npm - @sphereon/oid4vci-common - Versions diffs - 0.18.2 → 0.19.1-feature.SSISDK.13.17 - Mend

@sphereon/oid4vci-common 0.18.2 → 0.19.1-feature.SSISDK.13.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.cjs CHANGED Viewed

@@ -6,6 +6,12 @@ var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -28,6 +34,48 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// ../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.11.29_postcss@8.5.3_tsx@4.19.4_typescript@5.8.3_yaml@2.8.0/node_modules/tsup/assets/cjs_shims.js
+var init_cjs_shims = __esm({
+  "../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.11.29_postcss@8.5.3_tsx@4.19.4_typescript@5.8.3_yaml@2.8.0/node_modules/tsup/assets/cjs_shims.js"() {
+    "use strict";
+  }
+});
+// lib/functions/randomBytes.cjs
+var require_randomBytes = __commonJS({
+  "lib/functions/randomBytes.cjs"(exports, module2) {
+    "use strict";
+    init_cjs_shims();
+    var MAX_BYTES = 65536;
+    var MAX_UINT32 = 4294967295;
+    var _global = typeof globalThis !== "undefined" ? globalThis : global;
+    var crypto = _global.crypto || _global.msCrypto;
+    if (!crypto) {
+      try {
+        crypto = require("crypto");
+      } catch (err) {
+        throw Error("crypto module is not available");
+      }
+    }
+    function randomBytes2(size) {
+      if (size > MAX_UINT32) throw new Error("requested too many random bytes");
+      const bytes = Buffer.allocUnsafe(size);
+      if (size > 0) {
+        if (size > MAX_BYTES) {
+          for (let generated = 0; generated < size; generated += MAX_BYTES) {
+            crypto.getRandomValues(bytes.slice(generated, generated + MAX_BYTES));
+          }
+        } else {
+          crypto.getRandomValues(bytes);
+        }
+      }
+      return Uint8Array.from(bytes);
+    }
+    __name(randomBytes2, "randomBytes");
+    module2.exports = randomBytes2;
+  }
+});
 // lib/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -104,6 +152,7 @@ __export(index_exports, {
   createCodeChallenge: () => createCodeChallenge,
   createProofOfPossession: () => createProofOfPossession,
   credentialIssuerMetadataFieldNames: () => credentialIssuerMetadataFieldNames,
+  credentialIssuerMetadataFieldNamesV1_0_15: () => credentialIssuerMetadataFieldNamesV1_0_15,
   credentialSupportedV8ToV13: () => credentialSupportedV8ToV13,
   credentialsSupportedV8ToV13: () => credentialsSupportedV8ToV13,
   decodeJsonProperties: () => decodeJsonProperties,
@@ -119,6 +168,7 @@ __export(index_exports, {
   generateNonce: () => generateNonce,
   generateRandomString: () => generateRandomString,
   getClientIdFromCredentialOfferPayload: () => getClientIdFromCredentialOfferPayload,
+  getCredentialConfigurationIdsFromOfferV1_0_15: () => getCredentialConfigurationIdsFromOfferV1_0_15,
   getCredentialOfferPayload: () => getCredentialOfferPayload,
   getCredentialRequestForVersion: () => getCredentialRequestForVersion,
   getFormatForVersion: () => getFormatForVersion,
@@ -150,9 +200,10 @@ __export(index_exports, {
   isPreAuthCode: () => isPreAuthCode,
   isValidURL: () => isValidURL,
   isW3cCredentialSupported: () => isW3cCredentialSupported,
+  normalizeOfferInput: () => normalizeOfferInput,
   post: () => post,
-  randomBytes: () => randomBytes,
   resolveCredentialOfferURI: () => resolveCredentialOfferURI,
+  supportedOID4VCICredentialFormat: () => supportedOID4VCICredentialFormat,
   toAuthorizationResponsePayload: () => toAuthorizationResponsePayload,
   toUniformCredentialOfferPayload: () => toUniformCredentialOfferPayload,
   toUniformCredentialOfferRequest: () => toUniformCredentialOfferRequest,
@@ -162,45 +213,35 @@ __export(index_exports, {
   validateJWT: () => validateJWT
 });
 module.exports = __toCommonJS(index_exports);
-var import_ssi_types2 = require("@sphereon/ssi-types");
+init_cjs_shims();
+var import_ssi_types5 = require("@sphereon/ssi-types");
-// lib/functions/randomBytes.cjs
-var MAX_BYTES = 65536;
-var MAX_UINT32 = 4294967295;
-function oldBrowser() {
-  throw new Error("Secure random number generation is not supported by this browser.\nUse Chrome, Firefox or Internet Explorer 11");
-}
-__name(oldBrowser, "oldBrowser");
-var _global = typeof globalThis !== "undefined" ? globalThis : global;
-var crypto = _global.crypto || _global.msCrypto;
-if (!crypto) {
-  try {
-    crypto = require("crypto");
-  } catch (err) {
-    throw Error("crypto module is not available");
-  }
-}
-var randomBytes = /* @__PURE__ */ __name((size) => {
-  if (size > MAX_UINT32) throw new Error("requested too many random bytes");
-  const bytes = Buffer.allocUnsafe(size);
-  if (size > 0) {
-    if (size > MAX_BYTES) {
-      for (let generated = 0; generated < size; generated += MAX_BYTES) {
-        crypto.getRandomValues(bytes.slice(generated, generated + MAX_BYTES));
-      }
-    } else {
-      crypto.getRandomValues(bytes);
