@sphereon/ssi-sdk.oid4vci-holder 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

package/dist/index.js

@@ -1,3112 +1,32 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __commonJS = (cb, mod) => function __require() {
-  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
-};
-
-// src/localization/translations/en.json
-var require_en = __commonJS({
-  "src/localization/translations/en.json"(exports, module) {
-    module.exports = {
-      oid4vci_machine_verify_credentials_error_title: "Verify credentials",
-      oid4vci_machine_store_credential_branding_error_title: "Store credential branding",
-      oid4vci_machine_store_credential_error_title: "Store credential",
-      oid4vci_machine_add_contact_identity_error_title: "Add contact identity",
-      oid4vci_machine_retrieve_credentials_error_title: "Retrieve credentials",
-      oid4vci_machine_retrieve_issuer_branding_error_title: "Retrieve issuer branding",
-      oid4vci_machine_store_issuer_branding_error_title: "Store issuer branding",
-      oid4vci_machine_retrieve_contact_error_title: "Retrieve contact",
-      oid4vci_machine_credential_selection_error_title: "Credential selection",
-      oid4vci_machine_initiation_error_title: "Initiate OID4VCI provider",
-      oid4vci_machine_credential_verification_failed_message: "The credential verification resulted in an error.",
-      oid4vci_machine_credential_verification_schema_failed_message: "The credential schema verification resulted in an error.",
-      oid4vci_machine_retrieve_federation_trust_error_title: "Retrieve federation trust",
-      oid4vci_machine_first_party_error_title: "First party flow",
-      oid4vci_machine_send_authorization_challenge_request_error_title: "Sending authorization challenge request",
-      oid4vci_machine_create_config_error_title: "Creating siopV2 config",
-      oid4vci_machine_get_request_error_title: "Getting siopV2 request"
-    };
-  }
-});
-
-// src/localization/translations/nl.json
-var require_nl = __commonJS({
-  "src/localization/translations/nl.json"(exports, module) {
-    module.exports = {
-      oid4vci_machine_verify_credentials_error_title: "Verifi\xEBren credential",
-      oid4vci_machine_store_credential_branding_error_title: "Opslaan credential branding",
-      oid4vci_machine_store_credential_error_title: "Opslaan credential",
-      oid4vci_machine_add_contact_identity_error_title: "Toevoegen identiteit contact",
-      oid4vci_machine_retrieve_credentials_error_title: "Ophalen credential",
-      oid4vci_machine_retrieve_issuer_branding_error_title: "Ophalen issuer branding",
-      oid4vci_machine_store_issuer_branding_error_title: "Opslaan issuer branding",
-      oid4vci_machine_retrieve_contact_error_title: "Ophalen contact",
-      oid4vci_machine_credential_selection_error_title: "Credential selectie",
-      oid4vci_machine_initiation_error_title: "Initi\xEBren OID4VCI provider",
-      oid4vci_machine_credential_verification_failed_message: "Verificatie van de credential leidde tot een fout.",
-      oid4vci_machine_retrieve_federation_trust_error_title: "Ophalen federatievertrouwen",
-      oid4vci_machine_first_party_error_title: "Eerste partijstroom",
-      oid4vci_machine_send_authorization_challenge_request_error_title: "Versturen autorisatie-uitdaging aanvraag",
-      oid4vci_machine_create_config_error_title: "SiopV2-configuratie aanmaken",
-      oid4vci_machine_get_request_error_title: "SiopV2-verzoek ophalen"
-    };
-  }
-});
-
-// src/agent/OID4VCIHolder.ts
-import { CredentialOfferClient, MetadataClient, OpenID4VCIClient as OpenID4VCIClient2 } from "@sphereon/oid4vci-client";
-import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCredentialOffer, getTypesFromObject as getTypesFromObject2 } from "@sphereon/oid4vci-common";
-import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
-import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
-import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
-import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
-import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
-import { decodeJWT } from "did-jwt";
-import { v4 as uuidv42 } from "uuid";
-
-// src/machines/oid4vciMachine.ts
-import { AuthzFlowType, toAuthorizationResponsePayload } from "@sphereon/oid4vci-common";
-import { assign, createMachine, interpret } from "xstate";
-
-// src/localization/Localization.ts
-import i18n from "i18n-js";
-import memoize from "lodash.memoize";
-
-// src/types/IOID4VCIHolder.ts
-var OID4VCIHolderEvent = /* @__PURE__ */ function(OID4VCIHolderEvent2) {
-  OID4VCIHolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
-  OID4VCIHolderEvent2["CREDENTIAL_STORED"] = "credential_stored";
-  OID4VCIHolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
-  return OID4VCIHolderEvent2;
-}({});
-var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
-  SupportedLanguage2["ENGLISH"] = "en";
-  SupportedLanguage2["DUTCH"] = "nl";
-  return SupportedLanguage2;
-}({});
-var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
-  OID4VCIMachineStates2["start"] = "start";
-  OID4VCIMachineStates2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
-  OID4VCIMachineStates2["getContact"] = "getContact";
-  OID4VCIMachineStates2["transitionFromSetup"] = "transitionFromSetup";
-  OID4VCIMachineStates2["getFederationTrust"] = "getFederationTrust";
-  OID4VCIMachineStates2["reviewContact"] = "reviewContact";
-  OID4VCIMachineStates2["addContact"] = "addContact";
-  OID4VCIMachineStates2["getIssuerBranding"] = "getIssuerBranding";
-  OID4VCIMachineStates2["storeIssuerBranding"] = "storeIssuerBranding";
-  OID4VCIMachineStates2["addIssuerBrandingAfterIdentity"] = "addIssuerBrandingAfterIdentity";
-  OID4VCIMachineStates2["transitionFromContactSetup"] = "transitionFromContactSetup";
-  OID4VCIMachineStates2["startFirstPartApplicationFlow"] = "startFirstPartApplicationFlow";
-  OID4VCIMachineStates2["selectCredentials"] = "selectCredentials";
-  OID4VCIMachineStates2["transitionFromSelectingCredentials"] = "transitionFromSelectingCredentials";
-  OID4VCIMachineStates2["verifyPin"] = "verifyPin";
-  OID4VCIMachineStates2["initiateAuthorizationRequest"] = "initiateAuthorizationRequest";
-  OID4VCIMachineStates2["waitForAuthorizationResponse"] = "waitForAuthorizationResponse";
-  OID4VCIMachineStates2["getCredentials"] = "getCredentials";
-  OID4VCIMachineStates2["transitionFromWalletInput"] = "transitionFromWalletInput";
-  OID4VCIMachineStates2["addContactIdentity"] = "addContactIdentity";
-  OID4VCIMachineStates2["reviewCredentials"] = "reviewCredentials";
-  OID4VCIMachineStates2["verifyCredentials"] = "verifyCredentials";
-  OID4VCIMachineStates2["storeCredentialBranding"] = "storeCredentialBranding";
-  OID4VCIMachineStates2["storeCredentials"] = "storeCredentials";
-  OID4VCIMachineStates2["handleError"] = "handleError";
-  OID4VCIMachineStates2["aborted"] = "aborted";
-  OID4VCIMachineStates2["declined"] = "declined";
-  OID4VCIMachineStates2["error"] = "error";
-  OID4VCIMachineStates2["done"] = "done";
-  return OID4VCIMachineStates2;
-}({});
-var OID4VCIMachineAddContactStates = /* @__PURE__ */ function(OID4VCIMachineAddContactStates2) {
-  OID4VCIMachineAddContactStates2["idle"] = "idle";
-  OID4VCIMachineAddContactStates2["next"] = "next";
-  return OID4VCIMachineAddContactStates2;
-}({});
-var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ function(OID4VCIMachineVerifyPinStates2) {
-  OID4VCIMachineVerifyPinStates2["idle"] = "idle";
-  OID4VCIMachineVerifyPinStates2["next"] = "next";
-  return OID4VCIMachineVerifyPinStates2;
-}({});
-var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
-  OID4VCIMachineEvents2["NEXT"] = "NEXT";
-  OID4VCIMachineEvents2["PREVIOUS"] = "PREVIOUS";
-  OID4VCIMachineEvents2["DECLINE"] = "DECLINE";
-  OID4VCIMachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
-  OID4VCIMachineEvents2["SET_VERIFICATION_CODE"] = "SET_VERIFICATION_CODE";
-  OID4VCIMachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
-  OID4VCIMachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
-  OID4VCIMachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
-  OID4VCIMachineEvents2["SET_AUTHORIZATION_CODE_URL"] = "SET_AUTHORIZATION_CODE_URL";
-  OID4VCIMachineEvents2["INVOKED_AUTHORIZATION_CODE_REQUEST"] = "INVOKED_AUTHORIZATION_CODE_REQUEST";
-  OID4VCIMachineEvents2["PROVIDE_AUTHORIZATION_CODE_RESPONSE"] = "PROVIDE_AUTHORIZATION_CODE_RESPONSE";
-  return OID4VCIMachineEvents2;
-}({});
-var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
-  OID4VCIMachineGuards2["hasContactGuard"] = "oid4vciHasContactGuard";
-  OID4VCIMachineGuards2["hasNoContactGuard"] = "oid4vciHasNoContactGuard";
-  OID4VCIMachineGuards2["credentialsToSelectRequiredGuard"] = "oid4vciCredentialsToSelectRequiredGuard";
-  OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
-  OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
-  OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
-  OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
-  OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
-  OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
-  OID4VCIMachineGuards2["createContactGuard"] = "oid4vciCreateContactGuard";
-  OID4VCIMachineGuards2["hasSelectedCredentialsGuard"] = "oid4vciHasSelectedCredentialsGuard";
-  OID4VCIMachineGuards2["isOIDFOriginGuard"] = "oid4vciIsOIDFOriginGuard";
-  OID4VCIMachineGuards2["contactHasLowTrustGuard"] = "oid4vciContactHasLowTrustGuard";
