@sphereon/ssi-sdk.oid4vci-holder 0.32.1-feature.MWALL.715.49 → 0.32.1-feature.SDK.56.oauth.status.list.139

package/src/machines/firstPartyMachine.ts

@@ -0,0 +1,287 @@
+import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
+import {
+  AuthorizationChallengeCodeResponse,
+  AuthorizationChallengeError,
+  AuthorizationChallengeErrorResponse
+} from '@sphereon/oid4vci-common'
+import { DidAuthConfig } from '@sphereon/ssi-sdk.data-store'
+import { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
+import {
+  createConfig,
+  getSiopRequest,
+  sendAuthorizationChallengeRequest,
+  sendAuthorizationResponse
+} from '../services/FirstPartyMachineServices'
+import { translate } from '../localization/Localization'
+import { ErrorDetails } from '../types/IOID4VCIHolder'
+import {
+  CreateConfigArgs,
+  CreateFirstPartyMachineOpts,
+  FirstPartyMachineContext,
+  FirstPartyMachineEvents,
+  FirstPartyMachineEventTypes,
+  FirstPartyMachineInterpreter,
+  FirstPartyMachineServices,
+  FirstPartyMachineState,
+  FirstPartyMachineStatesConfig,
+  FirstPartyMachineStateTypes,
+  FirstPartyMachineServiceDefinitions,
+  FirstPartyStateMachine,
+  GetSiopRequestArgs,
+  InstanceFirstPartyMachineOpts,
+  SiopV2AuthorizationRequestData,
+  SendAuthorizationResponseArgs,
+  FirstPartySelectCredentialsEvent
+} from '../types/FirstPartyMachine'
+
+const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
+  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.done,
+        actions: assign({
+          authorizationCodeResponse: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => _event.data
+        })
+      },
+      onError: [
+        {
+          target: FirstPartyMachineStateTypes.createConfig,
+          cond: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>): boolean => _event.data.error === AuthorizationChallengeError.insufficient_authorization,
+          actions: assign({
+            authSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.auth_session,
+            presentationUri: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.presentation,
+          }),
+        },
+        {
+          target: FirstPartyMachineStateTypes.error,
+          actions: assign({
+            error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({
+              title: translate('oid4vci_machine_send_authorization_challenge_request_error_title'),
+              message: _event.data.message,
+              stack: _event.data.stack,
+            }),
+          }),
+        }
+      ],
+    }
+  },
+  [FirstPartyMachineStateTypes.createConfig]: {
+    id: FirstPartyMachineStateTypes.createConfig,
+    invoke: {
+      src: FirstPartyMachineServices.createConfig,
+      onDone: {
+        target: FirstPartyMachineStateTypes.getSiopRequest,
+        actions: assign({
+          didAuthConfig: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<DidAuthConfig>) => _event.data,
+        }),
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign({
+          error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({
+            title: translate('oid4vci_machine_create_config_error_title'),
+            message: _event.data.message,
+            stack: _event.data.stack,
+          }),
+        }),
+      },
+    },
+  },
+  [FirstPartyMachineStateTypes.getSiopRequest]: {
+    id: FirstPartyMachineStateTypes.getSiopRequest,
+    invoke: {
+      src: FirstPartyMachineServices.getSiopRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.selectCredentials,
+        actions: assign({
+          authorizationRequestData: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<SiopV2AuthorizationRequestData>) => _event.data,
+        }),
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign({
+          error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({
+            title: translate('siopV2_machine_get_request_error_title'),
+            message: _event.data.message,
+            stack: _event.data.stack,
+          }),
+        }),
+      },
+    },
+  },
+  [FirstPartyMachineStateTypes.selectCredentials]: {
+    id: FirstPartyMachineStateTypes.selectCredentials,
+    on: {
+      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
+        actions: assign({selectedCredentials: (_ctx: FirstPartyMachineContext, _event: FirstPartySelectCredentialsEvent) => _event.data}),
+      },
+      [FirstPartyMachineEvents.NEXT]: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationResponse,
+      },
+      [FirstPartyMachineEvents.DECLINE]: {
+        target: FirstPartyMachineStateTypes.declined,
+      },
+      [FirstPartyMachineEvents.PREVIOUS]: {
+        target: FirstPartyMachineStateTypes.aborted,
+      },
+    },
+  },
+  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationResponse,