-    }
-  }
-  return Uint8Array.from(bytes);
-}, "randomBytes");
-if (crypto && crypto.getRandomValues) {
-  module.exports = randomBytes;
-} else {
-  module.exports = oldBrowser;
-}
+// lib/functions/index.ts
+init_cjs_shims();
+// lib/functions/CredentialRequestUtil.ts
+init_cjs_shims();
+// lib/types/index.ts
+init_cjs_shims();
+// lib/types/OpenIDClient.ts
+init_cjs_shims();
+// lib/types/Authorization.types.ts
+init_cjs_shims();
 // lib/types/Generic.types.ts
+init_cjs_shims();
+var supportedOID4VCICredentialFormat = [
+  "jwt_vc_json",
+  "jwt_vc_json-ld",
+  "ldp_vc",
+  "dc+sd-jwt",
+  "vc+sd-jwt",
+  "jwt_vc",
+  "mso_mdoc"
+];
 var PRE_AUTH_CODE_LITERAL = "pre-authorized_code";
 var PRE_AUTH_GRANT_LITERAL = "urn:ietf:params:oauth:grant-type:pre-authorized_code";
@@ -264,6 +305,7 @@ var AuthzFlowType = /* @__PURE__ */ function(AuthzFlowType2) {
 })(AuthzFlowType || (AuthzFlowType = {}));
 // lib/types/CredentialIssuance.types.ts
+init_cjs_shims();
 var JsonURIMode = /* @__PURE__ */ function(JsonURIMode2) {
   JsonURIMode2[JsonURIMode2["JSON_STRINGIFY"] = 0] = "JSON_STRINGIFY";
   JsonURIMode2[JsonURIMode2["X_FORM_WWW_URLENCODED"] = 1] = "X_FORM_WWW_URLENCODED";
@@ -282,19 +324,25 @@ var Alg = /* @__PURE__ */ function(Alg2) {
   return Alg2;
 }({});
+// lib/types/v1_0_08.types.ts
+init_cjs_shims();
 // lib/types/v1_0_09.types.ts
+init_cjs_shims();
 function isAuthorizationRequestV1_0_09(request) {
   return request && "op_state" in request;
 }
 __name(isAuthorizationRequestV1_0_09, "isAuthorizationRequestV1_0_09");
 // lib/types/v1_0_11.types.ts
+init_cjs_shims();
 function isAuthorizationRequestV1_0_11(request) {
   return request && "issuer_state" in request;
 }
 __name(isAuthorizationRequestV1_0_11, "isAuthorizationRequestV1_0_11");
 // lib/types/v1_0_13.types.ts
+init_cjs_shims();
 var credentialIssuerMetadataFieldNames = [
   // Required fields
   "credential_issuer",
@@ -314,7 +362,28 @@ var credentialIssuerMetadataFieldNames = [
   "signed_metadata"
 ];
+// lib/types/v1_0_15.types.ts
+init_cjs_shims();
+var credentialIssuerMetadataFieldNamesV1_0_15 = [
+  "credential_issuer",
+  "credential_configurations_supported",
+  "credential_endpoint",
+  "nonce_endpoint",
+  "deferred_credential_endpoint",
+  "notification_endpoint",
+  "credential_response_encryption",
+  "batch_credential_issuance",
+  "authorization_servers",
+  "token_endpoint",
+  "display",
+  "credential_supplier_config",
+  "credential_identifiers_supported",
+  "signed_metadata",
+  "authorization_challenge_endpoint"
+];
 // lib/types/ServerMetadata.ts
+init_cjs_shims();
 var authorizationServerMetadataFieldNames = [
   "issuer",
   "authorization_endpoint",
@@ -349,6 +418,7 @@ var WellKnownEndpoints = /* @__PURE__ */ function(WellKnownEndpoints2) {
 }({});
 // lib/types/OpenID4VCIErrors.ts
+init_cjs_shims();
 var BAD_PARAMS = "Wrong parameters provided";
 var URL_NOT_VALID = "Request url is not valid";
 var JWS_NOT_VALID = "JWS is not valid";
@@ -387,12 +457,14 @@ var ACCESS_TOKEN_ISSUER_REQUIRED_ERROR = "access token issuer is required";
 var WRONG_METADATA_FORMAT = "Wrong metadata format";
 // lib/types/OpenID4VCIVersions.types.ts
+init_cjs_shims();
 var OpenId4VCIVersion = /* @__PURE__ */ function(OpenId4VCIVersion2) {
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_08"] = 1008] = "VER_1_0_08";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_09"] = 1009] = "VER_1_0_09";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_11"] = 1011] = "VER_1_0_11";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_12"] = 1012] = "VER_1_0_12";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_13"] = 1013] = "VER_1_0_13";
+  OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_15"] = 1015] = "VER_1_0_15";
   OpenId4VCIVersion2[OpenId4VCIVersion2["VER_UNKNOWN"] = Number.MAX_VALUE] = "VER_UNKNOWN";
   return OpenId4VCIVersion2;
 }({});
@@ -403,6 +475,7 @@ var DefaultURISchemes = /* @__PURE__ */ function(DefaultURISchemes2) {
 }({});
 // lib/types/StateManager.types.ts
+init_cjs_shims();
 var IssueStatus = /* @__PURE__ */ function(IssueStatus2) {
   IssueStatus2["OFFER_CREATED"] = "OFFER_CREATED";
   IssueStatus2["ACCESS_TOKEN_REQUESTED"] = "ACCESS_TOKEN_REQUESTED";
@@ -417,6 +490,7 @@ var IssueStatus = /* @__PURE__ */ function(IssueStatus2) {
 }({});
 // lib/types/Token.types.ts
+init_cjs_shims();
 var TokenErrorResponse = /* @__PURE__ */ function(TokenErrorResponse2) {
   TokenErrorResponse2["invalid_request"] = "invalid_request";
   TokenErrorResponse2["invalid_grant"] = "invalid_grant";
@@ -448,56 +522,15 @@ var TokenError = class _TokenError extends Error {
   }
 };
-// lib/functions/FormatUtils.ts
-function isFormat(formatObject, format) {
-  return formatObject.format === format;
-}
-__name(isFormat, "isFormat");
-function isNotFormat(formatObject, format) {
-  return formatObject.format !== format;