-  OID4VCIMachineGuards2["isFirstPartyApplication"] = "oid4vciIsFirstPartyApplication";
-  return OID4VCIMachineGuards2;
-}({});
-var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
-  OID4VCIMachineServices2["start"] = "start";
-  OID4VCIMachineServices2["getContact"] = "getContact";
-  OID4VCIMachineServices2["getFederationTrust"] = "getFederationTrust";
-  OID4VCIMachineServices2["addContactIdentity"] = "addContactIdentity";
-  OID4VCIMachineServices2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
-  OID4VCIMachineServices2["getIssuerBranding"] = "getIssuerBranding";
-  OID4VCIMachineServices2["storeIssuerBranding"] = "storeIssuerBranding";
-  OID4VCIMachineServices2["getCredentials"] = "getCredentials";
-  OID4VCIMachineServices2["assertValidCredentials"] = "assertValidCredentials";
-  OID4VCIMachineServices2["storeCredentialBranding"] = "storeCredentialBranding";
-  OID4VCIMachineServices2["sendNotification"] = "sendNotification";
-  OID4VCIMachineServices2["storeCredentials"] = "storeCredentials";
-  OID4VCIMachineServices2["startFirstPartApplicationFlow"] = "startFirstPartApplicationFlow";
-  return OID4VCIMachineServices2;
-}({});
-var RequestType = /* @__PURE__ */ function(RequestType2) {
-  RequestType2["OPENID_INITIATE_ISSUANCE"] = "openid-initiate-issuance";
-  RequestType2["OPENID_CREDENTIAL_OFFER"] = "openid-credential-offer";
-  RequestType2["URL"] = "URL";
-  return RequestType2;
-}({});
-var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
-  IdentifierAliasEnum2["PRIMARY"] = "primary";
-  return IdentifierAliasEnum2;
-}({});
-
-// src/localization/Localization.ts
-var Localization = class Localization2 {
-  static {
-    __name(this, "Localization");
-  }
-  static translationGetters = {
-    [SupportedLanguage.ENGLISH]: () => require_en(),
-    [SupportedLanguage.DUTCH]: () => require_nl()
-  };
-  static translate = memoize((key, config) => {
-    if (Object.keys(i18n.translations).length === 0) {
-      i18n.translations = {
-        [SupportedLanguage.ENGLISH]: Localization2.translationGetters[SupportedLanguage.ENGLISH]()
-      };
-      i18n.locale = SupportedLanguage.ENGLISH;
-    } else {
-      i18n.translations = {
-        [i18n.locale]: {
-          ...i18n.translations[i18n.locale],
-          ...Localization2.translationGetters[this.findSupportedLanguage(i18n.locale) || SupportedLanguage.ENGLISH]()
-        }
-      };
-    }
-    return i18n.t(key, config);
-  }, (key, config) => config ? key + JSON.stringify(config) : key);
-  static findSupportedLanguage = /* @__PURE__ */ __name((locale) => {
-    for (const language of Object.values(SupportedLanguage)) {
-      if (language === locale) {
-        return language;
-      }
-    }
-    return void 0;
-  }, "findSupportedLanguage");
-  static getLocale = /* @__PURE__ */ __name(() => {
-    return i18n.locale || SupportedLanguage.ENGLISH;
-  }, "getLocale");
-};
-var translate = Localization.translate;
-
-// src/types/FirstPartyMachine.ts
-var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStateTypes2) {
-  FirstPartyMachineStateTypes2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
-  FirstPartyMachineStateTypes2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
-  FirstPartyMachineStateTypes2["selectCredentials"] = "selectCredentials";
-  FirstPartyMachineStateTypes2["createConfig"] = "createConfig";
-  FirstPartyMachineStateTypes2["getSiopRequest"] = "getSiopRequest";
-  FirstPartyMachineStateTypes2["error"] = "error";
-  FirstPartyMachineStateTypes2["done"] = "done";
-  FirstPartyMachineStateTypes2["aborted"] = "aborted";
-  FirstPartyMachineStateTypes2["declined"] = "declined";
-  return FirstPartyMachineStateTypes2;
-}({});
-var FirstPartyMachineServices = /* @__PURE__ */ function(FirstPartyMachineServices2) {
-  FirstPartyMachineServices2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
-  FirstPartyMachineServices2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
-  FirstPartyMachineServices2["createConfig"] = "createConfig";
-  FirstPartyMachineServices2["getSiopRequest"] = "getSiopRequest";
-  return FirstPartyMachineServices2;
-}({});
-var FirstPartyMachineEvents = /* @__PURE__ */ function(FirstPartyMachineEvents2) {
-  FirstPartyMachineEvents2["NEXT"] = "NEXT";
-  FirstPartyMachineEvents2["PREVIOUS"] = "PREVIOUS";
-  FirstPartyMachineEvents2["DECLINE"] = "DECLINE";
-  FirstPartyMachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
-  return FirstPartyMachineEvents2;
-}({});
-
-// src/machines/oid4vciMachine.ts
-var oid4vciHasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact } = _ctx;
-  return contact === void 0;
-}, "oid4vciHasNoContactGuard");
-var oid4vciHasContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact } = _ctx;
-  return contact !== void 0;
-}, "oid4vciHasContactGuard");
-var oid4vciContactHasLowTrustGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact, trustedAnchors } = _ctx;
-  return contact !== void 0 && trustedAnchors !== void 0 && trustedAnchors.length === 0;
-}, "oid4vciContactHasLowTrustGuard");
-var oid4vciCredentialsToSelectRequiredGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { credentialToSelectFrom } = _ctx;
-  return credentialToSelectFrom && credentialToSelectFrom.length > 1;
-}, "oid4vciCredentialsToSelectRequiredGuard");
-var oid4vciRequirePinGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { requestData } = _ctx;
-  return requestData?.credentialOffer?.userPinRequired === true;
-}, "oid4vciRequirePinGuard");
-var oid4vciHasNoContactIdentityGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact, credentialsToAccept } = _ctx;
-  let toAcceptId = credentialsToAccept[0].correlationId;
-  if (toAcceptId.match(/^https?:\/\/.*/)) {
-    toAcceptId = new URL(toAcceptId).hostname;
-  }
-  return !contact?.identities.some((identity) => identity.identifier.correlationId === toAcceptId);
-}, "oid4vciHasNoContactIdentityGuard");
-var oid4vciVerificationCodeGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { verificationCode } = _ctx;
-  return verificationCode !== void 0 && verificationCode.length > 0;
-}, "oid4vciVerificationCodeGuard");
-var oid4vciCreateContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contactAlias, hasContactConsent } = _ctx;
-  return hasContactConsent && !!contactAlias && contactAlias.length > 0;
-}, "oid4vciCreateContactGuard");
-var oid4vciHasSelectedCredentialsGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { selectedCredentials } = _ctx;
-  return selectedCredentials !== void 0 && selectedCredentials.length > 0;
-}, "oid4vciHasSelectedCredentialsGuard");
-var oid4vciIsOIDFOriginGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { trustAnchors } = _ctx;
-  return trustAnchors.length > 0;
-}, "oid4vciIsOIDFOriginGuard");
-var oid4vciNoAuthorizationGuard = /* @__PURE__ */ __name((ctx, _event) => {
-  return !oid4vciHasAuthorizationResponse(ctx, _event);
-}, "oid4vciNoAuthorizationGuard");
-var oid4vciRequireAuthorizationGuard = /* @__PURE__ */ __name((ctx, _event) => {
-  const { openID4VCIClientState } = ctx;
-  if (!openID4VCIClientState) {
-    throw Error("Missing openID4VCI client state in context");
-  }
-  if (!openID4VCIClientState.authorizationURL) {
-    return false;
-  } else if (openID4VCIClientState.authorizationRequestOpts) {
-    return !ctx.openID4VCIClientState?.authorizationCodeResponse;
-  } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
-    return !ctx.openID4VCIClientState?.authorizationCodeResponse;
-  } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
-    return false;
-  } else if (openID4VCIClientState.endpointMetadata?.credentialIssuerMetadata?.authorization_endpoint) {
-    return !ctx.openID4VCIClientState?.authorizationCodeResponse;
-  }
-  return false;
-}, "oid4vciRequireAuthorizationGuard");
-var oid4vciHasAuthorizationResponse = /* @__PURE__ */ __name((ctx, _event) => {
-  return !!ctx.openID4VCIClientState?.authorizationCodeResponse;
-}, "oid4vciHasAuthorizationResponse");
-var oid4vciIsFirstPartyApplication = /* @__PURE__ */ __name((ctx, _event) => {
-  return !!ctx.serverMetadata?.authorization_challenge_endpoint;
-}, "oid4vciIsFirstPartyApplication");
-var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
-  const initialContext = {
-    // TODO WAL-671 we need to store the data from OpenIdProvider here in the context and make sure we can restart the machine with it and init the OpenIdProvider
-    accessTokenOpts: opts?.accessTokenOpts,
-    requestData: opts?.requestData,
-    trustAnchors: opts?.trustAnchors ?? [],
-    issuanceOpt: opts?.issuanceOpt,
-    didMethodPreferences: opts?.didMethodPreferences,
-    locale: opts?.locale,
-    credentialsSupported: {},
-    credentialToSelectFrom: [],
-    selectedCredentials: [],
-    credentialsToAccept: [],
-    hasContactConsent: true,
-    contactAlias: ""
-  };
-  return createMachine({
-    id: opts?.machineName ?? "OID4VCIHolder",
-    predictableActionArguments: true,
-    initial: OID4VCIMachineStates.start,
-    schema: {
-      events: {},
-      guards: {},
-      services: {}
-    },
-    context: initialContext,
-    states: {
-      [OID4VCIMachineStates.start]: {
-        id: OID4VCIMachineStates.start,
-        invoke: {
-          src: OID4VCIMachineServices.start,
-          onDone: {
-            target: OID4VCIMachineStates.createCredentialsToSelectFrom,
-            actions: assign({