+      onDone: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+        actions: assign({
+          presentationDuringIssuanceSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<string>) => _event.data,
+        }),
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign({
+          error: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<Error>): ErrorDetails => ({
+            title: translate('oid4vci_machine_get_request_error_title'),
+            message: _event.data.message,
+            stack: _event.data.stack,
+          }),
+        }),
+      },
+    }
+  },
+  [FirstPartyMachineStateTypes.aborted]: {
+    id: FirstPartyMachineStateTypes.aborted,
+    type: 'final'
+  },
+  [FirstPartyMachineStateTypes.declined]: {
+    id: FirstPartyMachineStateTypes.declined,
+    type: 'final'
+  },
+  [FirstPartyMachineStateTypes.error]: {
+    id: FirstPartyMachineStateTypes.error,
+    type: 'final',
+  },
+  [FirstPartyMachineStateTypes.done]: {
+    id: FirstPartyMachineStateTypes.done,
+    type: 'final',
+  }
+}
+
+const createFirstPartyActivationMachine = (opts: CreateFirstPartyMachineOpts): FirstPartyStateMachine => {
+  const initialContext: FirstPartyMachineContext = {
+    openID4VCIClientState: opts.openID4VCIClientState,
+    contact: opts.contact,
+    selectedCredentials: [],
+  };
+
+  return createMachine<FirstPartyMachineContext, FirstPartyMachineEventTypes>(
+    {
+      id: opts?.machineId ?? 'FirstParty',
+      predictableActionArguments: true,
+      initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+      context: initialContext,
+      states: firstPartyMachineStates,
+      schema: {
+        events: {} as FirstPartyMachineEventTypes,
+        services: {} as {
+          [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: {
+            data: void
+          },
+          [FirstPartyMachineServices.createConfig]: {
+            data: CreateConfigResult
+          },
+          [FirstPartyMachineServices.getSiopRequest]: {
+            data: SiopV2AuthorizationRequestData
+          },
+          [FirstPartyMachineServices.sendAuthorizationResponse]: {
+            data: string
+          }
+        }
+      }
+    }
+  );
+};
+
+export class FirstPartyMachine {
+  private static _instance: FirstPartyMachineInterpreter | undefined;
+
+  static hasInstance(): boolean {
+    return FirstPartyMachine._instance !== undefined;
+  }
+
+  static get instance(): FirstPartyMachineInterpreter {
+    if (!FirstPartyMachine._instance) {
+      throw Error('Please initialize ESIMActivation machine first');
+    }
+    return FirstPartyMachine._instance;
+  }
+
+  static clearInstance(opts: {stop: boolean}) {
+    const {stop} = opts;
+    if (FirstPartyMachine.hasInstance()) {
+      if (stop) {
+        FirstPartyMachine.stopInstance();
+      }
+    }
+    FirstPartyMachine._instance = undefined;
+  }
+
+  static stopInstance(): void {
+    if (!FirstPartyMachine.hasInstance()) {
+      return;
+    }
+    FirstPartyMachine.instance.stop();
+    FirstPartyMachine._instance = undefined;
+  }
+
+  public static newInstance(opts: InstanceFirstPartyMachineOpts): FirstPartyMachineInterpreter {
+    const { agentContext } = opts
+    const services: FirstPartyMachineServiceDefinitions = {
+      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
+      [FirstPartyMachineServices.createConfig]: (args: CreateConfigArgs) => createConfig(args, agentContext),
+      [FirstPartyMachineServices.getSiopRequest]: (args: GetSiopRequestArgs) => getSiopRequest(args, agentContext),
+      [FirstPartyMachineServices.sendAuthorizationResponse]: (args: SendAuthorizationResponseArgs) => sendAuthorizationResponse(args, agentContext),
+    }
+
+    const newInst: FirstPartyMachineInterpreter = interpret(
+      createFirstPartyActivationMachine(opts).withConfig({
+        services: {
+          ...services,
+          ...opts?.services,
+        },
+        guards: {
+          ...opts?.guards,
+        },
+      }),
+    );
+
+    if (typeof opts?.subscription === 'function') {
+      newInst.onTransition(opts.subscription);
+    }
+
+    if (opts?.requireCustomNavigationHook !== true) {
+      newInst.onTransition((snapshot: FirstPartyMachineState): void => {
+        if (opts?.stateNavigationListener) {
+          void opts.stateNavigationListener(newInst, snapshot)
+        }
+      });
+    }
+
+    return newInst;
+  }
+
+  static getInstance(
+    opts: InstanceFirstPartyMachineOpts & {
+      requireExisting?: boolean;
+    },
+  ): FirstPartyMachineInterpreter {
+    if (!FirstPartyMachine._instance) {
+      if (opts?.requireExisting === true) {
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+      }
+      FirstPartyMachine._instance = FirstPartyMachine.newInstance(opts);
+    }
+    return FirstPartyMachine._instance;
+  }
+}