-}
-__name(isNotFormat, "isNotFormat");
-var isUniformFormat = /* @__PURE__ */ __name((format) => {
-  return [
-    "jwt_vc_json",
-    "jwt_vc_json-ld",
-    "ldp_vc",
-    "vc+sd-jwt",
-    "mso_mdoc"
-  ].includes(format);
-}, "isUniformFormat");
-function getUniformFormat(format) {
-  if (isUniformFormat(format)) {
-    return format;
-  }
-  if (format.toLocaleLowerCase() === "jwt_vc" || format.toLocaleLowerCase() === "jwt") {
-    return "jwt_vc";
-  }
-  if (format === "ldp_vc" || format === "ldp") {
-    return "ldp_vc";
-  }
-  throw new Error(`Invalid format: ${format}`);
-}
-__name(getUniformFormat, "getUniformFormat");
-function getFormatForVersion(format, version) {
-  const uniformFormat = isUniformFormat(format) ? format : getUniformFormat(format);
-  if (version === OpenId4VCIVersion.VER_1_0_08) {
-    if (uniformFormat === "jwt_vc_json") {
-      return "jwt_vc";
-    } else if (uniformFormat === "ldp_vc" || uniformFormat === "jwt_vc_json-ld") {
-      return "ldp_vc";
-    }
-  }
-  return uniformFormat;
-}
-__name(getFormatForVersion, "getFormatForVersion");
+// lib/types/QRCode.types.ts
+init_cjs_shims();
 // lib/functions/CredentialRequestUtil.ts
-function getTypesFromRequest(credentialRequest, opts) {
+function getTypesFromRequest(credentialRequest, format, opts) {
   let types = [];
   if ("credential_identifier" in credentialRequest && credentialRequest.credential_identifier) {
     throw Error(`Cannot get types from request when it contains a credential_identifier`);
-  } else if (credentialRequest.format === "jwt_vc_json-ld" || credentialRequest.format === "ldp_vc" || credentialRequest.format === "jwt_vc" || credentialRequest.format === "jwt_vc_json") {
+  } else if (format === "jwt_vc_json-ld" || format === "ldp_vc" || format === "jwt_vc" || format === "jwt_vc_json") {
     if ("credential_definition" in credentialRequest && credentialRequest.credential_definition) {
       types = "types" in credentialRequest.credential_definition ? credentialRequest.credential_definition.types : credentialRequest.credential_definition.type;
     }
@@ -507,11 +540,11 @@ function getTypesFromRequest(credentialRequest, opts) {
     if ("types" in credentialRequest && Array.isArray(credentialRequest.types)) {
       types = credentialRequest.types;
     }
-  } else if (credentialRequest.format === "vc+sd-jwt" && "vct" in credentialRequest) {
+  } else if (format === "vc+sd-jwt" && "vct" in credentialRequest) {
     types = [
       credentialRequest.vct
     ];
-  } else if (credentialRequest.format === "mso_mdoc" && "doctype" in credentialRequest) {
+  } else if (format === "mso_mdoc" && "doctype" in credentialRequest) {
     types = [
       credentialRequest.doctype
     ];
@@ -525,17 +558,16 @@ function getTypesFromRequest(credentialRequest, opts) {
   return types;
 }
 __name(getTypesFromRequest, "getTypesFromRequest");
-function getCredentialRequestForVersion(credentialRequest, version) {
+function getCredentialRequestForVersion(credentialRequest, format, version) {
   if (version === OpenId4VCIVersion.VER_1_0_08) {
-    const draft8Format = getFormatForVersion(credentialRequest.format, version);
-    const types = getTypesFromRequest(credentialRequest, {
+    const types = getTypesFromRequest(credentialRequest, format, {
       filterVerifiableCredential: true
     });
     if (credentialRequest.credential_subject_issuance) {
       throw Error("Experimental subject issuance is not supported for older versions of the spec");
     }
     return {
-      format: draft8Format,
+      format,
       proof: credentialRequest.proof,
       type: types[0]
     };
@@ -544,10 +576,14 @@ function getCredentialRequestForVersion(credentialRequest, version) {
 }
 __name(getCredentialRequestForVersion, "getCredentialRequestForVersion");
+// lib/functions/CredentialResponseUtil.ts
+init_cjs_shims();
 // lib/functions/HttpUtils.ts
+init_cjs_shims();
+var import_ssi_types = require("@sphereon/ssi-types");
 var import_cross_fetch = require("cross-fetch");
-var import_debug = __toESM(require("debug"), 1);
-var debug = (0, import_debug.default)("sphereon:openid4vci:http");
+var logger = import_ssi_types.Loggers.DEFAULT.get("sphereon:openid4vci:http");
 var getJson = /* @__PURE__ */ __name(async (URL1, opts) => {
   return await openIdFetch(URL1, void 0, {
     method: "GET",
@@ -592,25 +628,25 @@ var openIdFetch = /* @__PURE__ */ __name(async (url, body, opts) => {
     headers,
     body
   };
-  debug(`START fetching url: ${url}`);
+  logger.debug(`START fetching url: ${url}`);
   if (body) {
-    debug(`Body:\r
+    logger.debug(`Body:\r
 ${typeof body == "string" ? body : JSON.stringify(body)}`);
   }
-  debug(`Headers:\r
+  logger.debug(`Headers:\r
 ${JSON.stringify(payload.headers)}`);
   const origResponse = await (0, import_cross_fetch.fetch)(url, payload);
