issuer relies on for authorization. If this element is omitted, the entity providing the Credential Issuer is also acting as the AS, i.e. the Credential Issuer's identifier is used as the OAuth 2.0 Issuer value to obtain the Authorization Server metadata as per [RFC8414].
   token_endpoint?: string;
@@ -116,7 +116,7 @@ export interface CredentialIssuerMetadata extends CredentialIssuerMetadataOpts,
 export interface CredentialSupportedBrief {
   cryptographic_binding_methods_supported?: string[]; // OPTIONAL. Array of case sensitive strings that identify how the Credential is bound to the identifier of the End-User who possesses the Credential
-  credential_signing_alg_values_supported?: string[]; // OPTIONAL. Array of case sensitive strings that identify the cryptographic suites that are supported for the cryptographic_binding_methods_supported
+  cryptographic_suites_supported?: string[]; // OPTIONAL. Array of case sensitive strings that identify the cryptographic suites that are supported for the cryptographic_binding_methods_supported
 }
 export interface ProofType {
@@ -164,12 +164,22 @@ export interface CredentialSupportedSdJwtVc extends CommonCredentialSupported {
   order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
 }
+export interface CredentialSupportedMsoMdoc extends CommonCredentialSupported {
+  format: 'mso_mdoc';
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+  order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
+}
 export type CredentialConfigurationSupported =
   | CredentialConfigurationSupportedV1_0_13
-  | (CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc));
+  | (CommonCredentialSupported &
+      (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc));
 export type CredentialsSupportedLegacy = CommonCredentialSupported &
-  (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc);
+  (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc);
 export interface CommonCredentialOfferFormat {
   format: OID4VCICredentialFormat | string;
@@ -196,8 +206,18 @@ export interface CredentialOfferFormatSdJwtVc extends CommonCredentialOfferForma
   claims?: IssuerCredentialSubject;
 }
-export type CredentialOfferFormat = CommonCredentialOfferFormat &
-  (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc);
+// NOTE: the sd-jwt format is added to oid4vci in a later draft version than currently
+// supported, so there's no defined offer format. However, based on the request structure
+// we support sd-jwt for older drafts of oid4vci as well
+export interface CredentialOfferFormatMsoMdoc extends CommonCredentialOfferFormat {
+  format: 'mso_mdoc';
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+}
+export type CredentialOfferFormatV1_0_11 = CommonCredentialOfferFormat &
+  (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc | CredentialOfferFormatMsoMdoc);
 /**
  * Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on
@@ -218,7 +238,7 @@ export interface JsonLdIssuerCredentialDefinition {
   credentialSubject?: IssuerCredentialSubject;
 }
-export interface ErrorResponse extends Response {
+export interface ErrorResponse {
   error: string;
   error_description?: string;
   error_uri?: string;
@@ -249,6 +269,12 @@ export interface CredentialRequestSdJwtVc extends CommonCredentialRequest {
   claims?: IssuerCredentialSubject;
 }
+export interface CredentialRequestMsoMdoc extends CommonCredentialRequest {
+  format: 'mso_mdoc';
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+}
 export interface CommonCredentialResponse extends ExperimentalSubjectIssuance {
   // format: string;  TODO do we still need this for previous version support?
   credential?: W3CVerifiableCredential;
@@ -398,7 +424,3 @@ export type NotificationResult = {
 export interface NotificationErrorResponse {
   error: NotificationError | string;
 }
-export interface IssuerSessionIdRequestOpts {
-  sessionEndpoint: string
-}

package/lib/types/ServerMetadata.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { SigningAlgo } from '@sphereon/oid4vc-common';
 export interface AuthorizationServerMetadata {
   issuer: string;
   authorization_endpoint?: string;
@@ -27,7 +29,8 @@ export interface AuthorizationServerMetadata {
   // Note that the presence of pushed_authorization_request_endpoint is sufficient for a client to determine that it may use the PAR flow. A request_uri value obtained from the PAR endpoint is usable at the authorization endpoint regardless of other authorization server metadata such as request_uri_parameter_supported or require_request_uri_registration
   require_pushed_authorization_requests?: boolean; // Boolean parameter indicating whether Indicates whether the client is required to use PAR to initiate authorization. If omitted, the default value is false.
   'pre-authorized_grant_anonymous_access_supported': boolean; // OPTIONAL. A JSON Boolean indicating whether the issuer accepts a Token Request with a Pre-Authorized Code but without a client id. The default is false
+  // A JSON array containing a list of the JWS alg values (from the [IANA.JOSE.ALGS] registry) supported by the authorization server for DPoP proof JWTs.
+  dpop_signing_alg_values_supported?: (string | SigningAlgo)[];
   // OIDC values
   frontchannel_logout_supported?: boolean;
   frontchannel_logout_session_supported?: boolean;

package/lib/types/Token.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ export enum TokenErrorResponse {
   invalid_grant = 'invalid_grant',
   invalid_client = 'invalid_client', // this code has been added only in v1_0-11, but I've added this to the common interface. @nklomp is this ok?
   invalid_scope = 'invalid_scope',
+  invalid_dpop_proof = 'invalid_dpop_proof',
 }
 export class TokenError extends Error {