-              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data.authorizationCodeURL, "authorizationCodeURL"),
-              credentialBranding: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialBranding ?? {}, "credentialBranding"),
-              credentialsSupported: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialsSupported, "credentialsSupported"),
-              serverMetadata: /* @__PURE__ */ __name((_ctx, _event) => _event.data.serverMetadata, "serverMetadata"),
-              openID4VCIClientState: /* @__PURE__ */ __name((_ctx, _event) => _event.data.oid4vciClientState, "openID4VCIClientState")
-            })
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_initiation_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.createCredentialsToSelectFrom]: {
-        id: OID4VCIMachineStates.createCredentialsToSelectFrom,
-        invoke: {
-          src: OID4VCIMachineServices.createCredentialsToSelectFrom,
-          onDone: {
-            target: OID4VCIMachineStates.getContact,
-            actions: assign({
-              credentialToSelectFrom: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "credentialToSelectFrom")
-            })
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_credential_selection_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.getContact]: {
-        id: OID4VCIMachineStates.getContact,
-        invoke: {
-          src: OID4VCIMachineServices.getContact,
-          onDone: {
-            target: OID4VCIMachineStates.getIssuerBranding,
-            actions: assign({
-              contact: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contact")
-            })
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_retrieve_contact_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.getIssuerBranding]: {
-        id: OID4VCIMachineStates.getIssuerBranding,
-        invoke: {
-          src: OID4VCIMachineServices.getIssuerBranding,
-          onDone: [
-            {
-              target: OID4VCIMachineStates.getFederationTrust,
-              cond: OID4VCIMachineGuards.isOIDFOriginGuard,
-              actions: assign({
-                issuerBranding: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "issuerBranding")
-              })
-            },
-            {
-              target: OID4VCIMachineStates.transitionFromSetup,
-              actions: assign({
-                issuerBranding: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "issuerBranding")
-              })
-            }
-          ],
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_retrieve_issuer_branding_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.getFederationTrust]: {
-        id: OID4VCIMachineStates.getFederationTrust,
-        invoke: {
-          src: OID4VCIMachineServices.getFederationTrust,
-          onDone: {
-            target: OID4VCIMachineStates.transitionFromSetup,
-            actions: assign({
-              trustedAnchors: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "trustedAnchors")
-            })
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_retrieve_federation_trust_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.transitionFromSetup]: {
-        id: OID4VCIMachineStates.transitionFromSetup,
-        always: [
-          {
-            target: OID4VCIMachineStates.addContact,
-            cond: OID4VCIMachineGuards.hasNoContactGuard
-          },
-          {
-            target: OID4VCIMachineStates.reviewContact,
-            cond: OID4VCIMachineGuards.contactHasLowTrustGuard
-          },
-          {
-            target: OID4VCIMachineStates.selectCredentials,
-            cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard
-          },
-          {
-            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
-            cond: OID4VCIMachineGuards.isFirstPartyApplication
-          },
-          {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
-            cond: OID4VCIMachineGuards.requireAuthorizationGuard
-          },
-          {
-            target: OID4VCIMachineStates.verifyPin,
-            cond: OID4VCIMachineGuards.requirePinGuard
-          },
-          {
-            target: OID4VCIMachineStates.getCredentials
-          }
-        ],
-        on: {
-          [OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL]: {
-            actions: assign({
-              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeURL")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.addContact]: {
-        id: OID4VCIMachineStates.addContact,
-        initial: OID4VCIMachineAddContactStates.idle,
-        on: {
-          [OID4VCIMachineEvents.SET_CONTACT_CONSENT]: {
-            actions: assign({
-              hasContactConsent: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "hasContactConsent")
-            })
-          },
-          [OID4VCIMachineEvents.SET_CONTACT_ALIAS]: {
-            actions: assign({
-              contactAlias: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contactAlias")
-            })
-          },
-          [OID4VCIMachineEvents.CREATE_CONTACT]: {
-            target: `.${OID4VCIMachineAddContactStates.next}`,
-            actions: assign({
-              contact: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contact")
-            }),
-            cond: OID4VCIMachineGuards.createContactGuard
-          },
-          [OID4VCIMachineEvents.DECLINE]: {
-            target: OID4VCIMachineStates.declined
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.aborted
-          }
-        },
-        states: {
-          [OID4VCIMachineAddContactStates.idle]: {},
-          [OID4VCIMachineAddContactStates.next]: {
-            always: {
-              target: `#${OID4VCIMachineStates.storeIssuerBranding}`,
-              cond: OID4VCIMachineGuards.hasContactGuard
-            }
-          }
-        }
-      },
-      [OID4VCIMachineStates.reviewContact]: {
-        id: OID4VCIMachineStates.reviewContact,
-        on: {
-          [OID4VCIMachineEvents.NEXT]: {
-            target: OID4VCIMachineStates.transitionFromContactSetup
-          },
-          [OID4VCIMachineEvents.DECLINE]: {
-            target: OID4VCIMachineStates.declined
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.aborted
-          }
-        }
-      },
-      [OID4VCIMachineStates.storeIssuerBranding]: {
-        id: OID4VCIMachineStates.storeIssuerBranding,
-        invoke: {
-          src: OID4VCIMachineServices.storeIssuerBranding,
-          onDone: {
-            target: OID4VCIMachineStates.transitionFromContactSetup
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_store_issuer_branding_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.transitionFromContactSetup]: {
-        id: OID4VCIMachineStates.transitionFromContactSetup,
-        always: [
-          {
-            target: OID4VCIMachineStates.selectCredentials,
-            cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard
-          },
-          {
-            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
-            cond: OID4VCIMachineGuards.isFirstPartyApplication
-          },
-          {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
-            cond: OID4VCIMachineGuards.requireAuthorizationGuard
-          },
-          {
-            target: OID4VCIMachineStates.verifyPin,
-            cond: OID4VCIMachineGuards.requirePinGuard
-          },
-          {
-            target: OID4VCIMachineStates.getCredentials
-          }
-        ]
-      },
-      [OID4VCIMachineStates.startFirstPartApplicationFlow]: {
-        id: OID4VCIMachineStates.startFirstPartApplicationFlow,
-        invoke: {
-          src: OID4VCIMachineServices.startFirstPartApplicationFlow,
-          onDone: [
-            {
-              target: OID4VCIMachineStates.aborted,
-              cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data === FirstPartyMachineStateTypes.aborted, "cond")
-            },
-            {
-              target: OID4VCIMachineStates.declined,
-              cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data === FirstPartyMachineStateTypes.declined, "cond")
-            },
-            {
-              target: OID4VCIMachineStates.getCredentials,
-              actions: assign({
-                openID4VCIClientState: /* @__PURE__ */ __name((_ctx, _event) => {
-                  const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data);
-                  return {
-                    ..._ctx.openID4VCIClientState,
-                    authorizationCodeResponse
-                  };
-                }, "openID4VCIClientState")
-              })
-            }
-          ],
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: _event.data.title ?? translate("oid4vci_machine_first_party_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.selectCredentials]: {
-        id: OID4VCIMachineStates.selectCredentials,
-        on: {
-          [OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS]: {
-            actions: assign({
-              selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
-            })
-          },
-          [OID4VCIMachineEvents.NEXT]: {
-            target: OID4VCIMachineStates.transitionFromSelectingCredentials,
-            cond: OID4VCIMachineGuards.hasSelectedCredentialsGuard
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.aborted
-          }
-        }
-      },