   const isJSONResponse = accept === "application/json" || origResponse.headers.get("Content-Type") === "application/json";
   const success = origResponse && origResponse.status >= 200 && origResponse.status < 400;
   const responseText = await origResponse.text();
   const responseBody = isJSONResponse && responseText.includes("{") ? JSON.parse(responseText) : responseText;
-  debug(`${success ? "success" : "error"} status: ${origResponse.status}, body:\r
+  logger.debug(`${success ? "success" : "error"} status: ${origResponse.status}, body:\r
 ${JSON.stringify(responseBody)}`);
   if (!success && opts?.exceptionOnHttpErrorStatus) {
     const error = JSON.stringify(responseBody);
     throw new Error(error === "{}" ? '{"error": "not found"}' : error);
   }
-  debug(`END fetching url: ${url}`);
+  logger.debug(`END fetching url: ${url}`);
   return {
     origResponse,
     successBody: success ? responseBody : void 0,
@@ -741,9 +777,11 @@ async function acquireDeferredCredentialImpl({ bearerToken, transactionId, defer
 __name(acquireDeferredCredentialImpl, "acquireDeferredCredentialImpl");
 // lib/functions/CredentialOfferUtil.ts
-var import_debug2 = __toESM(require("debug"), 1);
+init_cjs_shims();
+var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_jwt_decode = require("jwt-decode");
-var debug2 = (0, import_debug2.default)("sphereon:oid4vci:offer");
+var import_oid4vc_common = require("@sphereon/oid4vc-common");
+var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:offer");
 function determineSpecVersionFromURI(uri) {
   let version = determineSpecVersionFromScheme(uri, OpenId4VCIVersion.VER_UNKNOWN) ?? OpenId4VCIVersion.VER_UNKNOWN;
   version = getVersionFromURIParam(uri, version, [
@@ -762,42 +800,102 @@ function determineSpecVersionFromURI(uri) {
     OpenId4VCIVersion.VER_1_0_11
   ], "grants.user_pin_required");
   version = getVersionFromURIParam(uri, version, [
-    OpenId4VCIVersion.VER_1_0_13
+    OpenId4VCIVersion.VER_1_0_13,
+    OpenId4VCIVersion.VER_1_0_15
   ], "credential_configuration_ids");
   version = getVersionFromURIParam(uri, version, [
-    OpenId4VCIVersion.VER_1_0_13
+    OpenId4VCIVersion.VER_1_0_13,
+    OpenId4VCIVersion.VER_1_0_15
   ], "tx_code");
+  version = getVersionFromURIParam(uri, version, [
+    OpenId4VCIVersion.VER_1_0_15
+  ], "credential_offer_uri ");
   if (version === OpenId4VCIVersion.VER_UNKNOWN) {
-    version = OpenId4VCIVersion.VER_1_0_13;
+    version = OpenId4VCIVersion.VER_1_0_15;
   }
   return version;
 }
 __name(determineSpecVersionFromURI, "determineSpecVersionFromURI");
 function determineSpecVersionFromScheme(credentialOfferURI, openId4VCIVersion) {
   const scheme = getScheme(credentialOfferURI);
-  if (credentialOfferURI.includes(DefaultURISchemes.INITIATE_ISSUANCE)) {
+  const url = toUrlWithDummyBase(credentialOfferURI);
+  const qp = url.searchParams;
+  if (scheme === DefaultURISchemes.INITIATE_ISSUANCE) {
+    if (qp.has("credential_offer") || qp.has("credential_offer_uri")) {
+      return recordVersion(openId4VCIVersion, [
+        OpenId4VCIVersion.VER_1_0_15
+      ], scheme);
+    }
+    if (qp.has("credential_type") || qp.has("issuer")) {
+      return recordVersion(openId4VCIVersion, [
+        OpenId4VCIVersion.VER_1_0_08
+      ], scheme);
+    }
     return recordVersion(openId4VCIVersion, [
-      OpenId4VCIVersion.VER_1_0_08
+      OpenId4VCIVersion.VER_UNKNOWN
     ], scheme);
   }
-  if (credentialOfferURI.includes("credential_offer_uri")) {
-    return void 0;
-  } else if (credentialOfferURI.includes(DefaultURISchemes.CREDENTIAL_OFFER)) {
-    if (credentialOfferURI.includes("credentials:") || credentialOfferURI.includes("credentials%22")) {
+  if (scheme === DefaultURISchemes.CREDENTIAL_OFFER) {
+    if (qp.has("credential_offer_uri")) {
       return recordVersion(openId4VCIVersion, [
-        OpenId4VCIVersion.VER_1_0_11
+        OpenId4VCIVersion.VER_1_0_15
       ], scheme);
     }
-    return recordVersion(openId4VCIVersion, [
-      OpenId4VCIVersion.VER_1_0_13
-    ], scheme);
-  } else {
+    const rawParam = getParamValueLoose(qp, "credential_offer");
+    if (rawParam) {
+      const decoded = tryDecodeOffer(rawParam);
+      const version = sniffOfferVersion(decoded);
+      if (version !== OpenId4VCIVersion.VER_UNKNOWN) {
+        return recordVersion(openId4VCIVersion, [
+          version
+        ], scheme);
+      }
+    }
     return recordVersion(openId4VCIVersion, [
       OpenId4VCIVersion.VER_UNKNOWN
     ], scheme);
   }
+  return recordVersion(openId4VCIVersion, [
+    OpenId4VCIVersion.VER_UNKNOWN
+  ], scheme);
 }
 __name(determineSpecVersionFromScheme, "determineSpecVersionFromScheme");
+function toUrlWithDummyBase(uri) {
+  const normalized = uri.replace(/^openid-[^?]+:\/\//, "https://dummy/?");
+  return new URL(normalized);
+}
+__name(toUrlWithDummyBase, "toUrlWithDummyBase");
