@sphereon/ssi-sdk.oid4vci-holder 0.32.1-next.54 → 0.33.1-feature.jose.vcdm.55

package/package.json

@@ -1,39 +1,52 @@
 {
   "name": "@sphereon/ssi-sdk.oid4vci-holder",
-  "version": "0.32.1-next.54+3b988a2b",
+  "version": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
   "source": "src/index.ts",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    "react-native": "./dist/index.js",
+    "import": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "require": {
+      "types": "./dist/index.d.cts",
+      "require": "./dist/index.cjs"
+    }
+  },
   "veramo": {
     "pluginInterfaces": {
       "IOID4VCIHolder": "./src/types/IOID4VCIHolder.ts"
     }
   },
   "scripts": {
-    "build": "tsc",
-    "build:clean": "tsc --build --clean && tsc --build"
+    "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.16.1-next.339",
+    "@sphereon/did-auth-siop": "0.17.1-feature.esm.cjs.39",
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
-    "@sphereon/oid4vci-client": "0.16.1-next.339",
-    "@sphereon/oid4vci-common": "0.16.1-next.339",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.27.0",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.27.0",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.27.0",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.27.0",
-    "@sphereon/ssi-sdk.contact-manager": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.core": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.credential-store": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.credential-validation": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.data-store": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.issuance-branding": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.mdl-mdoc": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.oidf-client": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.sd-jwt": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-types": "0.32.1-next.54+3b988a2b",
+    "@sphereon/oid4vci-client": "0.17.1-feature.esm.cjs.39",
+    "@sphereon/oid4vci-common": "0.17.1-feature.esm.cjs.39",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.esm.cjs.18",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.1-feature.esm.cjs.18",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.28.1-feature.esm.cjs.18",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.esm.cjs.18",
+    "@sphereon/ssi-sdk.contact-manager": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.core": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.credential-store": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.credential-validation": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.data-store": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.issuance-branding": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.mdl-mdoc": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.oidf-client": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.sd-jwt": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
+    "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.55+6f02f6f8",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",
     "@veramo/utils": "4.2.0",
@@ -45,21 +58,21 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vc-common": "0.16.1-next.339",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.27.0",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.32.1-next.54+3b988a2b",
+    "@sphereon/oid4vc-common": "0.17.1-feature.esm.cjs.39",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.1-feature.esm.cjs.18",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
     "@types/uuid": "^9.0.8",
     "@veramo/remote-client": "4.2.0",
     "@veramo/remote-server": "4.2.0",
     "nock": "^13.5.4",
-    "typeorm": "^0.3.20",
-    "typescript": "5.5.3"
+    "typeorm": "0.3.20",
+    "typescript": "5.8.3"
   },
   "files": [
-    "dist/**/*",
-    "src/**/*",
+    "dist",
+    "src",
     "README.md",
     "plugin.schema.json",
     "LICENSE"
@@ -76,6 +89,5 @@
     "OID4VCI",
     "State Machine"
   ],
-  "nx": {},
-  "gitHead": "3b988a2bb62a7c4534a2670ea3a0985fd93d00f2"
+  "gitHead": "6f02f6f83679198268c6e1ea956be24cc1017234"
 }

package/src/agent/OID4VCIHolder.ts

@@ -4,6 +4,8 @@ import {
   AuthorizationRequestOpts,
   AuthorizationServerClientOpts,
   AuthorizationServerOpts,
+  CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13,
+  CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13,
   CredentialOfferRequestWithBaseUrl,
   DefaultURISchemes,
   EndpointMetadataResult,
@@ -45,7 +47,8 @@ import {
 } from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
-  Hasher,
+  type CredentialProofFormat,
+  HasherSync,
   IVerifiableCredential,
   JoseSignatureAlgorithm,
   JoseSignatureAlgorithmString,
@@ -63,7 +66,6 @@ import {
   IDIDManager,
   IKeyManager,
   IResolver,
-  ProofFormat,
   VerifiableCredential,
   W3CVerifiableCredential,
 } from '@veramo/core'
@@ -107,7 +109,7 @@ import {
   StoreIssuerBrandingArgs,
   VerificationResult,
   VerifyEBSICredentialIssuerArgs,
-  VerifyEBSICredentialIssuerResult
+  VerifyEBSICredentialIssuerResult,
 } from '../types/IOID4VCIHolder'
 import {
   getBasicIssuerLocaleBranding,
@@ -117,10 +119,11 @@ import {
   getIssuanceOpts,
   mapCredentialToAccept,
   selectCredentialLocaleBranding,
+  startFirstPartApplicationMachine,
   verifyCredentialToAccept,
-  startFirstPartApplicationMachine
 } from '../services/OID4VCIHolderService'
 import 'cross-fetch/polyfill'
+import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
 /**
  * {@inheritDoc IOID4VCIHolder}
@@ -192,7 +195,7 @@ export async function verifyEBSICredentialIssuer(args: VerifyEBSICredentialIssue
     throw Error('The issuer of the VC cannot be trusted')
   }
 