-      [OID4VCIMachineStates.transitionFromSelectingCredentials]: {
-        id: OID4VCIMachineStates.transitionFromSelectingCredentials,
-        always: [
-          {
-            target: OID4VCIMachineStates.startFirstPartApplicationFlow,
-            cond: OID4VCIMachineGuards.isFirstPartyApplication
-          },
-          {
-            target: OID4VCIMachineStates.verifyPin,
-            cond: OID4VCIMachineGuards.requirePinGuard
-          },
-          {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
-            cond: OID4VCIMachineGuards.requireAuthorizationGuard
-          },
-          {
-            target: OID4VCIMachineStates.getCredentials
-          }
-        ]
-      },
-      [OID4VCIMachineStates.initiateAuthorizationRequest]: {
-        id: OID4VCIMachineStates.initiateAuthorizationRequest,
-        on: {
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.selectCredentials
-          },
-          [OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST]: {
-            target: OID4VCIMachineStates.waitForAuthorizationResponse
-          }
-        }
-      },
-      [OID4VCIMachineStates.waitForAuthorizationResponse]: {
-        id: OID4VCIMachineStates.waitForAuthorizationResponse,
-        on: {
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest
-          },
-          [OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE]: {
-            actions: assign({
-              openID4VCIClientState: /* @__PURE__ */ __name((_ctx, _event) => {
-                const authorizationCodeResponse = toAuthorizationResponsePayload(_event.data);
-                return {
-                  ..._ctx.openID4VCIClientState,
-                  authorizationCodeResponse
-                };
-              }, "openID4VCIClientState")
-            })
-          }
-        },
-        always: [
-          {
-            cond: OID4VCIMachineGuards.hasAuthorizationResponse,
-            target: OID4VCIMachineStates.getCredentials
-          }
-        ]
-      },
-      [OID4VCIMachineStates.verifyPin]: {
-        id: OID4VCIMachineStates.verifyPin,
-        initial: OID4VCIMachineVerifyPinStates.idle,
-        on: {
-          [OID4VCIMachineEvents.SET_VERIFICATION_CODE]: {
-            target: `.${OID4VCIMachineVerifyPinStates.next}`,
-            actions: assign({
-              verificationCode: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "verificationCode")
-            })
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: [
-            {
-              target: OID4VCIMachineStates.selectCredentials,
-              cond: OID4VCIMachineGuards.credentialsToSelectRequiredGuard
-            },
-            {
-              target: OID4VCIMachineStates.aborted
-            }
-          ]
-        },
-        states: {
-          [OID4VCIMachineVerifyPinStates.idle]: {},
-          [OID4VCIMachineVerifyPinStates.next]: {
-            always: {
-              target: `#${OID4VCIMachineStates.getCredentials}`,
-              cond: OID4VCIMachineGuards.verificationCodeGuard
-            }
-          }
-        }
-      },
-      [OID4VCIMachineStates.getCredentials]: {
-        id: OID4VCIMachineStates.getCredentials,
-        invoke: {
-          src: OID4VCIMachineServices.getCredentials,
-          onDone: {
-            target: OID4VCIMachineStates.verifyCredentials,
-            actions: assign({
-              credentialsToAccept: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "credentialsToAccept")
-            })
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_retrieve_credentials_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        },
-        exit: assign({
-          verificationCode: void 0
-        })
-      },
-      [OID4VCIMachineStates.verifyCredentials]: {
-        id: OID4VCIMachineStates.verifyCredentials,
-        invoke: {
-          src: OID4VCIMachineServices.assertValidCredentials,
-          onDone: {
-            target: OID4VCIMachineStates.transitionFromWalletInput
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_verify_credentials_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.transitionFromWalletInput]: {
-        id: OID4VCIMachineStates.transitionFromWalletInput,
-        always: [
-          {
-            target: OID4VCIMachineStates.addContactIdentity,
-            cond: OID4VCIMachineGuards.hasNoContactIdentityGuard
-          },
-          {
-            target: OID4VCIMachineStates.reviewCredentials
-          }
-        ]
-      },
-      [OID4VCIMachineStates.addContactIdentity]: {
-        id: OID4VCIMachineStates.addContactIdentity,
-        invoke: {
-          src: OID4VCIMachineServices.addContactIdentity,
-          onDone: {
-            target: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,
-            actions: /* @__PURE__ */ __name((_ctx, _event) => {
-              _ctx.contact?.identities.push(_event.data);
-            }, "actions")
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_add_contact_identity_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.addIssuerBrandingAfterIdentity]: {
-        id: OID4VCIMachineStates.addIssuerBrandingAfterIdentity,
-        invoke: {
-          src: OID4VCIMachineServices.storeIssuerBranding,
-          onDone: {
-            target: OID4VCIMachineStates.reviewCredentials
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_store_issuer_branding_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.reviewCredentials]: {
-        id: OID4VCIMachineStates.reviewCredentials,
-        on: {
-          [OID4VCIMachineEvents.NEXT]: {
-            target: OID4VCIMachineStates.storeCredentialBranding
-          },
-          [OID4VCIMachineEvents.DECLINE]: {
-            target: OID4VCIMachineStates.declined
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.aborted
-          }
-        }
-      },
-      [OID4VCIMachineStates.storeCredentialBranding]: {
-        id: OID4VCIMachineStates.storeCredentialBranding,
-        invoke: {
-          src: OID4VCIMachineServices.storeCredentialBranding,
-          onDone: {
-            target: OID4VCIMachineStates.storeCredentials
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_store_credential_branding_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.storeCredentials]: {
-        id: OID4VCIMachineStates.storeCredentials,
-        invoke: {
-          src: OID4VCIMachineServices.storeCredentials,
-          onDone: {
-            target: OID4VCIMachineStates.done
-          },
-          onError: {
-            target: OID4VCIMachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("oid4vci_machine_store_credential_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [OID4VCIMachineStates.handleError]: {
-        id: OID4VCIMachineStates.handleError,
-        on: {
-          [OID4VCIMachineEvents.NEXT]: {
-            target: OID4VCIMachineStates.error
-          },
-          [OID4VCIMachineEvents.PREVIOUS]: {
-            target: OID4VCIMachineStates.error
-          }
-        }
-      },
-      [OID4VCIMachineStates.aborted]: {
-        id: OID4VCIMachineStates.aborted,
-        type: "final"
-      },
-      [OID4VCIMachineStates.declined]: {
-        id: OID4VCIMachineStates.declined,
-        type: "final"
-      },
-      [OID4VCIMachineStates.error]: {
-        id: OID4VCIMachineStates.error,
-        type: "final"
-      },
-      [OID4VCIMachineStates.done]: {
-        id: OID4VCIMachineStates.done,
-        type: "final"
-      }
-    }
-  });
-}, "createOID4VCIMachine");
-var OID4VCIMachine = class {
-  static {
-    __name(this, "OID4VCIMachine");
-  }
-  static async newInstance(opts, context) {
-    const interpreter = interpret(createOID4VCIMachine(opts).withConfig({
-      services: {
-        ...opts?.services
-      },
-      guards: {
-        oid4vciHasNoContactGuard,
-        oid4vciCredentialsToSelectRequiredGuard,
-        oid4vciRequirePinGuard,
-        oid4vciHasNoContactIdentityGuard,
-        oid4vciVerificationCodeGuard,
-        oid4vciHasContactGuard,
-        oid4vciCreateContactGuard,
-        oid4vciHasSelectedCredentialsGuard,
-        oid4vciRequireAuthorizationGuard,
-        oid4vciNoAuthorizationGuard,
-        oid4vciHasAuthorizationResponse,
-        oid4vciIsOIDFOriginGuard,
-        oid4vciContactHasLowTrustGuard,
-        oid4vciIsFirstPartyApplication,
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      interpreter.onTransition(opts.subscription);
-    }
-    if (opts?.requireCustomNavigationHook !== true) {
-      if (typeof opts?.stateNavigationListener === "function") {
-        interpreter.onTransition((snapshot) => {
-          if (opts?.stateNavigationListener) {
-            opts.stateNavigationListener(interpreter, snapshot);
-          }
-        });
-      }
-    }
-    return {
-      interpreter
-    };
-  }
-};
-
-// src/services/OID4VCIHolderService.ts
-import { LOG } from "@sphereon/oid4vci-client";
-import { getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject, OpenId4VCIVersion } from "@sphereon/oid4vci-common";
-import { KeyUse } from "@sphereon/ssi-sdk-ext.did-resolver-jwk";
-import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
-import { isIIdentifier, isManagedIdentifierDidResult, isManagedIdentifierResult, managedIdentifierToJwk } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { keyTypeFromCryptographicSuite } from "@sphereon/ssi-sdk-ext.key-utils";