package/lib/types/v1_0_09.types.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { CommonAuthorizationRequest } from './Authorization.types';
-import { CredentialOfferFormat } from './Generic.types';
+import { CredentialOfferFormatV1_0_11 } from './Generic.types';
 export interface CredentialOfferV1_0_09 {
   credential_offer: CredentialOfferPayloadV1_0_09;
@@ -20,7 +20,7 @@ export interface CredentialOfferPayloadV1_0_09 {
    * credentials_supported Credential Issuer metadata parameter.
    * When processing, the Wallet MUST resolve this string value to the respective object.
    */
-  credentials: (CredentialOfferFormat | string)[];
+  credentials: (CredentialOfferFormatV1_0_11 | string)[];
   'pre-authorized_code'?: string; //CONDITIONAL the code representing the issuer's authorization for the Wallet to obtain Credentials of a certain type. This code MUST be short-lived and single-use. MUST be present in a pre-authorized code flow.
   user_pin_required?: boolean | string; //OPTIONAL Boolean value specifying whether the issuer expects presentation of a user PIN along with the Token Request in a pre-authorized code flow. Default is false.
   op_state?: string; //(JWT) OPTIONAL String value created by the Credential Issuer and opaque to the Wallet that is used to bind the subsequent authentication request with the Credential Issuer to a context set up during previous steps

package/lib/types/v1_0_11.types.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import {
   CommonCredentialRequest,
   CredentialDataSupplierInput,
   CredentialIssuerMetadataOpts,
-  CredentialOfferFormat,
+  CredentialOfferFormatV1_0_11,
   CredentialRequestJwtVcJson,
   CredentialRequestJwtVcJsonLdAndLdpVc,
   CredentialRequestSdJwtVc,
@@ -62,7 +62,7 @@ export interface CredentialOfferPayloadV1_0_11 {
    * credentials_supported Credential Issuer metadata parameter.
    * When processing, the Wallet MUST resolve this string value to the respective object.
    */
-  credentials: (CredentialOfferFormat | string)[];
+  credentials: (CredentialOfferFormatV1_0_11 | string)[];
   /**
    * OPTIONAL. A JSON object indicating to the Wallet the Grant Types the Credential Issuer's AS is prepared
    * to process for this credential offer. Every grant is represented by a key and an object.

package/lib/types/v1_0_13.types.ts CHANGED Viewed

@@ -1,10 +1,13 @@
+import { JWK } from '@sphereon/oid4vc-common';
 import { ExperimentalSubjectIssuance } from '../experimental/holder-vci';
-import { JWK, ProofOfPossession } from './CredentialIssuance.types';
+import { ProofOfPossession } from './CredentialIssuance.types';
 import {
   AlgValue,
   CommonCredentialRequest,
   CredentialDataSupplierInput,
+  CredentialRequestMsoMdoc,
   CredentialRequestSdJwtVc,
   CredentialsSupportedDisplay,
   CredentialSupplierConfig,
@@ -30,7 +33,6 @@ export interface IssuerMetadataV1_0_13 {
   notification_endpoint?: string;
   credential_response_encryption?: ResponseEncryption;
   token_endpoint?: string;
-  session_endpoint?: string;
   display?: MetadataDisplay[];
   [x: string]: unknown;
@@ -52,6 +54,7 @@ export type CredentialConfigurationSupportedV1_0_13 = CredentialConfigurationSup
     | CredentialConfigurationSupportedSdJwtVcV1_0_13
     | CredentialConfigurationSupportedJwtVcJsonV1_0_13
     | CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13
+    | CredentialConfigurationSupportedMsoMdocV1_0_13
   );
 // Base type covering credential configurations supported
@@ -74,6 +77,15 @@ export interface CredentialConfigurationSupportedSdJwtVcV1_0_13 extends Credenti
   order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
 }
+export interface CredentialConfigurationSupportedMsoMdocV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
+  format: 'mso_mdoc';
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+  order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
+}
 export interface CredentialConfigurationSupportedJwtVcJsonV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
   format: 'jwt_vc_json' | 'jwt_vc';
   credential_definition: CredentialDefinitionJwtVcJsonV1_0_13;
@@ -102,6 +114,7 @@ export type CredentialRequestV1_0_13 = CredentialRequestV1_0_13Common &
     | CredentialRequestJwtVcJsonV1_0_13
     | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_13
     | CredentialRequestSdJwtVc
+    | CredentialRequestMsoMdoc
     | CredentialRequestV1_0_13CredentialIdentifier
   );
@@ -190,7 +203,6 @@ export interface EndpointMetadataResultV1_0_13 extends EndpointMetadata {
   authorizationServerType: AuthorizationServerType;
   authorizationServerMetadata?: AuthorizationServerMetadata;
   credentialIssuerMetadata?: Partial<AuthorizationServerMetadata> & IssuerMetadataV1_0_13;
-  session_endpoint?: string;
 }
 // For now we extend the opts above. Only difference is that the credential endpoint is optional in the Opts, as it can come from other sources. The value is however required in the eventual Issuer Metadata

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/oid4vci-common",
-  "version": "0.15.2-unstable.8+bdd7117",
+  "version": "0.16.1-next.13+282e7a1",
   "description": "OpenID 4 Verifiable Credential Issuance Common Types",
   "source": "lib/index.ts",
   "main": "dist/index.js",
@@ -10,15 +10,18 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/ssi-types": "0.28.0",
+    "@sphereon/oid4vc-common": "0.16.1-next.13+282e7a1",
+    "@sphereon/ssi-types": "0.29.0",
     "cross-fetch": "^3.1.8",
+    "debug": "^4.3.5",
     "jwt-decode": "^4.0.0",
-    "sha.js": "^2.4.11",
-    "uint8arrays": "3.1.1"
+    "uint8arrays": "3.1.1",
+    "uuid": "^9.0.0"
   },
   "devDependencies": {
+    "@types/debug": "^4.1.12",
     "@types/jest": "^29.5.12",
-    "@types/sha.js": "^2.4.4",
+    "@types/uuid": "^9.0.1",
     "typescript": "5.4.5"
   },
   "engines": {
@@ -49,5 +52,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "bdd711734c65ba2a33b14ee5eacd0a9d619d800e"
+  "gitHead": "282e7a1c6b9becaf12b81302a5c84d34f525ae7a"
 }