@sphereon/ssi-sdk-ext.identifier-resolution 0.26.1-feature.SPRIND.116.7 → 0.26.1-feature.SPRIND.124.esim.28

package/src/functions/externalOIDFIdentifier.ts

@@ -1,15 +1,8 @@
-import {
-  ErrorMessage,
-  ExternalIdentifierOIDFEntityIdOpts,
-  ExternalIdentifierOIDFEntityIdResult,
-  ExternalJwkInfo,
-  TrustedAnchor,
-} from '../types'
+import { ErrorMessage, ExternalIdentifierOIDFEntityIdOpts, ExternalIdentifierOIDFEntityIdResult, ExternalJwkInfo, TrustedAnchor } from '../types'
 import { IAgentContext } from '@veramo/core'
 import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 import { IJwsValidationResult } from '../types/IJwtService'
-import {decodeBase64url} from "@veramo/utils";
 
 /**
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
@@ -43,11 +36,10 @@ export async function resolveExternalOIDFEntityIdIdentifier(
   const errorList: Record<TrustedAnchor, ErrorMessage> = {}
   const jwkInfos: Array<ExternalJwkInfo> = []
 
-  let payload: string | undefined
   for (const trustAnchor of trustAnchors) {
     const resolveResult = await context.agent.resolveTrustChain({
       entityIdentifier: identifier,
-      trustAnchors: [trustAnchor]
+      trustAnchors: [trustAnchor],
     })
 
     if (resolveResult.error || !resolveResult.trustChain) {
@@ -58,7 +50,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         errorList[trustAnchor] = 'Trust chain is empty'
         continue
       }
-      
+
       const jwt = trustChain[0]
       const jwtVerifyResult: IJwsValidationResult = await context.agent.jwtVerifyJwsSignature({ jws: jwt })
 
@@ -72,14 +64,14 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         continue
       }
 
-      payload = JSON.parse(decodeBase64url(jwtVerifyResult.jws.payload))
       const signature = jwtVerifyResult.jws.signatures[0]
       if (signature.identifier.jwks.length === 0) {
         errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
         continue
       }
 
-      if(jwkInfos.length === 0) { // We need the entity JWK only once
+      if (jwkInfos.length === 0) {
+        // We need the entity JWK only once
         jwkInfos.push(...signature.identifier.jwks)
       }
       trustedAnchors.add(trustAnchor)
@@ -91,7 +83,6 @@ export async function resolveExternalOIDFEntityIdIdentifier(
     trustedAnchors: Array.from(trustedAnchors),
     ...(Object.keys(errorList).length > 0 && { errorList }),
     jwks: jwkInfos,
-    jwtPayload: payload,
     trustEstablished: trustedAnchors.size > 0,
   }
 }

package/src/functions/managedIdentifierFunctions.ts

@@ -1,5 +1,5 @@
 import { getFirstKeyWithRelation } from '@sphereon/ssi-sdk-ext.did-utils'
-import { calculateJwkThumbprint, coseKeyToJwk, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'
+import {calculateJwkThumbprint, coseKeyToJwk, globalCrypto, toJwk} from '@sphereon/ssi-sdk-ext.key-utils'
 import { pemOrDerToX509Certificate } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.agent-config'
 import { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
@@ -246,7 +246,7 @@ export async function getManagedX5cIdentifier(
   } else if (!contextHasKeyManager(context)) {
     return Promise.reject(Error(`Cannot get X5c identifier if KeyManager plugin is not enabled!`))
   }
-  const cryptoImpl = opts.crypto ?? crypto
+  const cryptoImpl = globalCrypto(false, opts.crypto)
   const certificate = pemOrDerToX509Certificate(x5c[0])
   const cryptoEngine = new CryptoEngine({ name: 'identifier_resolver_managed', crypto: cryptoImpl })
   setEngine(cryptoEngine.name, cryptoEngine)
@@ -274,32 +274,32 @@ export async function getManagedX5cIdentifier(
 }
 