-import { CredentialMapper, JoseSignatureAlgorithm, mdocDecodedCredentialToUniformCredential, sdJwtDecodedCredentialToUniformCredential } from "@sphereon/ssi-types";
-import { asArray } from "@veramo/utils";
-
-// src/mappers/OIDC4VCIBrandingMapper.ts
-var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, issuerCredentialSubject } = args;
-  return oid4vciCombineDisplayLocalesFrom({
-    ...issuerCredentialSubject && {
-      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
-        issuerCredentialSubject
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "oid4vciGetCredentialBrandingFrom");
-var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.locale || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "oid4vciCredentialDisplayLocalesFrom");
-var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerCredentialSubject } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
-    Object.entries(claim).forEach(([key, value]) => {
-      if (key === "mandatory" || key === "value_type") {
-        return;
-      }
-      if (key === "display" && Array.isArray(value)) {
-        value.forEach(({ name, locale = "" }) => {
-          if (!name) {
-            return;
-          }
-          if (!localeClaims.has(locale)) {
-            localeClaims.set(locale, []);
-          }
-          localeClaims.get(locale).push({
-            key: parentKey,
-            name
-          });
-        });
-      } else if (typeof value === "object" && value !== null) {
-        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
-      }
-    });
-  }, "processClaimObject");
-  processClaimObject(issuerCredentialSubject);
-  return localeClaims;
-}, "oid4vciIssuerCredentialSubjectLocalesFrom");
-var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.locale && {
-      locale: credentialDisplay.locale
-    },
-    ...credentialDisplay.logo && {
-      logo: {
-        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
-          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
-        },
-        ...credentialDisplay.logo.alt_text && {
-          alt: credentialDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.text_color && {
-      text: {
-        color: credentialDisplay.text_color
-      }
-    },
-    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
-      background: {
-        ...credentialDisplay.background_image && {
-          image: {
-            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
-              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
-            },
-            ...credentialDisplay.background_image.alt_text && {
-              alt: credentialDisplay.background_image?.alt_text
-            }
-          }
-        },
-        ...credentialDisplay.background_color && {
-          color: credentialDisplay.background_color
-        }
-      }
-    }
-  };
-}, "oid4vciCredentialLocaleBrandingFrom");
-var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...issuerCredentialSubjectLocales.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = issuerCredentialSubjectLocales.get(locale);
-    return {
-      ...display && await oid4vciCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "oid4vciCombineDisplayLocalesFrom");
-var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, claimsMetadata } = args;
-  return sdJwtCombineDisplayLocalesFrom({
-    ...claimsMetadata && {
-      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
-        claimsMetadata
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "sdJwtGetCredentialBrandingFrom");
-var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.lang || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "sdJwtCredentialDisplayLocalesFrom");
-var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { claimsMetadata } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  claimsMetadata.forEach((claim) => {
-    claim.display?.forEach((display) => {
-      const { lang = "", label } = display;
-      const key = claim.path.map((value) => String(value)).join(".");
-      if (!localeClaims.has(lang)) {
-        localeClaims.set(lang, []);
-      }
-      localeClaims.get(lang).push({
-        key,
-        name: label
-      });
-    });
-  });
-  return localeClaims;
-}, "sdJwtCredentialClaimLocalesFrom");
-var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.lang && {
-      locale: credentialDisplay.lang
-    },
-    ...credentialDisplay.rendering?.simple?.logo && {
-      logo: {
-        ...credentialDisplay.rendering.simple.logo.uri && {
-          uri: credentialDisplay.rendering.simple.logo.uri
-        },
-        ...credentialDisplay.rendering.simple.logo.alt_text && {
-          alt: credentialDisplay.rendering.simple.logo.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.rendering?.simple?.text_color && {
-      text: {
-        color: credentialDisplay.rendering.simple.text_color
-      }
-    },
-    ...credentialDisplay.rendering?.simple?.background_color && {
-      background: {
-        color: credentialDisplay.rendering.simple.background_color
-      }
-    }
-  };
-}, "sdJwtCredentialLocaleBrandingFrom");
-var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...claimsMetadata.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = claimsMetadata.get(locale);
-    return {
-      ...display && await sdJwtCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "sdJwtCombineDisplayLocalesFrom");
-var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
-  return {
-    ...dynamicRegistrationClientMetadata?.client_name && {
-      alias: dynamicRegistrationClientMetadata.client_name
-    },
-    ...issuerDisplay.name && {
-      alias: issuerDisplay.name
-    },
-    ...issuerDisplay.locale && {
-      locale: issuerDisplay.locale
-    },
-    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
-      logo: {
-        ...dynamicRegistrationClientMetadata?.logo_uri && {
-          uri: dynamicRegistrationClientMetadata?.logo_uri
-        },
-        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
-          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
-        },
-        ...issuerDisplay.logo?.alt_text && {
-          alt: issuerDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...issuerDisplay.description && {
-      description: issuerDisplay.description
-    },
-    ...issuerDisplay.text_color && {
-      text: {
-        color: issuerDisplay.text_color
-      }
-    },
-    ...dynamicRegistrationClientMetadata?.client_uri && {
-      clientUri: dynamicRegistrationClientMetadata.client_uri
-    },
-    ...dynamicRegistrationClientMetadata?.tos_uri && {
-      tosUri: dynamicRegistrationClientMetadata.tos_uri
-    },
-    ...dynamicRegistrationClientMetadata?.policy_uri && {
-      policyUri: dynamicRegistrationClientMetadata.policy_uri
-    },
-    ...dynamicRegistrationClientMetadata?.contacts && {
-      contacts: dynamicRegistrationClientMetadata.contacts
-    }
-  };
-}, "issuerLocaleBrandingFrom");
-
-// src/machines/firstPartyMachine.ts
-import { assign as assign2, createMachine as createMachine2, interpret as interpret2 } from "xstate";
-import { AuthorizationChallengeError } from "@sphereon/oid4vci-common";
-
-// src/services/FirstPartyMachineServices.ts
-import { OpenID4VCIClient } from "@sphereon/oid4vci-client";
-import { v4 as uuidv4 } from "uuid";
-var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
-  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
-  const oid4vciClient = await OpenID4VCIClient.fromState({
-    state: openID4VCIClientState
-  });
-  return oid4vciClient.acquireAuthorizationChallengeCode({
-    clientId: oid4vciClient.clientId ?? uuidv4(),
-    ...authSession && {
-      authSession
-    },
-    ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
-      issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
-    },
-    ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
-      issuerState: openID4VCIClientState.credentialOffer?.issuerState
-    },
-    ...presentationDuringIssuanceSession && {
-      presentationDuringIssuanceSession
-    }
-  });
-}, "sendAuthorizationChallengeRequest");
-var createConfig = /* @__PURE__ */ __name(async (args, context) => {
-  const { presentationUri } = args;
-  if (!presentationUri) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  return context.agent.siopCreateConfig({
-    url: presentationUri
-  });
-}, "createConfig");
-var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, presentationUri } = args;
-  if (presentationUri === void 0) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  if (didAuthConfig === void 0) {
-    return Promise.reject(Error("Missing did auth config in context"));
-  }
-  return context.agent.siopGetSiopRequest({
-    didAuthConfig,
-    url: presentationUri
-  });
-}, "getSiopRequest");
-var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
-  const responseData = await context.agent.siopSendResponse({
-    authorizationRequestData,
-    selectedCredentials,
-    didAuthConfig,
-    isFirstParty: true
-  });
-  return responseData.body.presentation_during_issuance_session;
-}, "sendAuthorizationResponse");
-
-// src/machines/firstPartyMachine.ts
-var firstPartyMachineStates = {
-  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.done,
-        actions: assign2({
-          authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
-        })
-      },
-      onError: [
-        {
-          target: FirstPartyMachineStateTypes.createConfig,