-  const payload = await response.json()
+  const payload = (await response.json()) as VerifyEBSICredentialIssuerResult
 
   if (!payload.attributes.some((a: Attribute) => issuerType.includes(a.issuerType))) {
     throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`)
@@ -202,7 +205,7 @@ export async function verifyEBSICredentialIssuer(args: VerifyEBSICredentialIssue
 }
 
 export class OID4VCIHolder implements IAgentPlugin {
-  private readonly hasher?: Hasher
+  private readonly hasher?: HasherSync
   readonly eventTypes: Array<OID4VCIHolderEvent> = [
     OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,
     OID4VCIHolderEvent.CREDENTIAL_STORED,
@@ -264,7 +267,7 @@ export class OID4VCIHolder implements IAgentPlugin {
       didMethodPreferences,
       jwtCryptographicSuitePreferences,
       defaultAuthorizationRequestOptions,
-      hasher,
+      hasher = defaultHasher,
     } = { ...options }
 
     this.hasher = hasher
@@ -319,15 +322,19 @@ export class OID4VCIHolder implements IAgentPlugin {
           },
           context,
         ),
-      [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args: StartFirstPartApplicationMachine) => startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),
-      [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args: CreateCredentialsToSelectFromArgs) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
+      [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args: StartFirstPartApplicationMachine) =>
+        startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),
+      [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args: CreateCredentialsToSelectFromArgs) =>
+        this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
       [OID4VCIMachineServices.getContact]: (args: GetContactArgs) => this.oid4vciHolderGetContact(args, context),
-      [OID4VCIMachineServices.getCredentials]: (args: GetCredentialsArgs) => this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),
+      [OID4VCIMachineServices.getCredentials]: (args: GetCredentialsArgs) =>
+        this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),
       [OID4VCIMachineServices.addContactIdentity]: (args: AddContactIdentityArgs) => this.oid4vciHolderAddContactIdentity(args, context),
       [OID4VCIMachineServices.getIssuerBranding]: (args: GetIssuerBrandingArgs) => this.oid4vciHolderGetIssuerBranding(args, context),
       [OID4VCIMachineServices.storeIssuerBranding]: (args: StoreIssuerBrandingArgs) => this.oid4vciHolderStoreIssuerBranding(args, context),
       [OID4VCIMachineServices.assertValidCredentials]: (args: AssertValidCredentialsArgs) => this.oid4vciHolderAssertValidCredentials(args, context),
-      [OID4VCIMachineServices.storeCredentialBranding]: (args: StoreCredentialBrandingArgs) => this.oid4vciHolderStoreCredentialBranding(args, context),
+      [OID4VCIMachineServices.storeCredentialBranding]: (args: StoreCredentialBrandingArgs) =>
+        this.oid4vciHolderStoreCredentialBranding(args, context),
       [OID4VCIMachineServices.storeCredentials]: (args: StoreCredentialsArgs) => this.oid4vciHolderStoreCredentials(args, context),
       [OID4VCIMachineServices.sendNotification]: (args: SendNotificationArgs) => this.oid4vciHolderSendNotification(args, context),
       [OID4VCIMachineServices.getFederationTrust]: (args: GetFederationTrustArgs) => this.getFederationTrust(args, context),
@@ -632,7 +639,7 @@ export class OID4VCIHolder implements IAgentPlugin {
     // The VCI lib either expects a jwk or a kid
     const jwk = isManagedIdentifierJwkResult(identifier) ? identifier.jwk : undefined
 