 export async function getManagedOID4VCIssuerIdentifier(
-    opts: ManagedIdentifierOID4VCIssuerOpts,
-    context: IAgentContext<IKeyManager>
+  opts: ManagedIdentifierOID4VCIssuerOpts,
+  context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierOID4VCIssuerResult> {
   const { identifier } = opts
   const method = 'oid4vci-issuer'
   // FIXME: We need to eventually determine the JWK based on the issuer. Using a dummy JWK for now
   const jwk = {
-    "kty" : "RSA",
-    "kid" : "dummy-jwk-for-vci-issuer-signing",
-    "use" : "sig",
-    "n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
-    "e"   : "AQAB",
-    "d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q",
-    "p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0",
-    "q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8",
-    "dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE",
-    "dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk",
-    "qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"
+    kty: 'RSA',
+    kid: 'dummy-jwk-for-vci-issuer-signing',
+    use: 'sig',
+    n: 'pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w',
+    e: 'AQAB',
+    d: 'ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q',
+    p: '4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0',
+    q: 'ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8',
+    dp: 'lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE',
+    dq: 'mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk',
+    qi: 'ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg',
   } as JWK
   const jwkThumbprint = calculateJwkThumbprint({ jwk })
 
   const key = {
     kid: 'dummy-key-for-vci-issuer-signing',
     kms: 'local',
-    type: "RSA",
-    publicKeyHex: '9a3f75b2e4d8b91128fc6e9a8f6782e5a4f1cba3718e58b5d0a789d6e5f52b3a'
+    type: 'RSA',
+    publicKeyHex: '9a3f75b2e4d8b91128fc6e9a8f6782e5a4f1cba3718e58b5d0a789d6e5f52b3a',
   } as IKey
 
   return {
@@ -344,7 +344,10 @@ export async function getManagedIdentifier(
     return Promise.reject(Error(`Could not determine identifier method. Please provide explicitly`))
   }
   const { key } = resolutionResult
-  if ((!key && !isManagedIdentifierOID4VCIssuerOpts(opts)) || (isManagedIdentifierDidOpts(opts) && isManagedIdentifierDidResult(resolutionResult) && !resolutionResult.identifier)) {
+  if (
+    (!key && !isManagedIdentifierOID4VCIssuerOpts(opts)) ||
+    (isManagedIdentifierDidOpts(opts) && isManagedIdentifierDidResult(resolutionResult) && !resolutionResult.identifier)
+  ) {
     console.log(`Cannot find identifier`, opts.identifier)
     return Promise.reject(`Cannot find identifier ${opts.identifier}`)
   }

package/src/types/IIdentifierResolution.ts

@@ -83,7 +83,10 @@ export interface IIdentifierResolution extends IPluginMethodMap {
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierCoseKeyResult>
 
-  identifierManagedGetByOID4VCIssuer(args: ManagedIdentifierOID4VCIssuerOpts, context: IAgentContext<any>): Promise<ManagedIdentifierOID4VCIssuerResult>
+  identifierManagedGetByOID4VCIssuer(
+    args: ManagedIdentifierOID4VCIssuerOpts,
+    context: IAgentContext<any>
+  ): Promise<ManagedIdentifierOID4VCIssuerResult>
 
   // TODO: We can create a custom managed identifier method allowing developers to register a callback function to get their implementation hooked up. Needs more investigation as it would also impact the KMS
 
@@ -102,6 +105,9 @@ export interface IIdentifierResolution extends IPluginMethodMap {
   identifierExternalResolveByCoseKey(args: ExternalIdentifierCoseKeyOpts, context: IAgentContext<any>): Promise<ExternalIdentifierCoseKeyResult>
 
   identifierExternalResolveByX5c(args: ExternalIdentifierX5cOpts, context: IAgentContext<any>): Promise<ExternalIdentifierX5cResult>
-  
-  identifierExternalResolveByOIDFEntityId(args: ExternalIdentifierOIDFEntityIdOpts, context: IAgentContext<any>): Promise<ExternalIdentifierOIDFEntityIdResult>
+
+  identifierExternalResolveByOIDFEntityId(
+    args: ExternalIdentifierOIDFEntityIdOpts,
+    context: IAgentContext<any>
+  ): Promise<ExternalIdentifierOIDFEntityIdResult>
 }

package/src/types/IJwtService.d.ts

@@ -1,225 +1,249 @@
-
 // Copy of jwt-service typings since we cannot include that as devDependency due to cyclic dep
 