-          cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === AuthorizationChallengeError.insufficient_authorization, "cond"),
-          actions: assign2({
-            authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
-            presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
-          })
-        },
-        {
-          target: FirstPartyMachineStateTypes.error,
-          actions: assign2({
-            error: /* @__PURE__ */ __name((_ctx, _event) => ({
-              title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
-              message: _event.data.message,
-              stack: _event.data.stack
-            }), "error")
-          })
-        }
-      ]
-    }
-  },
-  [FirstPartyMachineStateTypes.createConfig]: {
-    id: FirstPartyMachineStateTypes.createConfig,
-    invoke: {
-      src: FirstPartyMachineServices.createConfig,
-      onDone: {
-        target: FirstPartyMachineStateTypes.getSiopRequest,
-        actions: assign2({
-          didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_create_config_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.getSiopRequest]: {
-    id: FirstPartyMachineStateTypes.getSiopRequest,
-    invoke: {
-      src: FirstPartyMachineServices.getSiopRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.selectCredentials,
-        actions: assign2({
-          authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("siopV2_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.selectCredentials]: {
-    id: FirstPartyMachineStateTypes.selectCredentials,
-    on: {
-      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
-        actions: assign2({
-          selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
-        })
-      },
-      [FirstPartyMachineEvents.NEXT]: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationResponse
-      },
-      [FirstPartyMachineEvents.DECLINE]: {
-        target: FirstPartyMachineStateTypes.declined
-      },
-      [FirstPartyMachineEvents.PREVIOUS]: {
-        target: FirstPartyMachineStateTypes.aborted
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationResponse,
-      onDone: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-        actions: assign2({
-          presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.aborted]: {
-    id: FirstPartyMachineStateTypes.aborted,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.declined]: {
-    id: FirstPartyMachineStateTypes.declined,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.error]: {
-    id: FirstPartyMachineStateTypes.error,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.done]: {
-    id: FirstPartyMachineStateTypes.done,
-    type: "final"
-  }
-};
-var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
-  const initialContext = {
-    openID4VCIClientState: opts.openID4VCIClientState,
-    contact: opts.contact,
-    selectedCredentials: []
-  };
-  return createMachine2({
-    id: opts?.machineId ?? "FirstParty",
-    predictableActionArguments: true,
-    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    context: initialContext,
-    states: firstPartyMachineStates,
-    schema: {
-      events: {},
-      services: {}
-    }
-  });
-}, "createFirstPartyActivationMachine");
-var FirstPartyMachine = class _FirstPartyMachine {
-  static {
-    __name(this, "FirstPartyMachine");
-  }
-  static _instance;
-  static hasInstance() {
-    return _FirstPartyMachine._instance !== void 0;
-  }
-  static get instance() {
-    if (!_FirstPartyMachine._instance) {
-      throw Error("Please initialize ESIMActivation machine first");
-    }
-    return _FirstPartyMachine._instance;
-  }
-  static clearInstance(opts) {
-    const { stop } = opts;
-    if (_FirstPartyMachine.hasInstance()) {
-      if (stop) {
-        _FirstPartyMachine.stopInstance();
-      }
-    }
-    _FirstPartyMachine._instance = void 0;
-  }
-  static stopInstance() {
-    if (!_FirstPartyMachine.hasInstance()) {
-      return;
-    }
-    _FirstPartyMachine.instance.stop();
-    _FirstPartyMachine._instance = void 0;
-  }
-  static newInstance(opts) {
-    const { agentContext } = opts;
-    const services = {
-      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
-      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
-      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
-      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
-    };
-    const newInst = interpret2(createFirstPartyActivationMachine(opts).withConfig({
-      services: {
-        ...services,
-        ...opts?.services
-      },
-      guards: {
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      newInst.onTransition(opts.subscription);
-    }
-    if (opts?.requireCustomNavigationHook !== true) {
-      newInst.onTransition((snapshot) => {
-        if (opts?.stateNavigationListener) {
-          void opts.stateNavigationListener(newInst, snapshot);
-        }
-      });
-    }
-    return newInst;
-  }
-  static getInstance(opts) {
-    if (!_FirstPartyMachine._instance) {
-      if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
-      }
-      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
-    }
-    return _FirstPartyMachine._instance;
-  }
-};
-
-// src/services/OID4VCIHolderService.ts
-import { defaultHasher } from "@sphereon/ssi-sdk.core";
-var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
-  const { credentialsSupported, context } = args;
-  const credentialBranding = {};
-  await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
-    let sdJwtTypeMetadata;
-    if (credentialsConfigSupported.format === "vc+sd-jwt") {
-      const vct = credentialsConfigSupported.vct;
-      if (vct.startsWith("http")) {
-        try {
-          sdJwtTypeMetadata = await context.agent.fetchSdJwtTypeMetadataFromVctUrl({
-            vct
-          });
-        } catch {
-        }
-      }
-    }
-    let mappedLocaleBranding = [];
-    if (sdJwtTypeMetadata) {
-      mappedLocaleBranding = await sdJwtGetCredentialBrandingFrom({
-        credentialDisplay: sdJwtTypeMetadata.display,
-        claimsMetadata: sdJwtTypeMetadata.claims
-      });
-    } else {
-      mappedLocaleBranding = await oid4vciGetCredentialBrandingFrom({
-        credentialDisplay: credentialsConfigSupported.display,
-        issuerCredentialSubject: (
-          // @ts-ignore // FIXME SPRIND-123 add proper support for type recognition as claim display can be located elsewhere for v13
-          credentialsSupported.claims !== void 0 ? credentialsConfigSupported.claims : credentialsConfigSupported.credentialSubject
-        )
-      });
-    }
-    const localeBranding = await Promise.all(mappedLocaleBranding.map(async (localeBranding2) => await context.agent.ibCredentialLocaleBrandingFrom({
-      localeBranding: localeBranding2
-    })));
-    const defaultCredentialType = "VerifiableCredential";
-    const configSupportedTypes = getTypesFromCredentialSupported(credentialsConfigSupported);
-    const credentialTypes = configSupportedTypes.length === 0 ? asArray(defaultCredentialType) : configSupportedTypes;
-    const filteredCredentialTypes = credentialTypes.filter((type) => type !== defaultCredentialType);
-    credentialBranding[filteredCredentialTypes[0]] = localeBranding;
-  }));
-  return credentialBranding;
-}, "getCredentialBranding");
-var getBasicIssuerLocaleBranding = /* @__PURE__ */ __name(async (args) => {
-  const { display, dynamicRegistrationClientMetadata, context } = args;
-  return await Promise.all(display.map(async (issuerDisplay) => {
-    const branding = await issuerLocaleBrandingFrom({
-      issuerDisplay,
-      dynamicRegistrationClientMetadata
-    });
-    return context.agent.ibIssuerLocaleBrandingFrom({
-      localeBranding: branding
-    });
-  }));
-}, "getBasicIssuerLocaleBranding");
-var getCredentialConfigsBasedOnFormatPref = /* @__PURE__ */ __name(async (args) => {
-  const { vcFormatPreferences, credentials } = args;
-  const prefConfigs = {};
-  Object.entries(credentials).forEach(([key, config]) => {
-    const result = !config.format || vcFormatPreferences.map((pref) => pref.toLowerCase()).includes(config.format.toLowerCase());
-    if (result) {
-      prefConfigs[key] = config;
-    }
-  });
-  return prefConfigs;
-}, "getCredentialConfigsBasedOnFormatPref");
-var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
-  const { locale, localeBranding } = args;
-  return localeBranding?.find((branding) => locale ? branding.locale?.startsWith(locale) || branding.locale === void 0 : branding.locale === void 0);
-}, "selectCredentialLocaleBranding");
-var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
-  const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
-  if (!credential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
-  const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, {
-    hasher: hasher ?? defaultHasher
-  });
-  if (wrappedVC.decoded?.iss?.includes("did:ebsi:") || (typeof wrappedVC.decoded?.vc?.issuer === "string" ? wrappedVC.decoded?.vc?.issuer?.includes("did:ebsi:") : wrappedVC.decoded?.vc?.issuer?.existingInstanceId?.includes("did:ebsi:"))) {
-    await context.agent.cvVerifySchema({
-      credential,
-      hasher,
-      validationPolicy: schemaValidation
-    });
-    if (JSON.stringify(wrappedVC.decoded).includes("vc:ebsi:conformance")) {
-      return {
-        source: wrappedVC,
-        error: void 0,
-        result: true,
-        subResults: []
-      };
-    }