package/src/{machine → machines}/oid4vciMachine.ts

@@ -1,4 +1,8 @@
-import { AuthzFlowType, toAuthorizationResponsePayload } from '@sphereon/oid4vci-common'
+import {
+  AuthorizationChallengeCodeResponse,
+  AuthzFlowType,
+  toAuthorizationResponsePayload
+} from '@sphereon/oid4vci-common'
 import { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store'
 import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
 import { translate } from '../localization/Localization'
@@ -29,6 +33,7 @@ import {
   SetAuthorizationCodeURLEvent,
   VerificationCodeEvent,
 } from '../types/IOID4VCIHolder'
+import { FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
 
 const oid4vciHasNoContactGuard = (_ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {
   const { contact } = _ctx
@@ -117,6 +122,10 @@ const oid4vciHasAuthorizationResponse = (ctx: OID4VCIMachineContext, _event: OID
   return !!ctx.openID4VCIClientState?.authorizationCodeResponse
 }
 
+const oid4vciIsFirstPartyApplication = (ctx: OID4VCIMachineContext, _event: OID4VCIMachineEventTypes): boolean => {
+  return !!ctx.serverMetadata?.authorization_challenge_endpoint
+}
+
 const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMachine => {
   const initialContext: OID4VCIMachineContext = {
     // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider
@@ -153,7 +162,8 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
         | { type: OID4VCIMachineGuards.hasSelectedCredentialsGuard }
         | { type: OID4VCIMachineGuards.hasAuthorizationResponse }
         | { type: OID4VCIMachineGuards.isOIDFOriginGuard }
-        | { type: OID4VCIMachineGuards.contactHasLowTrustGuard },
+        | { type: OID4VCIMachineGuards.contactHasLowTrustGuard }
+        | { type: OID4VCIMachineGuards.isFirstPartyApplication },
       services: {} as {
         [OID4VCIMachineServices.start]: {
           data: StartResult
@@ -188,6 +198,9 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
         [OID4VCIMachineServices.getIssuerBranding]: {
           data: Array<IIssuerLocaleBranding | IBasicIssuerLocaleBranding>
         }
+        [OID4VCIMachineServices.startFirstPartApplicationFlow]: {
+          data: void
+        }
       },
     },
     context: initialContext,
@@ -332,6 +345,10 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
             target: OID4VCIMachineStates.selectCredentials,
             cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,
           },
+          {
+            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
+            cond: OID4VCIMachineGuards.isFirstPartyApplication,
+          },
           {
             target: OID4VCIMachineStates.initiateAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard,
@@ -422,6 +439,10 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
             target: OID4VCIMachineStates.selectCredentials,
             cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard,
           },
+          {
+            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
+            cond: OID4VCIMachineGuards.isFirstPartyApplication,
+          },
           {
             target: OID4VCIMachineStates.initiateAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard,
@@ -435,6 +456,41 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
           },
         ],
       },
+      [OID4VCIMachineStates.startFirstPartApplicationFlow] :{
+        id: OID4VCIMachineStates.startFirstPartApplicationFlow,
+        invoke: {