+function getParamValueLoose(qp, key) {
+  if (qp.has(key)) return qp.get(key);
+  if (qp.has(`?${key}`)) return qp.get(`?${key}`);
+  return null;
+}
+__name(getParamValueLoose, "getParamValueLoose");
+function tryDecodeOffer(input) {
+  let candidate = input;
+  try {
+    candidate = decodeURIComponent(candidate);
+  } catch {
+  }
+  if (!/[{}]/.test(candidate) && /^[A-Za-z0-9\-_]+$/.test(candidate)) {
+    try {
+      const b64 = candidate.replace(/-/g, "+").replace(/_/g, "/").padEnd(Math.ceil(candidate.length / 4) * 4, "=");
+      candidate = atob(b64);
+    } catch {
+    }
+  }
+  return candidate;
+}
+__name(tryDecodeOffer, "tryDecodeOffer");
+function sniffOfferVersion(jsonLike) {
+  if (!jsonLike) return OpenId4VCIVersion.VER_UNKNOWN;
+  const has = /* @__PURE__ */ __name((k) => new RegExp(`"${k}"\\s*:`, "i").test(jsonLike), "has");
+  if (has("credentials")) return OpenId4VCIVersion.VER_1_0_11;
+  if (has("credential_configuration_id")) return OpenId4VCIVersion.VER_1_0_13;
+  if (has("credential_configuration_ids")) return OpenId4VCIVersion.VER_1_0_15;
+  return OpenId4VCIVersion.VER_UNKNOWN;
+}
+__name(sniffOfferVersion, "sniffOfferVersion");
 function getScheme(credentialOfferURI) {
   if (!credentialOfferURI || !credentialOfferURI.includes("://")) {
     throw Error("Invalid credential offer URI");
@@ -853,7 +951,9 @@ var getStateFromCredentialOfferPayload = /* @__PURE__ */ __name((credentialOffer
   return;
 }, "getStateFromCredentialOfferPayload");
 function determineSpecVersionFromOffer(offer) {
-  if (isCredentialOfferV1_0_13(offer)) {
+  if (isCredentialOfferV1_0_15(offer)) {
+    return OpenId4VCIVersion.VER_1_0_15;
+  } else if (isCredentialOfferV1_0_13(offer)) {
     return OpenId4VCIVersion.VER_1_0_13;
   } else if (isCredentialOfferV1_0_11(offer)) {
     return OpenId4VCIVersion.VER_1_0_11;
@@ -871,10 +971,10 @@ function isCredentialOfferVersion(offer, min, max) {
   }
   const version = determineSpecVersionFromOffer(offer);
   if (version.valueOf() < min.valueOf()) {
-    debug2(`Credential offer version (${version.valueOf()}) is lower than minimum required version (${min.valueOf()})`);
+    logger2.debug(`Credential offer version (${version.valueOf()}) is lower than minimum required version (${min.valueOf()})`);
     return false;
   } else if (max && version.valueOf() > max.valueOf()) {
-    debug2(`Credential offer version (${version.valueOf()}) is higher than maximum required version (${max.valueOf()})`);
+    logger2.debug(`Credential offer version (${version.valueOf()}) is higher than maximum required version (${max.valueOf()})`);
     return false;
   }
   return true;
@@ -934,6 +1034,20 @@ function isCredentialOfferV1_0_13(offer) {
   return "credential_offer_uri" in offer;
 }
 __name(isCredentialOfferV1_0_13, "isCredentialOfferV1_0_13");
+function isCredentialOfferV1_0_15(offer) {
+  if (!offer) {
+    return false;
+  }
+  offer = normalizeOfferInput(offer);
+  if ("credential_issuer" in offer && "credential_configuration_ids" in offer) {
+    return Array.isArray(offer.credential_configuration_ids);
+  }
+  if ("credential_offer" in offer && offer["credential_offer"]) {
+    return isCredentialOfferV1_0_15(offer["credential_offer"]);
+  }
+  return "credential_offer_uri" in offer;
+}
+__name(isCredentialOfferV1_0_15, "isCredentialOfferV1_0_15");
 async function toUniformCredentialOfferRequest(offer, opts) {
   let version = opts?.version ?? determineSpecVersionFromOffer(offer);
   let originalCredentialOffer = offer.credential_offer;
@@ -969,6 +1083,7 @@ async function toUniformCredentialOfferRequest(offer, opts) {
 }
 __name(toUniformCredentialOfferRequest, "toUniformCredentialOfferRequest");
 function isPreAuthCode(request) {
+  request = normalizeOfferInput(request);
   const payload = "credential_offer" in request ? request.credential_offer : request;
   return payload?.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL] !== void 0;
 }
@@ -1002,7 +1117,8 @@ async function resolveCredentialOfferURI(uri) {
   return response.successBody;
 }
 __name(resolveCredentialOfferURI, "resolveCredentialOfferURI");
-function toUniformCredentialOfferPayload(offer, opts) {
+function toUniformCredentialOfferPayload(rawOffer, opts) {
+  const offer = normalizeOfferInput(rawOffer);
   const version = opts?.version ?? determineSpecVersionFromOffer(offer);
   if (version >= OpenId4VCIVersion.VER_1_0_11) {
     const orig = offer;
@@ -1071,6 +1187,7 @@ function determineFlowType(suppliedOffer, version) {
 }
 __name(determineFlowType, "determineFlowType");
 function getCredentialOfferPayload(offer) {
+  offer = normalizeOfferInput(offer);
   let payload;
   if ("credential_offer" in offer && offer["credential_offer"]) {
     payload = offer.credential_offer;
@@ -1081,6 +1198,7 @@ function getCredentialOfferPayload(offer) {
 }