-    if (onVerifyEBSICredentialIssuer) {
-      try {
-        await onVerifyEBSICredentialIssuer({
-          wrappedVc: wrappedVC
-        });
-      } catch (e) {
-        return {
-          source: wrappedVC,
-          error: e.message,
-          result: true,
-          subResults: []
-        };
-      }
-    }
-  }
-  const verificationResult = await context.agent.cvVerifyCredential({
-    credential,
-    hasher,
-    // TODO WAL-675 we might want to allow these types of options as part of the context, now we have state machines. Allows us to pre-determine whether these policies apply and whether remote context should be fetched
-    fetchRemoteContexts: true,
-    policies: {
-      schemaValidation,
-      credentialStatus: false,
-      expirationDate: false,
-      issuanceDate: false
-    }
-  });
-  if (!verificationResult.result || verificationResult.error) {
-    return Promise.reject(Error(verificationResult.error ?? translate("oid4vci_machine_credential_verification_failed_message")));
-  }
-  return verificationResult;
-}, "verifyCredentialToAccept");
-var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
-  const { credentialToAccept, hasher } = args;
-  const credentialResponse = credentialToAccept.credentialResponse;
-  const verifiableCredential = credentialResponse.credential;
-  if (!verifiableCredential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
-  const wrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
-    hasher
-  });
-  let uniformVerifiableCredential;
-  if (CredentialMapper.isSdJwtDecodedCredential(wrappedVerifiableCredential.credential)) {
-    uniformVerifiableCredential = await sdJwtDecodedCredentialToUniformCredential(wrappedVerifiableCredential.credential);
-  } else if (CredentialMapper.isSdJwtEncoded(wrappedVerifiableCredential.credential)) {
-    if (!hasher) {
-      return Promise.reject("a hasher is required for encoded SD-JWT credentials");
-    }
-    const asyncHasher = /* @__PURE__ */ __name((data, algorithm) => Promise.resolve(hasher(data, algorithm)), "asyncHasher");
-    const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(wrappedVerifiableCredential.credential, asyncHasher);
-    uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(decodedSdJwt);
-  } else if (CredentialMapper.isMsoMdocDecodedCredential(wrappedVerifiableCredential.credential)) {
-    uniformVerifiableCredential = mdocDecodedCredentialToUniformCredential(wrappedVerifiableCredential.credential);
-  } else {
-    uniformVerifiableCredential = wrappedVerifiableCredential.credential;
-  }
-  const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
-  return {
-    correlationId,
-    credentialToAccept,
-    types: credentialToAccept.types,
-    rawVerifiableCredential: verifiableCredential,
-    uniformVerifiableCredential,
-    ...credentialResponse.credential_subject_issuance && {
-      credential_subject_issuance: credentialResponse.credential_subject_issuance
-    }
-  };
-}, "mapCredentialToAccept");
-var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
-  const { issuanceOpt, context } = args;
-  const { identifier: identifierArg } = issuanceOpt;
-  if (identifierArg && isManagedIdentifierResult(identifierArg)) {
-    return identifierArg;
-  }
-  const { supportedPreferredDidMethod, supportedBindingMethods, keyType = "Secp256r1", kms = await context.agent.keyManagerGetDefaultKeyManagementSystem() } = issuanceOpt;
-  let identifier;
-  if (identifierArg) {
-    if (isIIdentifier(identifierArg.identifier)) {
-      identifier = await context.agent.identifierManagedGet(identifierArg);
-    } else if (!identifierArg.method && issuanceOpt.supportedBindingMethods.includes("jwk")) {
-      identifier = await managedIdentifierToJwk(identifierArg, context);
-    } else if (identifierArg.method && !supportedBindingMethods.includes(identifierArg.method)) {
-      throw Error(`Supplied identifier method ${identifierArg.method} not supported by the issuer: ${supportedBindingMethods.join(",")}`);
-    } else {
-      identifier = await context.agent.identifierManagedGet(identifierArg);
-    }
-  }
-  const agentContext = {
-    ...context,
-    agent: context.agent
-  };
-  if ((!identifierArg || isIIdentifier(identifierArg.identifier)) && supportedPreferredDidMethod && (!supportedBindingMethods || supportedBindingMethods.length === 0 || supportedBindingMethods.filter((method) => method.startsWith("did")))) {
-    const { result, created } = await getOrCreatePrimaryIdentifier(agentContext, {
-      method: supportedPreferredDidMethod,
-      createOpts: {
-        options: {
-          type: issuanceOpt.keyType,
-          use: KeyUse.Signature,
-          codecName: issuanceOpt.codecName,
-          kms: issuanceOpt.kms
-        }
-      }
-    });
-    identifier = await context.agent.identifierManagedGetByDid({
-      identifier: result,
-      keyType,
-      offlineWhenNoDIDRegistered: result.did.startsWith("did:ebsi:")
-    });
-    if (created) {
-      await agentContext.agent.emit(OID4VCIHolderEvent.IDENTIFIER_CREATED, {
-        identifier
-      });
-    }
-  } else if (supportedBindingMethods.includes("jwk")) {
-    const key = await context.agent.keyManagerCreate({
-      type: keyType,
-      kms,
-      meta: {
-        keyAlias: `key_${keyType}_${Date.now()}`
-      }
-    });
-    identifier = await managedIdentifierToJwk({
-      method: "key",
-      identifier: key,
-      kmsKeyRef: key.kid
-    }, context);
-  } else {
-    throw Error(`Holder currently does not support binding method: ${supportedBindingMethods.join(",")}`);
-  }
-  args.issuanceOpt.identifier = identifier;
-  return identifier;
-}, "getIdentifierOpts");
-var getCredentialConfigsSupportedMerged = /* @__PURE__ */ __name(async (args) => {
-  let result = {};
-  (await getCredentialConfigsSupported(args)).forEach((supported) => {
-    result = {
-      ...result,
-      ...supported
-    };
-  });
-  return result;
-}, "getCredentialConfigsSupportedMerged");
-var getCredentialConfigsSupported = /* @__PURE__ */ __name(async (args) => {
-  const { types, configurationIds } = args;
-  if (Array.isArray(types) && types.length > 0) {
-    return Promise.all(types.map((type) => getCredentialConfigsSupportedBySingleTypeOrId({
-      ...args,
-      types: type
-    })));
-  } else if (Array.isArray(configurationIds) && configurationIds.length > 0) {
-    return Promise.all(configurationIds.map((configurationId) => getCredentialConfigsSupportedBySingleTypeOrId({
-      ...args,
-      configurationId,
-      types: void 0
-    })));
-  }
-  const configs = await getCredentialConfigsSupportedBySingleTypeOrId({
-    ...args,
-    types: void 0,
-    configurationId: void 0
-  });
-  return configs && Object.keys(configs).length > 0 ? [
-    configs
-  ] : [];
-}, "getCredentialConfigsSupported");
-var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async (args) => {
-  const { client, vcFormatPreferences, configurationId } = args;
-  let { format = void 0, types = void 0 } = args;
-  function createIdFromTypes(supported) {
-    const format2 = supported.format;
-    const type = getTypesFromObject(supported)?.join() ?? "";
-    const id = `${type}:${format2}`;
-    return id;
-  }
-  __name(createIdFromTypes, "createIdFromTypes");
-  if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(false);
-    return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
-  }
-  if (!types && !client.credentialOffer) {
-    return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
-  }
-  if (!Array.isArray(format) && client.credentialOffer) {
-    if (client.version() > OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
-      format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
-      if (format?.length === 0) {
-        format = void 0;
-      }
-    }
-  }
-  const offerSupported = getSupportedCredentials({
-    types: types ? [
-      types
-    ] : client.getCredentialOfferTypes(),
-    format,
-    version: client.version(),
-    issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
-  });
-  let allSupported;
-  if (!Array.isArray(offerSupported)) {
-    allSupported = offerSupported;
-  } else {
-    allSupported = {};
-    offerSupported.forEach((supported) => {
-      if (supported.id) {
-        allSupported[supported.id] = supported;
-        return;
-      }
-      const id = createIdFromTypes(supported);
-      allSupported[id] = supported;
-    });
-  }
-  let credentialConfigsSupported = await getCredentialConfigsBasedOnFormatPref({
-    credentials: allSupported,
-    vcFormatPreferences
-  });
-  if (!credentialConfigsSupported || Object.keys(credentialConfigsSupported).length === 0) {
-    LOG.warning(`No matching supported credential found for ${client.getIssuer()}`);
-  }
-  if (client.credentialOffer === void 0) {
-    return credentialConfigsSupported;
-  }
-  const credentialOffer = client.credentialOffer.credential_offer;
-  let credentialsToOffer;
-  if ("credential_configuration_ids" in credentialOffer) {
-    credentialsToOffer = Object.fromEntries(Object.entries(credentialConfigsSupported).filter(([configId, config]) => credentialOffer.credential_configuration_ids.includes(configId)));
-    if (Object.keys(credentialsToOffer).length === 0) {
-      throw new Error(`No matching supported credential configs found for offer ${credentialOffer.credential_configuration_ids.join(", ")}`);
-    }
-  } else {
-    credentialsToOffer = credentialConfigsSupported;