-    const callbacks: ProofOfPossessionCallbacks<never> = {
+    const callbacks: ProofOfPossessionCallbacks = {
       signCallback: signCallback(identifier, context),
     }
 
@@ -678,7 +685,10 @@ export class OID4VCIHolder implements IAgentPlugin {
       if (!credentialTypes || credentialTypes.length === 0) {
         return Promise.reject(Error('cannot determine credential id to request'))
       }
+
+      const credentialDefinition = this.getCredentialDefinition(issuanceOpt)
       const credentialResponse = await client.acquireCredentials({
+        ...(credentialDefinition && { context: credentialDefinition['@context'] }),
         credentialTypes,
         proofCallbacks: callbacks,
         format: issuanceOpt.format,
@@ -911,7 +921,7 @@ export class OID4VCIHolder implements IAgentPlugin {
           : 'credential_deleted_holder_signed'
         logger.log(`Subject issuance/signing will be used, with event`, event)
         const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
-        const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher })
+        const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })
         console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)
         // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)
 
@@ -920,7 +930,11 @@ export class OID4VCIHolder implements IAgentPlugin {
         if (CredentialMapper.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {
           issuer = trimmed(wrappedIssuerVC.decoded?.sub)
         } else if (CredentialMapper.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {
-          issuer = trimmed(wrappedIssuerVC.credential?.sub) ?? trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC))
+          issuer =
+            trimmed(wrappedIssuerVC.credential?.sub) ??
+            // @ts-ignore
+            trimmed(wrappedIssuerVC.credential?.credentialSubject?.id) ??
+            trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC))
         } else if (CredentialMapper.isWrappedMdocCredential(wrappedIssuerVC)) {
           return Promise.reject(Error('mdoc not yet supported'))
         }
@@ -952,7 +966,7 @@ export class OID4VCIHolder implements IAgentPlugin {
         logger.log(`Issuer for self-issued credential will be: ${issuer}`)
 
         const holderCredentialToSign = wrappedIssuerVC.decoded
-        let proofFormat: ProofFormat = 'lds'
+        let proofFormat: CredentialProofFormat = 'lds'
         if (wrappedIssuerVC.format.includes('jwt') && !wrappedIssuerVC.format.includes('mso_mdoc')) {
           holderCredentialToSign.iss = issuer
           proofFormat = 'jwt'
@@ -980,7 +994,7 @@ export class OID4VCIHolder implements IAgentPlugin {
 
         logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign)
         const issuedVC = await context.agent.createVerifiableCredential({
-          credential: holderCredentialToSign as CredentialPayload,
+          credential: ('vc' in holderCredentialToSign ? holderCredentialToSign.vc : holderCredentialToSign) as CredentialPayload,
           fetchRemoteContexts: true,
           save: false,
           proofFormat,
@@ -1078,6 +1092,11 @@ export class OID4VCIHolder implements IAgentPlugin {
     const params = new URLSearchParams(url.search)
     const openidFederation = params.get('openid_federation')
     const entityIdentifier = openidFederation ?? serverMetadata.issuer
+    if (entityIdentifier.startsWith('http://')) {
+      console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`)
+      // OIDF always needs to be https
+      return []
+    }
 
     const result = await context.agent.identifierExternalResolveByOIDFEntityId({
       method: 'entity_id',
@@ -1130,4 +1149,11 @@ export class OID4VCIHolder implements IAgentPlugin {
     }
     return undefined
   }
+
+  private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | undefined {
+    if (issuanceOpt.format == 'ldp_vc' || issuanceOpt.format == 'jwt_vc_json-ld') {
+      return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13).credential_definition
+    }
+    return undefined
+  }
 }

package/src/index.ts

@@ -3,6 +3,7 @@
  */
 
 export { OID4VCIHolder, oid4vciHolderContextMethods, signCallback } from './agent/OID4VCIHolder'
+export * from './mappers/OIDC4VCIBrandingMapper'
 export * from './services/OID4VCIHolderService'
 export * from './services/FirstPartyMachineServices'
 export * from './types/IOID4VCIHolder'