 __name(getCredentialOfferPayload, "getCredentialOfferPayload");
 function determineGrantTypes(offer) {
+  offer = normalizeOfferInput(offer);
   let grants;
   if ("grants" in offer && offer.grants) {
     grants = offer.grants;
@@ -1153,8 +1271,28 @@ function getTypesFromOfferV1_0_11(credentialOffer, opts) {
   return types;
 }
 __name(getTypesFromOfferV1_0_11, "getTypesFromOfferV1_0_11");
+function getCredentialConfigurationIdsFromOfferV1_0_15(offer) {
+  return offer.credential_configuration_ids ?? [];
+}
+__name(getCredentialConfigurationIdsFromOfferV1_0_15, "getCredentialConfigurationIdsFromOfferV1_0_15");
+function normalizeOfferInput(input) {
+  if (typeof input !== "string") {
+    return input;
+  }
+  if (import_ssi_types2.ObjectUtils.isString(input) && input.startsWith("ey")) {
+    const payload = (0, import_oid4vc_common.base64urlToString)(input);
+    return JSON.parse(payload);
+  }
+  try {
+    return JSON.parse(input);
+  } catch {
+  }
+  return input;
+}
+__name(normalizeOfferInput, "normalizeOfferInput");
 // lib/functions/Encoding.ts
+init_cjs_shims();
 function convertJsonToURI(json, opts) {
   if (typeof json === "string") {
     return convertJsonToURI(JSON.parse(json), opts);
@@ -1281,6 +1419,7 @@ function customEncodeURIComponent(uriComponent, searchValue) {
 __name(customEncodeURIComponent, "customEncodeURIComponent");
 // lib/functions/TypeConversionUtils.ts
+init_cjs_shims();
 function isW3cCredentialSupported(supported) {
   return [
     "jwt_vc_json",
@@ -1394,8 +1533,9 @@ function getTypesFromCredentialSupported(credentialSupported, opts) {
 __name(getTypesFromCredentialSupported, "getTypesFromCredentialSupported");
 // lib/functions/IssuerMetadataUtils.ts
+init_cjs_shims();
 function getSupportedCredentials(opts) {
-  const { version = OpenId4VCIVersion.VER_1_0_13, types } = opts ?? {};
+  const { version = OpenId4VCIVersion.VER_1_0_15, types } = opts ?? {};
   if (types && Array.isArray(types)) {
     if (version < OpenId4VCIVersion.VER_1_0_13) {
       return types.flatMap((typeSet) => getSupportedCredential({
@@ -1447,9 +1587,10 @@ function determineVersionsFromIssuerMetadata(issuerMetadata) {
 }
 __name(determineVersionsFromIssuerMetadata, "determineVersionsFromIssuerMetadata");
 function getSupportedCredential(opts) {
-  const { issuerMetadata, types, format, version = OpenId4VCIVersion.VER_1_0_13 } = opts ?? {};
+  const { issuerMetadata, types, format, version = OpenId4VCIVersion.VER_1_0_15 } = opts ?? {};
   let credentialConfigurationsV11 = void 0;
   let credentialConfigurationsV13 = void 0;
+  let credentialConfigurationsV15 = void 0;
   if (version < OpenId4VCIVersion.VER_1_0_12 || issuerMetadata?.credential_configurations_supported === void 0 && issuerMetadata?.credentials_supported) {
     if (issuerMetadata?.credentials_supported && !Array.isArray(issuerMetadata?.credentials_supported)) {
       credentialConfigurationsV11 = [];
@@ -1459,15 +1600,25 @@ function getSupportedCredential(opts) {
         }
         credentialConfigurationsV11?.push(supported);
       });
+    } else if (version >= OpenId4VCIVersion.VER_1_0_15) {
+      credentialConfigurationsV15 = issuerMetadata?.credential_configurations_supported ?? {};
     } else {
       credentialConfigurationsV11 = issuerMetadata?.credentials_supported ?? [];
     }
-  } else {
+  } else if (version == OpenId4VCIVersion.VER_1_0_13) {
     credentialConfigurationsV13 = issuerMetadata?.credential_configurations_supported ?? {};
+  } else {
+    credentialConfigurationsV15 = issuerMetadata?.credential_configurations_supported ?? {};
   }
   if (!issuerMetadata || !issuerMetadata.credential_configurations_supported && !issuerMetadata.credentials_supported) {
     VCI_LOG_COMMON.warning(`No credential issuer metadata or supported credentials found for issuer}`);
-    return version < OpenId4VCIVersion.VER_1_0_13 ? credentialConfigurationsV11 : credentialConfigurationsV13;
+    if (version < OpenId4VCIVersion.VER_1_0_13) {
+      return credentialConfigurationsV11;
+    } else if (version >= OpenId4VCIVersion.VER_1_0_15) {
+      return credentialConfigurationsV15;
+    } else {
+      return credentialConfigurationsV15;
+    }
   }
   const normalizedTypes = Array.isArray(types) ? types : types ? [
     types
@@ -1497,7 +1648,17 @@ function getSupportedCredential(opts) {
     return isTypeMatch && isFormatMatch ? config : void 0;
   }
   __name(filterMatchingConfig, "filterMatchingConfig");
-  if (credentialConfigurationsV13) {
+  if (credentialConfigurationsV15) {
+    return Object.entries(credentialConfigurationsV15).reduce((filteredConfigs, [id, config]) => {
+      if (filterMatchingConfig(config)) {
+        filteredConfigs[id] = config;
+        if (!config.id) {
+          config.id = id;
+        }
+      }
+      return filteredConfigs;
+    }, {});
+  } else if (credentialConfigurationsV13) {