-import { ExternalIdentifierDidOpts, ExternalIdentifierResult, ExternalIdentifierX5cOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
-import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils';
-import { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types';
-import { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core';
-export type IRequiredContext = IAgentContext<IIdentifierResolution & IKeyManager>;
-export declare const jwtServiceContextMethods: Array<string>;
+import {
+  ExternalIdentifierDidOpts,
+  ExternalIdentifierResult,
+  ExternalIdentifierX5cOpts,
+  IIdentifierResolution,
+  ManagedIdentifierOptsOrResult,
+  ManagedIdentifierResult,
+} from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
+import { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types'
+import { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core'
+export type IRequiredContext = IAgentContext<IIdentifierResolution & IKeyManager>
+export declare const jwtServiceContextMethods: Array<string>
 export interface IJwtService extends IPluginMethodMap {
-    jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject>;
-    jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral>;
-    jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened>;
-    jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult>;
-    jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult>;
-    jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>;
-    jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>;
+  jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject>
+  jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral>
+  jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened>
+  jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult>
+  jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult>
+  jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
+  jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
 }
 export type IJwsValidationResult = IValidationResult & {
-    jws: JwsJsonGeneralWithIdentifiers;
-};
+  jws: JwsJsonGeneralWithIdentifiers
+}
 export interface PreparedJws {
-    protectedHeader: JwsHeader;
-    payload: Uint8Array;
-    unprotectedHeader?: JwsHeader;
-    existingSignatures?: Array<JwsJsonSignature>;
+  protectedHeader: JwsHeader
+  payload: Uint8Array
+  unprotectedHeader?: JwsHeader
+  existingSignatures?: Array<JwsJsonSignature>
 }
 export interface JwsJsonSignature {
-    protected: string;
-    header?: JwsHeader;
-    signature: string;
+  protected: string
+  header?: JwsHeader
+  signature: string
 }
 /**
  * The JWK representation of an ephemeral public key.
  * See https://www.rfc-editor.org/rfc/rfc7518.html#section-6
  */
-export type EphemeralPublicKey = Omit<BaseJWK, 'alg'>;
+export type EphemeralPublicKey = Omit<BaseJWK, 'alg'>
 export interface JweHeader extends Omit<BaseJwtHeader, 'alg'> {
-    alg: string;
-    enc: string;
-    jku?: string;
-    jwk?: BaseJWK;
-    epk?: EphemeralPublicKey;
-    x5u?: string;
-    x5c?: string[];
-    x5t?: string;
-    cty?: string;
-    crit?: string[];
-    [k: string]: any;
+  alg: string
+  enc: string
+  jku?: string
+  jwk?: BaseJWK
+  epk?: EphemeralPublicKey
+  x5u?: string
+  x5c?: string[]
+  x5t?: string
+  cty?: string
+  crit?: string[]
+  [k: string]: any
 }
 export interface JweRecipientUnprotectedHeader {
-    alg: string;
-    iv: string;
-    tag: string;
-    epk?: EphemeralPublicKey;
-    kid?: string;
-    apv?: string;
-    apu?: string;
+  alg: string
+  iv: string
+  tag: string
+  epk?: EphemeralPublicKey
+  kid?: string
+  apv?: string
+  apu?: string
 }
 export interface JweProtectedHeader extends Partial<JweHeader> {
-    zip?: 'DEF' | string;
+  zip?: 'DEF' | string
 }
-export type Jws = JwsCompact | JwsJsonFlattened | JwsJsonGeneral;
-export type JwsCompact = string;
+export type Jws = JwsCompact | JwsJsonFlattened | JwsJsonGeneral
+export type JwsCompact = string
 export interface JwsJsonFlattened {
-    payload: string;
-    protected: string;
-    header?: JwsHeader;
-    signature: string;
+  payload: string
+  protected: string
+  header?: JwsHeader
+  signature: string
 }
 export interface JwsJsonGeneral {
-    payload: string;
-    signatures: Array<JwsJsonSignature>;
+  payload: string
+  signatures: Array<JwsJsonSignature>
 }
 export interface JwsJsonGeneralWithIdentifiers extends JwsJsonGeneral {
-    signatures: Array<JwsJsonSignatureWithIdentifier>;