package/src/link-handler/index.ts

@@ -3,12 +3,7 @@ import { AuthorizationRequestOpts, AuthorizationServerClientOpts, AuthzFlowType,
 import { DefaultLinkPriorities, LinkHandlerAdapter } from '@sphereon/ssi-sdk.core'
 import { IMachineStatePersistence, interpreterStartOrResume, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence'
 import { IAgentContext } from '@veramo/core'
-import {
-  GetMachineArgs,
-  IOID4VCIHolder,
-  OID4VCIMachineEvents,
-  OID4VCIMachineStateNavigationListener
-} from '../types/IOID4VCIHolder'
+import { GetMachineArgs, IOID4VCIHolder, OID4VCIMachineEvents, OID4VCIMachineStateNavigationListener } from '../types/IOID4VCIHolder'
 import { FirstPartyMachineStateNavigationListener } from '../types/FirstPartyMachine'
 
 /**
@@ -24,7 +19,10 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
   private readonly trustAnchors?: Array<string>
 
   constructor(
-    args: Pick<GetMachineArgs, 'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors' | 'firstPartyStateNavigationListener'> & {
+    args: Pick<
+      GetMachineArgs,
+      'stateNavigationListener' | 'authorizationRequestOpts' | 'clientOpts' | 'trustAnchors' | 'firstPartyStateNavigationListener'
+    > & {
       priority?: number | DefaultLinkPriorities
       protocols?: Array<string | RegExp>
       noStateMachinePersistence?: boolean
@@ -69,7 +67,7 @@ export class OID4VCIHolderLinkHandler extends LinkHandlerAdapter {
       authorizationRequestOpts: { ...this.authorizationRequestOpts, ...opts?.authorizationRequestOpts },
       ...((clientOpts.clientId || clientOpts.clientAssertionType) && { clientOpts: clientOpts as AuthorizationServerClientOpts }),
       stateNavigationListener: this.stateNavigationListener,
-      firstPartyStateNavigationListener: this.firstPartyStateNavigationListener
+      firstPartyStateNavigationListener: this.firstPartyStateNavigationListener,
     })
 
     const interpreter = oid4vciMachine.interpreter

package/src/machines/firstPartyMachine.ts

@@ -1,17 +1,8 @@
 import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
-import {
-  AuthorizationChallengeCodeResponse,
-  AuthorizationChallengeError,
-  AuthorizationChallengeErrorResponse
-} from '@sphereon/oid4vci-common'
+import { AuthorizationChallengeCodeResponse, AuthorizationChallengeError, AuthorizationChallengeErrorResponse } from '@sphereon/oid4vci-common'
 import { DidAuthConfig } from '@sphereon/ssi-sdk.data-store'
 import { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
-import {
-  createConfig,
-  getSiopRequest,
-  sendAuthorizationChallengeRequest,
-  sendAuthorizationResponse
-} from '../services/FirstPartyMachineServices'
+import { createConfig, getSiopRequest, sendAuthorizationChallengeRequest, sendAuthorizationResponse } from '../services/FirstPartyMachineServices'
 import { translate } from '../localization/Localization'
 import { ErrorDetails } from '../types/IOID4VCIHolder'
 import {
@@ -31,7 +22,7 @@ import {
   InstanceFirstPartyMachineOpts,
   SiopV2AuthorizationRequestData,
   SendAuthorizationResponseArgs,
-  FirstPartySelectCredentialsEvent
+  FirstPartySelectCredentialsEvent,
 } from '../types/FirstPartyMachine'
 