+          src: OID4VCIMachineServices.startFirstPartApplicationFlow,
+          onDone: [
+            {
+              target: OID4VCIMachineStates.aborted,
+              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean => _event.data === FirstPartyMachineStateTypes.aborted,
+            },
+            {
+              target: OID4VCIMachineStates.declined,
+              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean => _event.data === FirstPartyMachineStateTypes.declined,
+            },
+            {
+              target: OID4VCIMachineStates.getCredentials,
+              actions: assign({
+                openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => {
+                  const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)
+                  return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }
+                }
+              })
+            }
+          ],
+          onError: {
+            target: OID4VCIMachineStates.handleError,
+            actions: assign({
+              error: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<ErrorDetails>): ErrorDetails => ({
+                title: _event.data.title ?? translate('oid4vci_machine_first_party_error_title'),
+                message: _event.data.message,
+                stack: _event.data.stack,
+              }),
+            }),
+          },
+        },
+      },
       [OID4VCIMachineStates.selectCredentials]: {
         id: OID4VCIMachineStates.selectCredentials,
         on: {
@@ -453,6 +509,10 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
       [OID4VCIMachineStates.transitionFromSelectingCredentials]: {
         id: OID4VCIMachineStates.transitionFromSelectingCredentials,
         always: [
+          {
+            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
+            cond: OID4VCIMachineGuards.isFirstPartyApplication,
+          },
           {
             target: OID4VCIMachineStates.verifyPin,
             cond: OID4VCIMachineGuards.requirePinGuard,
@@ -726,6 +786,7 @@ export class OID4VCIMachine {
           oid4vciHasAuthorizationResponse,
           oid4vciIsOIDFOriginGuard,
           oid4vciContactHasLowTrustGuard,
+          oid4vciIsFirstPartyApplication,
           ...opts?.guards,
         },
       }),
@@ -737,7 +798,7 @@ export class OID4VCIMachine {
     if (opts?.requireCustomNavigationHook !== true) {
       if (typeof opts?.stateNavigationListener === 'function') {
         interpreter.onTransition((snapshot: OID4VCIMachineState): void => {
-          if (opts?.stateNavigationListener !== undefined) {
+          if (opts?.stateNavigationListener) {
             opts.stateNavigationListener(interpreter, snapshot)
           }
         })

package/src/{agent → mappers}/OIDC4VCIBrandingMapper.ts

@@ -1,6 +1,15 @@
 import { CredentialsSupportedDisplay, NameAndLocale } from '@sphereon/oid4vci-common'
-import { IBasicCredentialClaim, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
-import { SdJwtClaimDisplayMetadata, SdJwtClaimMetadata, SdJwtClaimPath, SdJwtTypeDisplayMetadata } from '@sphereon/ssi-types'
+import {
+  IBasicCredentialClaim,
+  IBasicCredentialLocaleBranding,
+  IBasicIssuerLocaleBranding
+} from '@sphereon/ssi-sdk.data-store'
+import {
+  SdJwtClaimDisplayMetadata,
+  SdJwtClaimMetadata,
+  SdJwtClaimPath,
+  SdJwtTypeDisplayMetadata
+} from '@sphereon/ssi-types'
 import {
   IssuerLocaleBrandingFromArgs,
   Oid4vciCombineDisplayLocalesFromArgs,
@@ -17,9 +26,7 @@ import {
 
 // FIXME should we not move this to the branding plugin?
 