+  signatures: Array<JwsJsonSignatureWithIdentifier>
 }
 export interface JwsJsonSignatureWithIdentifier extends JwsJsonSignature {
-    identifier: ExternalIdentifierResult;
+  identifier: ExternalIdentifierResult
 }
-export type Jwe = JweCompact | JweJsonFlattened | JweJsonGeneral;
-export type JweCompact = string;
+export type Jwe = JweCompact | JweJsonFlattened | JweJsonGeneral
+export type JweCompact = string
 export interface JweJsonFlattened {
-    protected: string;
-    unprotected: JweHeader;
-    header: JweHeader | JweRecipientUnprotectedHeader;
-    encrypted_key?: string;
-    aad?: string;
-    iv: string;
-    ciphertext: string;
-    tag?: string;
+  protected: string
+  unprotected: JweHeader
+  header: JweHeader | JweRecipientUnprotectedHeader
+  encrypted_key?: string
+  aad?: string
+  iv: string
+  ciphertext: string
+  tag?: string
 }
 export interface JweRecipient {
-    header?: JweRecipientUnprotectedHeader;
-    encrypted_key?: string;
+  header?: JweRecipientUnprotectedHeader
+  encrypted_key?: string
 }
 export interface JweJsonGeneral {
-    protected: string;
-    unprotected?: JweHeader;
-    recipients: Array<JweRecipient>;
-    aad?: string;
-    iv: string;
-    ciphertext: string;
-    tag?: string;
+  protected: string
+  unprotected?: JweHeader
+  recipients: Array<JweRecipient>
+  aad?: string
+  iv: string
+  ciphertext: string
+  tag?: string
 }
 export interface PreparedJwsObject {
-    jws: PreparedJws;
-    b64: {
-        payload: string;
-        protectedHeader: string;
-    };
-    identifier: ManagedIdentifierResult;
+  jws: PreparedJws
+  b64: {
+    payload: string
+    protectedHeader: string
+  }
+  identifier: ManagedIdentifierResult
 }
 export interface BaseJwtHeader {
-    typ?: string;
-    alg?: string;
-    kid?: string;
+  typ?: string
+  alg?: string
+  kid?: string
 }
 export interface BaseJwtPayload {
-    iss?: string;
-    sub?: string;
-    aud?: string[] | string;
-    exp?: number;
-    nbf?: number;
-    iat?: number;
-    jti?: string;
+  iss?: string
+  sub?: string
+  aud?: string[] | string
+  exp?: number
+  nbf?: number
+  iat?: number
+  jti?: string
 }
 export interface JwsHeader extends BaseJwtHeader {
-    kid?: string;
-    jwk?: JWK;
-    x5c?: string[];
-    [key: string]: unknown;
+  kid?: string
+  jwk?: JWK
+  x5c?: string[]
+  [key: string]: unknown
 }
 export interface JwsPayload extends BaseJwtPayload {
-    [key: string]: unknown;
+  [key: string]: unknown
 }
 export interface JwsHeaderOpts {
-    alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString;
+  alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString
 }
-export type JwsIdentifierMode = 'x5c' | 'kid' | 'jwk' | 'did' | 'auto';
+export type JwsIdentifierMode = 'x5c' | 'kid' | 'jwk' | 'did' | 'auto'
 export type EncryptJweCompactJwtArgs = {
-    payload: JwsPayload;
-    protectedHeader?: JweProtectedHeader | undefined;
-    aad?: Uint8Array | undefined;
-    recipientKey: ExternalIdentifierResult & {
-        kid?: string;
-    };
-    alg?: JweAlg;
-    enc?: JweEnc;
-    apu?: string;
-    apv?: string;
-    expirationTime?: number | string | Date;
-    issuer?: string;
-    audience?: string | string[];
-};
+  payload: JwsPayload
+  protectedHeader?: JweProtectedHeader | undefined
+  aad?: Uint8Array | undefined
+  recipientKey: ExternalIdentifierResult & {
+    kid?: string
+  }
+  alg?: JweAlg
+  enc?: JweEnc
+  apu?: string
+  apv?: string
+  expirationTime?: number | string | Date
+  issuer?: string
+  audience?: string | string[]
+}
 export type DecryptJweCompactJwtArgs = {
-    jwe: JweCompact;
-    idOpts: ManagedIdentifierOptsOrResult;
-};
+  jwe: JweCompact
+  idOpts: ManagedIdentifierOptsOrResult
+}
 export type CreateJwsArgs = {
-    mode?: JwsIdentifierMode;
-    issuer: ManagedIdentifierOptsOrResult & {
-        noIssPayloadUpdate?: boolean;
-        noIdentifierInHeader?: boolean;
-    };
-    clientId?: string;
-    clientIdScheme?: ClientIdScheme | 'did' | string;
-    protectedHeader: JwsHeader;
-    payload: JwsPayload | Uint8Array | string;
-};
+  mode?: JwsIdentifierMode
+  issuer: ManagedIdentifierOptsOrResult & {
+    noIssPayloadUpdate?: boolean
+    noIdentifierInHeader?: boolean
+  }
+  clientId?: string
+  clientIdScheme?: ClientIdScheme | 'did' | string
+  protectedHeader: JwsHeader
+  payload: JwsPayload | Uint8Array | string
+}
 export type CreateJweArgs = {
-    mode?: JwsIdentifierMode;
-    issuer: ManagedIdentifierOptsOrResult & {