     return Object.entries(credentialConfigurationsV13).reduce((filteredConfigs, [id, config]) => {
       if (filterMatchingConfig(config)) {
         filteredConfigs[id] = config;
@@ -1560,13 +1721,59 @@ function getIssuerName(url, credentialIssuerMetadata) {
 }
 __name(getIssuerName, "getIssuerName");
+// lib/functions/FormatUtils.ts
+init_cjs_shims();
+function isFormat(formatObject, format) {
+  return formatObject.format === format;
+}
+__name(isFormat, "isFormat");
+function isNotFormat(formatObject, format) {
+  return formatObject.format !== format;
+}
+__name(isNotFormat, "isNotFormat");
+var isUniformFormat = /* @__PURE__ */ __name((format) => {
+  return [
+    "jwt_vc_json",
+    "jwt_vc_json-ld",
+    "ldp_vc",
+    "vc+sd-jwt",
+    "mso_mdoc"
+  ].includes(format);
+}, "isUniformFormat");
+function getUniformFormat(format) {
+  if (isUniformFormat(format)) {
+    return format;
+  }
+  if (format.toLocaleLowerCase() === "jwt_vc" || format.toLocaleLowerCase() === "jwt") {
+    return "jwt_vc";
+  }
+  if (format === "ldp_vc" || format === "ldp") {
+    return "ldp_vc";
+  }
+  throw new Error(`Invalid format: ${format}`);
+}
+__name(getUniformFormat, "getUniformFormat");
+function getFormatForVersion(format, version) {
+  const uniformFormat = isUniformFormat(format) ? format : getUniformFormat(format);
+  if (version === OpenId4VCIVersion.VER_1_0_08) {
+    if (uniformFormat === "jwt_vc_json") {
+      return "jwt_vc";
+    } else if (uniformFormat === "ldp_vc" || uniformFormat === "jwt_vc_json-ld") {
+      return "ldp_vc";
+    }
+  }
+  return uniformFormat;
+}
+__name(getFormatForVersion, "getFormatForVersion");
 // lib/functions/ProofUtil.ts
-var import_debug3 = __toESM(require("debug"), 1);
+init_cjs_shims();
+var import_ssi_types3 = require("@sphereon/ssi-types");
 var import_jwt_decode2 = require("jwt-decode");
-var debug3 = (0, import_debug3.default)("sphereon:openid4vci:common");
+var logger3 = import_ssi_types3.Loggers.DEFAULT.get("sphereon:oid4vci:common");
 var createProofOfPossession = /* @__PURE__ */ __name(async (popMode, callbacks, jwtProps, existingJwt) => {
   if (!callbacks.signCallback) {
-    debug3(`no jwt signer callback or arguments supplied!`);
+    logger3.debug(`no jwt signer callback or arguments supplied!`);
     throw new Error(BAD_PARAMS);
   }
   const jwtPayload = createJWT(popMode, jwtProps, existingJwt);
@@ -1578,18 +1785,18 @@ var createProofOfPossession = /* @__PURE__ */ __name(async (popMode, callbacks,
   try {
     partiallyValidateJWS(jwt);
     if (callbacks.verifyCallback) {
-      debug3(`Calling supplied verify callback....`);
+      logger3.debug(`Calling supplied verify callback....`);
       await callbacks.verifyCallback({
         jwt,
         kid: jwtPayload.header.kid
       });
-      debug3(`Supplied verify callback return success result`);
+      logger3.debug(`Supplied verify callback return success result`);
     }
   } catch {
-    debug3(`JWS was not valid`);
+    logger3.debug(`JWS was not valid`);
     throw new Error(JWS_NOT_VALID);
   }
-  debug3(`Proof of Possession JWT:\r
+  logger3.debug(`Proof of Possession JWT:\r
 ${jwt}`);
   return proof;
 }, "createProofOfPossession");
@@ -1708,6 +1915,7 @@ var getJwtProperty = /* @__PURE__ */ __name((propertyName, required, option, jwt
 }, "getJwtProperty");
 // lib/functions/AuthorizationResponseUtil.ts
+init_cjs_shims();
 var toAuthorizationResponsePayload = /* @__PURE__ */ __name((input) => {
   let response = input;
   if (typeof input === "string") {
@@ -1724,12 +1932,15 @@ var toAuthorizationResponsePayload = /* @__PURE__ */ __name((input) => {
 }, "toAuthorizationResponsePayload");
 // lib/functions/RandomUtils.ts
-var import_oid4vc_common = require("@sphereon/oid4vc-common");
+init_cjs_shims();
+var import_oid4vc_common2 = require("@sphereon/oid4vc-common");
 var u8a = __toESM(require("uint8arrays"), 1);
+var import_randomBytes = __toESM(require_randomBytes(), 1);
+var { toString } = u8a;
 var CODE_VERIFIER_DEFAULT_LENGTH = 128;
 var NONCE_LENGTH = 32;
 var generateRandomString = /* @__PURE__ */ __name((length, encoding) => {
-  return u8a.toString(randomBytes(length), encoding).slice(0, length);
+  return toString((0, import_randomBytes.default)(length), encoding).slice(0, length);
 }, "generateRandomString");
 var generateNonce = /* @__PURE__ */ __name((length) => {
   return generateRandomString(length ?? NONCE_LENGTH);
@@ -1743,7 +1954,7 @@ var createCodeChallenge = /* @__PURE__ */ __name((codeVerifier, codeChallengeMet
   if (codeChallengeMethod === CodeChallengeMethod.plain) {
     return codeVerifier;
   } else if (!codeChallengeMethod || codeChallengeMethod === CodeChallengeMethod.S256) {
-    return u8a.toString((0, import_oid4vc_common.defaultHasher)(codeVerifier, "sha256"), "base64url");
+    return toString((0, import_oid4vc_common2.defaultHasher)(codeVerifier, "sha256"), "base64url");