-export const oid4vciGetCredentialBrandingFrom = async (
-  args: Oid4vciGetCredentialBrandingFromArgs,
-): Promise<Array<IBasicCredentialLocaleBranding>> => {
+export const oid4vciGetCredentialBrandingFrom = async (args: Oid4vciGetCredentialBrandingFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {
   const { credentialDisplay, issuerCredentialSubject } = args
 
   return oid4vciCombineDisplayLocalesFrom({
@@ -28,9 +35,7 @@ export const oid4vciGetCredentialBrandingFrom = async (
   })
 }
 
-export const oid4vciCredentialDisplayLocalesFrom = async (
-  args: Oid4vciCredentialDisplayLocalesFromArgs,
-): Promise<Map<string, CredentialsSupportedDisplay>> => {
+export const oid4vciCredentialDisplayLocalesFrom = async (args: Oid4vciCredentialDisplayLocalesFromArgs): Promise<Map<string, CredentialsSupportedDisplay>> => {
   const { credentialDisplay } = args
   return credentialDisplay.reduce((localeDisplays, display) => {
     const localeKey = display.locale || ''
@@ -39,9 +44,7 @@ export const oid4vciCredentialDisplayLocalesFrom = async (
   }, new Map<string, CredentialsSupportedDisplay>())
 }
 
-export const oid4vciIssuerCredentialSubjectLocalesFrom = async (
-  args: Oid4vciIssuerCredentialSubjectLocalesFromArgs,
-): Promise<Map<string, Array<IBasicCredentialClaim>>> => {
+export const oid4vciIssuerCredentialSubjectLocalesFrom = async (args: Oid4vciIssuerCredentialSubjectLocalesFromArgs): Promise<Map<string, Array<IBasicCredentialClaim>>> => {
   const { issuerCredentialSubject } = args
   const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()
 
@@ -122,9 +125,7 @@ export const oid4vciCredentialLocaleBrandingFrom = async (args: Oid4vciCredentia
   }
 }
 
-export const oid4vciCombineDisplayLocalesFrom = async (
-  args: Oid4vciCombineDisplayLocalesFromArgs,
-): Promise<Array<IBasicCredentialLocaleBranding>> => {
+export const oid4vciCombineDisplayLocalesFrom = async (args: Oid4vciCombineDisplayLocalesFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {
   const {
     credentialDisplayLocales = new Map<string, CredentialsSupportedDisplay>(),
     issuerCredentialSubjectLocales = new Map<string, Array<IBasicCredentialClaim>>(),
@@ -155,9 +156,7 @@ export const sdJwtGetCredentialBrandingFrom = async (args: SdJwtGetCredentialBra
   })
 }
 
-export const sdJwtCredentialDisplayLocalesFrom = async (
-  args: SdJwtCredentialDisplayLocalesFromArgs,
-): Promise<Map<string, SdJwtTypeDisplayMetadata>> => {
+export const sdJwtCredentialDisplayLocalesFrom = async (args: SdJwtCredentialDisplayLocalesFromArgs): Promise<Map<string, SdJwtTypeDisplayMetadata>> => {
   const { credentialDisplay } = args
   return credentialDisplay.reduce((localeDisplays, display) => {
     const localeKey = display.lang || ''
@@ -166,16 +165,14 @@ export const sdJwtCredentialDisplayLocalesFrom = async (
   }, new Map<string, SdJwtTypeDisplayMetadata>())
 }
 
-export const sdJwtCredentialClaimLocalesFrom = async (
-  args: SdJwtCredentialClaimLocalesFromArgs,
-): Promise<Map<string, Array<IBasicCredentialClaim>>> => {
+export const sdJwtCredentialClaimLocalesFrom = async (args: SdJwtCredentialClaimLocalesFromArgs): Promise<Map<string, Array<IBasicCredentialClaim>>> => {
   const { claimsMetadata } = args
   const localeClaims = new Map<string, Array<IBasicCredentialClaim>>()
 
   claimsMetadata.forEach((claim: SdJwtClaimMetadata): void => {
     claim.display?.forEach((display: SdJwtClaimDisplayMetadata): void => {
-      const { lang = '', label } = display
-      const key = claim.path.map((value: SdJwtClaimPath) => String(value)).join('.')
+      const { lang = '', label } = display;
+      const key = claim.path.map((value: SdJwtClaimPath) => String(value)).join('.');
       if (!localeClaims.has(lang)) {
         localeClaims.set(lang, [])
       }
@@ -183,7 +180,7 @@ export const sdJwtCredentialClaimLocalesFrom = async (
     })
   })
 