-        noIssPayloadUpdate?: boolean;
-        noIdentifierInHeader?: boolean;
-    };
-    protectedHeader: JweProtectedHeader;
-    encryptedKey: string | EphemeralPublicKey;
-    iv: string;
-    ciphertext: string;
-    tag: string;
-};
-export type CreateJwsCompactArgs = CreateJwsArgs;
-export type CreateJwsFlattenedArgs = Exclude<CreateJwsJsonArgs, 'existingSignatures'>;
+  mode?: JwsIdentifierMode
+  issuer: ManagedIdentifierOptsOrResult & {
+    noIssPayloadUpdate?: boolean
+    noIdentifierInHeader?: boolean
+  }
+  protectedHeader: JweProtectedHeader
+  encryptedKey: string | EphemeralPublicKey
+  iv: string
+  ciphertext: string
+  tag: string
+}
+export type CreateJwsCompactArgs = CreateJwsArgs
+export type CreateJwsFlattenedArgs = Exclude<CreateJwsJsonArgs, 'existingSignatures'>
 export type VerifyJwsArgs = {
-    jws: Jws;
-    jwk?: JWK;
-    opts?: {
-        x5c?: Omit<ExternalIdentifierX5cOpts, 'identifier'>;
-        did?: Omit<ExternalIdentifierDidOpts, 'identifier'>;
-    };
-};
+  jws: Jws
+  jwk?: JWK
+  opts?: {
+    x5c?: Omit<ExternalIdentifierX5cOpts, 'identifier'>
+    did?: Omit<ExternalIdentifierDidOpts, 'identifier'>
+  }
+}
 /**
  * @public
  */
 export type CreateJwsJsonArgs = CreateJwsArgs & {
-    unprotectedHeader?: JwsHeader;
-    existingSignatures?: Array<JwsJsonSignature>;
-};
+  unprotectedHeader?: JwsHeader
+  existingSignatures?: Array<JwsJsonSignature>
+}
 export type CreateJweJsonArgs = CreateJweArgs & {
-    unprotectedHeader?: JweHeader;
-};
+  unprotectedHeader?: JweHeader
+}
 /**
  * @public
  */
 export interface JwtCompactResult {
-    jwt: JwsCompact | JweCompact;
-}
-export declare function isJwsCompact(jws: Jws): jws is JwsCompact;
-export declare function isJweCompact(jwe: Jwe): jwe is JweCompact;
-export declare function isJwsJsonFlattened(jws: Jws): jws is JwsJsonFlattened;
-export declare function isJwsJsonGeneral(jws: Jws): jws is JwsJsonGeneral;
-export declare function isJweJsonFlattened(jwe: Jwe): jwe is JweJsonFlattened;
-export declare function isJweJsonGeneral(jwe: Jwe): jwe is JweJsonGeneral;
-export declare function isJwsHeader(header: BaseJwtHeader & Record<string, any>): header is JwsHeader;
-export declare function isJweHeader(header: BaseJwtHeader & Record<string, any>): header is JweHeader;
-export declare const COMPACT_JWS_REGEX: RegExp;
-export declare const COMPACT_JWE_REGEX: RegExp;
-export declare const JweAlgs: readonly ["RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "dir", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "PBES2-HS256+A128KW", "PBES2-HS384+A192KW", "PBES2-HS512+A256KW"];
-export type JweAlg = typeof JweAlgs[number];
-export declare function jweAlg(alg?: string | JweAlg): JweAlg | undefined;
-export declare const JweEncs: readonly ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"];
-export type JweEnc = typeof JweEncs[number];
-export declare function jweEnc(alg?: string | JweEnc): JweEnc | undefined;
+  jwt: JwsCompact | JweCompact
+}
+export declare function isJwsCompact(jws: Jws): jws is JwsCompact
+export declare function isJweCompact(jwe: Jwe): jwe is JweCompact
+export declare function isJwsJsonFlattened(jws: Jws): jws is JwsJsonFlattened
+export declare function isJwsJsonGeneral(jws: Jws): jws is JwsJsonGeneral
+export declare function isJweJsonFlattened(jwe: Jwe): jwe is JweJsonFlattened
+export declare function isJweJsonGeneral(jwe: Jwe): jwe is JweJsonGeneral
+export declare function isJwsHeader(header: BaseJwtHeader & Record<string, any>): header is JwsHeader
+export declare function isJweHeader(header: BaseJwtHeader & Record<string, any>): header is JweHeader
+export declare const COMPACT_JWS_REGEX: RegExp
+export declare const COMPACT_JWE_REGEX: RegExp
+export declare const JweAlgs: readonly [
+  'RSA1_5',
+  'RSA-OAEP',
+  'RSA-OAEP-256',
+  'A128KW',
+  'A192KW',
+  'A256KW',
+  'dir',
+  'ECDH-ES',
+  'ECDH-ES+A128KW',
+  'ECDH-ES+A192KW',
+  'ECDH-ES+A256KW',
+  'A128GCMKW',
+  'A192GCMKW',
+  'A256GCMKW',
+  'PBES2-HS256+A128KW',
+  'PBES2-HS384+A192KW',
+  'PBES2-HS512+A256KW'
+]
+export type JweAlg = (typeof JweAlgs)[number]
+export declare function jweAlg(alg?: string | JweAlg): JweAlg | undefined
+export declare const JweEncs: readonly ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM']
+export type JweEnc = (typeof JweEncs)[number]
+export declare function jweEnc(alg?: string | JweEnc): JweEnc | undefined
 //# sourceMappingURL=IJwtService.d.ts.map