 const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
@@ -42,16 +33,18 @@ const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
       onDone: {
         target: FirstPartyMachineStateTypes.done,
         actions: assign({
-          authorizationCodeResponse: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => _event.data
-        })
+          authorizationCodeResponse: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => _event.data,
+        }),
       },
       onError: [
         {
           target: FirstPartyMachineStateTypes.createConfig,
-          cond: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>): boolean => _event.data.error === AuthorizationChallengeError.insufficient_authorization,
+          cond: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>): boolean =>
+            _event.data.error === AuthorizationChallengeError.insufficient_authorization,
           actions: assign({
             authSession: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.auth_session,
-            presentationUri: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) => _event.data.presentation,
+            presentationUri: (_ctx: FirstPartyMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeErrorResponse>) =>
+              _event.data.presentation,
           }),
         },
         {
@@ -63,9 +56,9 @@ const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
               stack: _event.data.stack,
             }),
           }),
-        }
+        },
       ],
-    }
+    },
   },
   [FirstPartyMachineStateTypes.createConfig]: {
     id: FirstPartyMachineStateTypes.createConfig,
@@ -115,7 +108,7 @@ const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
     id: FirstPartyMachineStateTypes.selectCredentials,
     on: {
       [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
-        actions: assign({selectedCredentials: (_ctx: FirstPartyMachineContext, _event: FirstPartySelectCredentialsEvent) => _event.data}),
+        actions: assign({ selectedCredentials: (_ctx: FirstPartyMachineContext, _event: FirstPartySelectCredentialsEvent) => _event.data }),
       },
       [FirstPartyMachineEvents.NEXT]: {
         target: FirstPartyMachineStateTypes.sendAuthorizationResponse,
@@ -148,15 +141,15 @@ const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
           }),
         }),
       },
-    }
+    },
   },
   [FirstPartyMachineStateTypes.aborted]: {
     id: FirstPartyMachineStateTypes.aborted,
-    type: 'final'
+    type: 'final',
   },
   [FirstPartyMachineStateTypes.declined]: {
     id: FirstPartyMachineStateTypes.declined,
-    type: 'final'
+    type: 'final',
   },
   [FirstPartyMachineStateTypes.error]: {
     id: FirstPartyMachineStateTypes.error,
@@ -165,7 +158,7 @@ const firstPartyMachineStates: FirstPartyMachineStatesConfig = {
   [FirstPartyMachineStateTypes.done]: {
     id: FirstPartyMachineStateTypes.done,
     type: 'final',
-  }
+  },
 }
 
 const createFirstPartyActivationMachine = (opts: CreateFirstPartyMachineOpts): FirstPartyStateMachine => {
@@ -173,66 +166,64 @@ const createFirstPartyActivationMachine = (opts: CreateFirstPartyMachineOpts): F
     openID4VCIClientState: opts.openID4VCIClientState,
     contact: opts.contact,
     selectedCredentials: [],
-  };
+  }
 
-  return createMachine<FirstPartyMachineContext, FirstPartyMachineEventTypes>(
-    {
-      id: opts?.machineId ?? 'FirstParty',
-      predictableActionArguments: true,
-      initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-      context: initialContext,
-      states: firstPartyMachineStates,
-      schema: {
-        events: {} as FirstPartyMachineEventTypes,
-        services: {} as {
-          [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: {
-            data: void
-          },
-          [FirstPartyMachineServices.createConfig]: {
-            data: CreateConfigResult
-          },
-          [FirstPartyMachineServices.getSiopRequest]: {
-            data: SiopV2AuthorizationRequestData
-          },
-          [FirstPartyMachineServices.sendAuthorizationResponse]: {
-            data: string
-          }
+  return createMachine<FirstPartyMachineContext, FirstPartyMachineEventTypes>({
+    id: opts?.machineId ?? 'FirstParty',
+    predictableActionArguments: true,
+    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    context: initialContext,
+    states: firstPartyMachineStates,
+    schema: {
+      events: {} as FirstPartyMachineEventTypes,
+      services: {} as {
+        [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: {
+          data: void
         }
-      }
-    }
-  );
-};
+        [FirstPartyMachineServices.createConfig]: {
+          data: CreateConfigResult
+        }
+        [FirstPartyMachineServices.getSiopRequest]: {
+          data: SiopV2AuthorizationRequestData
+        }
+        [FirstPartyMachineServices.sendAuthorizationResponse]: {
+          data: string
+        }
+      },
+    },
+  })
+}
 
 export class FirstPartyMachine {
-  private static _instance: FirstPartyMachineInterpreter | undefined;
+  private static _instance: FirstPartyMachineInterpreter | undefined
 
   static hasInstance(): boolean {
-    return FirstPartyMachine._instance !== undefined;
+    return FirstPartyMachine._instance !== undefined
   }
 
   static get instance(): FirstPartyMachineInterpreter {
     if (!FirstPartyMachine._instance) {
-      throw Error('Please initialize ESIMActivation machine first');
+      throw Error('Please initialize ESIMActivation machine first')
     }
-    return FirstPartyMachine._instance;
+    return FirstPartyMachine._instance
   }
 