   } else {
     throw Error(`code challenge method ${codeChallengeMethod} not implemented`);
   }
@@ -1758,10 +1969,12 @@ var assertValidCodeVerifier = /* @__PURE__ */ __name((codeVerifier) => {
 }, "assertValidCodeVerifier");
 // lib/experimental/holder-vci.ts
+init_cjs_shims();
 var EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED = process.env.EXPERIMENTAL_SUBJECT_PROOF_MODE?.trim().toLowerCase() === "true";
 // lib/events/index.ts
-var import_ssi_types = require("@sphereon/ssi-types");
+init_cjs_shims();
+var import_ssi_types4 = require("@sphereon/ssi-types");
 var CredentialOfferEventNames = /* @__PURE__ */ function(CredentialOfferEventNames2) {
   CredentialOfferEventNames2["OID4VCI_OFFER_CREATED"] = "OID4VCI_OFFER_CREATED";
   CredentialOfferEventNames2["OID4VCI_OFFER_EXPIRED"] = "OID4VCI_OFFER_EXPIRED";
@@ -1778,141 +1991,9 @@ var NotificationStatusEventNames = /* @__PURE__ */ function(NotificationStatusEv
   NotificationStatusEventNames2["OID4VCI_NOTIFICATION_ERROR"] = "OID4VCI_NOTIFICATION_ERROR";
   return NotificationStatusEventNames2;
 }({});
-var EVENTS = import_ssi_types.EventManager.instance();
+var EVENTS = import_ssi_types4.EventManager.instance();
 // lib/index.ts
-var VCI_LOGGERS = import_ssi_types2.Loggers.DEFAULT;
+var VCI_LOGGERS = import_ssi_types5.Loggers.DEFAULT;
 var VCI_LOG_COMMON = VCI_LOGGERS.get("sphereon:oid4vci:common");
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  ACCESS_TOKEN_ISSUER_REQUIRED_ERROR,
-  ALG_ERROR,
-  AUD_ERROR,
-  Alg,
-  AuthorizationChallengeError,
-  AuthzFlowType,
-  BAD_PARAMS,
-  CODE_VERIFIER_DEFAULT_LENGTH,
-  CREDENTIAL_MISSING_ERROR,
-  CodeChallengeMethod,
-  CreateRequestObjectMode,
-  CredentialEventNames,
-  CredentialOfferEventNames,
-  DID_NO_DIDDOC_ERROR,
-  DefaultURISchemes,
-  EVENTS,
-  EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED,
-  EXPIRED_PRE_AUTHORIZED_CODE,
-  Encoding,
-  GRANTS_MUST_NOT_BE_UNDEFINED,
-  GrantTypes,
-  IAT_ERROR,
-  INVALID_PRE_AUTHORIZED_CODE,
-  ISSUER_CONFIG_ERROR,
-  ISS_MUST_BE_CLIENT_ID,
-  ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT,
-  IssueStatus,
-  JWS_NOT_VALID,
-  JWT_SIGNER_CALLBACK_REQUIRED_ERROR,
-  JWT_VERIFY_CONFIG_ERROR,
-  JsonURIMode,
-  KID_DID_NO_DID_ERROR,
-  KID_JWK_X5C_ERROR,
-  NONCE_ERROR,
-  NONCE_LENGTH,
-  NONCE_STATE_MANAGER_REQUIRED_ERROR,
-  NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT,
-  NO_JWT_PROVIDED,
-  NotificationStatusEventNames,
-  OpenId4VCIVersion,
-  PARMode,
-  PIN_NOT_MATCH_ERROR,
-  PIN_VALIDATION_ERROR,
-  PRE_AUTHORIZED_CODE_REQUIRED_ERROR,
-  PRE_AUTH_CODE_LITERAL,
-  PRE_AUTH_GRANT_LITERAL,
-  PROOF_CANT_BE_CONSTRUCTED,
-  ResponseType,
-  STATE_MANAGER_REQUIRED_ERROR,
-  STATE_MISSING_ERROR,
-  TYP_ERROR,
-  TokenError,
-  TokenErrorResponse,
-  UNKNOWN_CLIENT_ERROR,
-  UNSUPPORTED_GRANT_TYPE_ERROR,
-  URL_NOT_VALID,
-  USER_PIN_NOT_REQUIRED_ERROR,
-  USER_PIN_REQUIRED_ERROR,
-  USER_PIN_TX_CODE_SPEC_ERROR,
-  VCI_LOGGERS,
-  VCI_LOG_COMMON,
-  WRONG_METADATA_FORMAT,
-  WellKnownEndpoints,
-  acquireDeferredCredential,
-  adjustUrl,
-  assertValidCodeVerifier,
-  assertedUniformCredentialOffer,
-  authorizationServerMetadataFieldNames,
-  convertJsonToURI,
-  convertURIToJsonObject,
-  createCodeChallenge,
-  createProofOfPossession,
-  credentialIssuerMetadataFieldNames,
-  credentialSupportedV8ToV13,
-  credentialsSupportedV8ToV13,
-  decodeJsonProperties,
-  determineFlowType,
-  determineGrantTypes,
-  determineSpecVersionFromOffer,
-  determineSpecVersionFromScheme,
-  determineSpecVersionFromURI,
-  determineVersionsFromIssuerMetadata,
-  extractBearerToken,
-  formPost,
-  generateCodeVerifier,
-  generateNonce,
-  generateRandomString,
-  getClientIdFromCredentialOfferPayload,
-  getCredentialOfferPayload,
-  getCredentialRequestForVersion,
-  getFormatForVersion,
-  getIssuerDisplays,
-  getIssuerFromCredentialOfferPayload,
-  getIssuerName,
-  getJson,
-  getNumberOrUndefined,
-  getScheme,
-  getStateFromCredentialOfferPayload,
-  getSupportedCredential,
-  getSupportedCredentials,
-  getTypesFromAuthorizationDetails,
-  getTypesFromCredentialOffer,
-  getTypesFromCredentialSupported,
-  getTypesFromObject,
-  getTypesFromOfferV1_0_11,
-  getTypesFromRequest,
-  getURIComponentsAsArray,
-  getUniformFormat,
-  isAuthorizationRequestV1_0_09,
-  isAuthorizationRequestV1_0_11,
-  isCredentialOfferVersion,
-  isDeferredCredentialIssuancePending,
-  isDeferredCredentialResponse,
-  isFormat,
-  isJWS,
-  isNotFormat,
-  isPreAuthCode,
-  isValidURL,
-  isW3cCredentialSupported,
-  post,
-  randomBytes,
-  resolveCredentialOfferURI,
-  toAuthorizationResponsePayload,
-  toUniformCredentialOfferPayload,
-  toUniformCredentialOfferRequest,
-  trimBoth,
-  trimEnd,
-  trimStart,
-  validateJWT
-});
 //# sourceMappingURL=index.cjs.map