-  return localeClaims
+  return localeClaims;
 }
 
 export const sdJwtCredentialLocaleBrandingFrom = async (args: SdJwtCredentialLocaleBrandingFromArgs): Promise<IBasicCredentialLocaleBranding> => {
@@ -216,15 +213,17 @@ export const sdJwtCredentialLocaleBrandingFrom = async (args: SdJwtCredentialLoc
     }),
     ...(credentialDisplay.rendering?.simple?.background_color && {
       background: {
-        color: credentialDisplay.rendering.simple.background_color,
+        color: credentialDisplay.rendering.simple.background_color ,
       },
     }),
   }
 }
 
 export const sdJwtCombineDisplayLocalesFrom = async (args: SdJwtCombineDisplayLocalesFromArgs): Promise<Array<IBasicCredentialLocaleBranding>> => {
-  const { credentialDisplayLocales = new Map<string, SdJwtTypeDisplayMetadata>(), claimsMetadata = new Map<string, Array<IBasicCredentialClaim>>() } =
-    args
+  const {
+    credentialDisplayLocales = new Map<string, SdJwtTypeDisplayMetadata>(),
+    claimsMetadata = new Map<string, Array<IBasicCredentialClaim>>(),
+  } = args
 
   const locales: Array<string> = Array.from(new Set([...claimsMetadata.keys(), ...credentialDisplayLocales.keys()]))
 

package/src/services/FirstPartyMachineServices.ts

@@ -0,0 +1,63 @@
+import { OpenID4VCIClient } from '@sphereon/oid4vci-client'
+import { AuthorizationChallengeValidationResponse } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
+import { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
+import { v4 as uuidv4 } from 'uuid'
+import { RequiredContext } from '../types/IOID4VCIHolder'
+import {
+  CreateConfigArgs,
+  GetSiopRequestArgs,
+  SendAuthorizationChallengeRequestArgs,
+  SendAuthorizationResponseArgs,
+  SiopV2AuthorizationRequestData
+} from '../types/FirstPartyMachine'
+
+export const sendAuthorizationChallengeRequest = async (args: SendAuthorizationChallengeRequestArgs): Promise<AuthorizationChallengeCodeResponse> => {
+  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args
+
+  const oid4vciClient = await OpenID4VCIClient.fromState({ state: openID4VCIClientState })
+  return oid4vciClient.acquireAuthorizationChallengeCode({
+    clientId: oid4vciClient.clientId ?? uuidv4(),
+    ...(authSession && { authSession }),
+    ...(!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && { issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode }),
+    ...(!authSession && openID4VCIClientState.credentialOffer?.issuerState && { issuerState: openID4VCIClientState.credentialOffer?.issuerState }),
+    ...(presentationDuringIssuanceSession && { presentationDuringIssuanceSession })
+  })
+}
+
+export const createConfig = async (args: CreateConfigArgs, context: RequiredContext): Promise<CreateConfigResult> => {
+  const { presentationUri } = args;
+
+  if (!presentationUri) {
+    return Promise.reject(Error('Missing presentation uri in context'));
+  }
+
+  return context.agent.siopCreateConfig({ url: presentationUri })
+};
+
+export const getSiopRequest = async (args: GetSiopRequestArgs, context: RequiredContext): Promise<SiopV2AuthorizationRequestData> => {
+  const {didAuthConfig, presentationUri} = args;
+
+  if (presentationUri === undefined) {
+    return Promise.reject(Error('Missing presentation uri in context'));
+  }
+
+  if (didAuthConfig === undefined) {
+    return Promise.reject(Error('Missing did auth config in context'));
+  }
+
+  return context.agent.siopGetSiopRequest({ didAuthConfig, url: presentationUri })
+}
+
+export const sendAuthorizationResponse = async (args: SendAuthorizationResponseArgs, context: RequiredContext): Promise<string> => {
+  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args
+
+  const responseData = await context.agent.siopSendResponse({
+    authorizationRequestData,
+    selectedCredentials,
+    didAuthConfig,
+    isFirstParty: true
+  })
+
+  return (<AuthorizationChallengeValidationResponse>responseData.body).presentation_during_issuance_session
+}