-  static clearInstance(opts: {stop: boolean}) {
-    const {stop} = opts;
+  static clearInstance(opts: { stop: boolean }) {
+    const { stop } = opts
     if (FirstPartyMachine.hasInstance()) {
       if (stop) {
-        FirstPartyMachine.stopInstance();
+        FirstPartyMachine.stopInstance()
       }
     }
-    FirstPartyMachine._instance = undefined;
+    FirstPartyMachine._instance = undefined
   }
 
   static stopInstance(): void {
     if (!FirstPartyMachine.hasInstance()) {
-      return;
+      return
     }
-    FirstPartyMachine.instance.stop();
-    FirstPartyMachine._instance = undefined;
+    FirstPartyMachine.instance.stop()
+    FirstPartyMachine._instance = undefined
   }
 
   public static newInstance(opts: InstanceFirstPartyMachineOpts): FirstPartyMachineInterpreter {
@@ -254,10 +245,10 @@ export class FirstPartyMachine {
           ...opts?.guards,
         },
       }),
-    );
+    )
 
     if (typeof opts?.subscription === 'function') {
-      newInst.onTransition(opts.subscription);
+      newInst.onTransition(opts.subscription)
     }
 
     if (opts?.requireCustomNavigationHook !== true) {
@@ -265,23 +256,23 @@ export class FirstPartyMachine {
         if (opts?.stateNavigationListener) {
           void opts.stateNavigationListener(newInst, snapshot)
         }
-      });
+      })
     }
 
-    return newInst;
+    return newInst
   }
 
   static getInstance(
     opts: InstanceFirstPartyMachineOpts & {
-      requireExisting?: boolean;
+      requireExisting?: boolean
     },
   ): FirstPartyMachineInterpreter {
     if (!FirstPartyMachine._instance) {
       if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`)
       }
-      FirstPartyMachine._instance = FirstPartyMachine.newInstance(opts);
+      FirstPartyMachine._instance = FirstPartyMachine.newInstance(opts)
     }
-    return FirstPartyMachine._instance;
+    return FirstPartyMachine._instance
   }
 }

package/src/machines/oid4vciMachine.ts

@@ -1,8 +1,4 @@
-import {
-  AuthorizationChallengeCodeResponse,
-  AuthzFlowType,
-  toAuthorizationResponsePayload
-} from '@sphereon/oid4vci-common'
+import { AuthorizationChallengeCodeResponse, AuthzFlowType, toAuthorizationResponsePayload } from '@sphereon/oid4vci-common'
 import { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store'
 import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
 import { translate } from '../localization/Localization'
@@ -456,18 +452,20 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
           },
         ],
       },
-      [OID4VCIMachineStates.startFirstPartApplicationFlow] :{
+      [OID4VCIMachineStates.startFirstPartApplicationFlow]: {
         id: OID4VCIMachineStates.startFirstPartApplicationFlow,
         invoke: {
           src: OID4VCIMachineServices.startFirstPartApplicationFlow,
           onDone: [
             {
               target: OID4VCIMachineStates.aborted,
-              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean => _event.data === FirstPartyMachineStateTypes.aborted,
+              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>
+                _event.data === FirstPartyMachineStateTypes.aborted,
             },
             {
               target: OID4VCIMachineStates.declined,
-              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean => _event.data === FirstPartyMachineStateTypes.declined,
+              cond: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<FirstPartyMachineStateTypes>): boolean =>
+                _event.data === FirstPartyMachineStateTypes.declined,
             },
             {
               target: OID4VCIMachineStates.getCredentials,
@@ -475,9 +473,9 @@ const createOID4VCIMachine = (opts?: CreateOID4VCIMachineOpts): OID4VCIStateMach
                 openID4VCIClientState: (_ctx: OID4VCIMachineContext, _event: DoneInvokeEvent<AuthorizationChallengeCodeResponse>) => {
                   const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data)
                   return { ..._ctx.openID4VCIClientState!, authorizationCodeResponse }
-                }
-              })
-            }
+                },
+              }),
+            },
           ],
           onError: {
             target: OID4VCIMachineStates.handleError,