package/src/types/common.ts

@@ -51,7 +51,7 @@ export function isCoseKeyIdentifier(identifier: ManagedIdentifierType): identifi
 }
 
 export function isOIDFEntityIdIdentifier(identifier: ManagedIdentifierType): identifier is string {
-  return typeof identifier === 'string' && identifier.startsWith('https://') 
+  return typeof identifier === 'string' && identifier.startsWith('https://')
 }
 
 export function isX5cIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string[] {

package/src/types/externalIdentifierTypes.ts

@@ -5,7 +5,8 @@ import { IParsedDID } from '@sphereon/ssi-types'
 import { DIDDocument, DIDDocumentSection, DIDResolutionResult } from '@veramo/core'
 import {
   isCoseKeyIdentifier,
-  isDidIdentifier, isOIDFEntityIdIdentifier,
+  isDidIdentifier,
+  isOIDFEntityIdIdentifier,
   isJwkIdentifier,
   isJwksUrlIdentifier,
   isKidIdentifier,
@@ -110,7 +111,7 @@ export type ExternalIdentifierOIDFEntityIdOpts = Omit<ExternalIdentifierOptsBase
 
 export function isExternalIdentifierOIDFEntityIdOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierOIDFEntityIdOpts {
   const { identifier } = opts
-  return ('method' in opts && opts.method === 'entity_id' || 'trustAnchors' in opts) && isOIDFEntityIdIdentifier(identifier)
+  return (('method' in opts && opts.method === 'entity_id') || 'trustAnchors' in opts) && isOIDFEntityIdIdentifier(identifier)
 }
 
 export type ExternalIdentifierX5cOpts = Omit<ExternalIdentifierOptsBase, 'method'> &
@@ -130,7 +131,13 @@ export function isExternalIdentifierX5cOpts(opts: ExternalIdentifierOptsBase): o
 export type ExternalIdentifierMethod = 'did' | 'jwk' | 'x5c' | 'kid' | 'cose_key' | 'oidc-discovery' | 'jwks-url' | 'oid4vci-issuer' | 'entity_id'
 
 export type ExternalIdentifierResult = IExternalIdentifierResultBase &
-  (ExternalIdentifierDidResult | ExternalIdentifierX5cResult | ExternalIdentifierJwkResult | ExternalIdentifierOIDFEntityIdResult | ExternalIdentifierCoseKeyResult )
+  (
+    | ExternalIdentifierDidResult
+    | ExternalIdentifierX5cResult
+    | ExternalIdentifierJwkResult
+    | ExternalIdentifierOIDFEntityIdResult
+    | ExternalIdentifierCoseKeyResult
+  )
 
 export interface IExternalIdentifierResultBase {
   method: ExternalIdentifierMethod
@@ -165,7 +172,6 @@ export interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifie
   method: 'entity_id'
   trustedAnchors: Array<TrustedAnchor>
   errorList?: Record<TrustedAnchor, ErrorMessage>
-  jwtPayload?: string
   trustEstablished: boolean
 }
 

package/src/types/managedIdentifierTypes.ts

@@ -9,7 +9,7 @@ import {
   isKeyIdentifier,
   isKidIdentifier,
   isX5cIdentifier,
-  JwkInfo
+  JwkInfo,
 } from './common'
 
 /**