-  }
-  if (Object.keys(credentialsToOffer).length === 0) {
-    throw new Error(`No matching supported credential configs found for offer`);
-  }
-  return credentialsToOffer;
-}, "getCredentialConfigsSupportedBySingleTypeOrId");
-var getIssuanceOpts = /* @__PURE__ */ __name(async (args) => {
-  const {
-    client,
-    credentialsSupported,
-    // serverMetadata,
-    context,
-    didMethodPreferences,
-    jwtCryptographicSuitePreferences,
-    jsonldCryptographicSuitePreferences,
-    forceIssuanceOpt
-  } = args;
-  if (credentialsSupported === void 0 || Object.keys(credentialsSupported).length === 0) {
-    return Promise.reject(Error("No credentials supported"));
-  }
-  const getIssuanceOpts2 = Object.values(credentialsSupported).map(async (credentialSupported) => {
-    const cryptographicSuite = await getIssuanceCryptoSuite({
-      credentialSupported,
-      client,
-      jwtCryptographicSuitePreferences,
-      jsonldCryptographicSuitePreferences
-    });
-    const { didMethod, methods } = await getIssuanceMethod({
-      credentialSupported,
-      client,
-      didMethodPreferences
-    });
-    if (methods.length == 0) {
-      console.log(`Could not determine supported cryptographic_binding_methods_supported, will use DIDs`);
-      methods.push("did");
-    }
-    const issuanceOpt = forceIssuanceOpt ? {
-      ...credentialSupported,
-      ...forceIssuanceOpt
-    } : {
-      ...credentialSupported,
-      supportedPreferredDidMethod: didMethod,
-      supportedBindingMethods: methods,
-      format: credentialSupported.format,
-      keyType: client.isEBSI() ? "Secp256r1" : keyTypeFromCryptographicSuite({
-        crv: cryptographicSuite
-      }),
-      ...client.isEBSI() && {
-        codecName: "EBSI"
-      }
-    };
-    const identifier = await getIdentifierOpts({
-      issuanceOpt,
-      context
-    });
-    if (!client.clientId && isManagedIdentifierDidResult(identifier)) {
-      client.clientId = identifier.issuer ?? identifier.did;
-    }
-    return {
-      ...issuanceOpt,
-      identifier
-    };
-  });
-  return await Promise.all(getIssuanceOpts2);
-}, "getIssuanceOpts");
-var getIssuanceMethod = /* @__PURE__ */ __name(async (opts) => {
-  const { client, credentialSupported, didMethodPreferences } = opts;
-  const { format, cryptographic_binding_methods_supported } = credentialSupported;
-  let methods = [];
-  if (cryptographic_binding_methods_supported && Array.isArray(cryptographic_binding_methods_supported)) {
-    methods = cryptographic_binding_methods_supported;
-    const didMethods = didMethodPreferences.find((method) => cryptographic_binding_methods_supported.includes(`did:${method.toLowerCase()}`));
-    if (didMethods) {
-      return {
-        methods,
-        didMethod: didMethods
-      };
-    } else if (cryptographic_binding_methods_supported.includes("did")) {
-      return {
-        methods,
-        didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0]
-      };
-    } else if (methods.length > 0) {
-      return {
-        methods
-      };
-    }
-    console.warn(`We should have been able to determine cryptographic_binding_methods_supported, will fall back to legacy behaviour. This is likely a bug`);
-  }
-  if (client.isEBSI()) {
-    return {
-      methods: [
-        "did"
-      ],
-      didMethod: SupportedDidMethodEnum.DID_KEY
-    };
-  }
-  methods = [
-    "did"
-  ];
-  if (!format || format.includes("jwt") && !format?.includes("jwt_vc_json_ld")) {
-    return {
-      methods,
-      didMethod: format ? didMethodPreferences[1] : didMethodPreferences[0]
-    };
-  } else {
-    return {
-      methods,
-      didMethod: didMethodPreferences[0]
-    };
-  }
-}, "getIssuanceMethod");
-var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
-  const { client, credentialSupported, jwtCryptographicSuitePreferences, jsonldCryptographicSuitePreferences } = opts;
-  let signing_algs_supported;
-  if ("proof_types_supported" in credentialSupported && credentialSupported.proof_types_supported) {
-    if ("jwt" in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.jwt) {
-      signing_algs_supported = credentialSupported.proof_types_supported.jwt.proof_signing_alg_values_supported;
-    } else if ("ldp_vp" in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.ldp_vp) {
-      signing_algs_supported = credentialSupported.proof_types_supported.ldp_vp.proof_signing_alg_values_supported;
-    } else if ("cwt" in credentialSupported.proof_types_supported && credentialSupported.proof_types_supported.cwt) {
-      signing_algs_supported = credentialSupported.proof_types_supported.cwt.proof_signing_alg_values_supported;
-      console.error("cwt proof type not supported. Likely that errors will occur after this point");
-    } else {
-      return Promise.reject(Error(`Unsupported proof_types_supported`));
-    }
-  } else {
-    signing_algs_supported = asArray(
-      // @ts-ignore // legacy
-      credentialSupported.credential_signing_alg_values_supported ?? credentialSupported.proof_signing_alg_values_supported ?? []
-    );
-  }
-  switch (credentialSupported.format) {
-    // @ts-ignore legacy value
-    case "jwt":
-    case "jwt_vc_json":
-    case "jwt_vc":
-    case "vc+sd-jwt":
-    case "mso_mdoc": {
-      const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
-      if (supportedPreferences.length > 0) {
-        return supportedPreferences[0];
-      } else if (client.isEBSI()) {
-        return JoseSignatureAlgorithm.ES256;
-      }
-      const fallback = jwtCryptographicSuitePreferences[0];
-      console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`);
-      return fallback;
-    }
-    // @ts-ignore
-    case "ldp":
-    // @ts-ignore
-    case "jwt_vc_json_ld":
-    case "ldp_vc": {
-      const supportedPreferences = jsonldCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
-      if (supportedPreferences.length > 0) {
-        return supportedPreferences[0];
-      }
-      const fallback = jsonldCryptographicSuitePreferences[0];
-      console.log(`Warn: We could not determine the crypto suites from the server metadata, and will fallback to a default: ${fallback}`);
-      return fallback;
-    }
-    default:
-      return Promise.reject(Error(`Credential format '${credentialSupported.format}' not supported`));
-  }
-}, "getIssuanceCryptoSuite");
-var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, context) => {
-  const { openID4VCIClientState, stateNavigationListener, contact } = args;
-  if (!openID4VCIClientState) {
-    return Promise.reject(Error("Missing openID4VCI client state in context"));
-  }
-  if (!contact) {
-    return Promise.reject(Error("Missing contact in context"));
-  }
-  const firstPartyMachineInstance = FirstPartyMachine.newInstance({
-    openID4VCIClientState,
-    contact,
-    agentContext: context,
-    stateNavigationListener
-  });
-  return new Promise((resolve, reject) => {
-    try {
-      firstPartyMachineInstance.onTransition((state) => {
-        if (state.matches(FirstPartyMachineStateTypes.done)) {
-          const authorizationCodeResponse = state.context.authorizationCodeResponse;
-          if (!authorizationCodeResponse) {
-            reject(Error("No authorizationCodeResponse acquired"));
-          }
-          resolve(authorizationCodeResponse);
-        } else if (state.matches(FirstPartyMachineStateTypes.aborted)) {
-          resolve(FirstPartyMachineStateTypes.aborted);
-        } else if (state.matches(FirstPartyMachineStateTypes.declined)) {
-          resolve(FirstPartyMachineStateTypes.declined);
-        } else if (state.matches(FirstPartyMachineStateTypes.error)) {
-          reject(state.context.error);
-        }
-      });
-      firstPartyMachineInstance.start();
-    } catch (error) {
-      reject(error);
-    }
-  });
-}, "startFirstPartApplicationMachine");
-
-// src/agent/OID4VCIHolder.ts
-import "cross-fetch/polyfill";
-import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
-var oid4vciHolderContextMethods = [
-  "cmGetContacts",
-  "cmGetContact",
-  "cmAddContact",
-  "cmAddIdentity",
-  "ibCredentialLocaleBrandingFrom",
-  "ibAddCredentialBranding",
-  "dataStoreSaveVerifiableCredential",
-  "didManagerFind",
-  "didManagerGet",
-  "keyManagerSign",
-  "verifyCredential"
-];
-var logger = Loggers.DEFAULT.get("sphereon:oid4vci:holder");
-function signCallback(identifier, context, nonce) {
-  return async (jwt, kid) => {
-    let resolution = await context.agent.identifierManagedGet(identifier);
-    const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
-    if (!resolution.issuer && !jwt.payload.iss) {
-      return Promise.reject(Error(`No issuer could be determined from the JWT ${JSON.stringify(jwt)} or identifier resolution`));
-    }
-    const header = jwt.header;
-    const payload = jwt.payload;
-    if (nonce) {
-      payload.nonce = nonce;
-    }
-    if (jwk && header.kid) {
-      console.log(`Deleting kid, as we are using a jwk and the oid4vci spec does not allow both to be present (which is not the case in the JOSE spec)`);
-      delete header.kid;
-    }
-    return (await context.agent.jwtCreateJwsCompactSignature({
-      issuer: {
-        ...resolution,
-        noIssPayloadUpdate: false
-      },
-      protectedHeader: header,
-      payload
-    })).jwt;
-  };
-}
-__name(signCallback, "signCallback");
-var OID4VCIHolder = class _OID4VCIHolder {
-  static {
-    __name(this, "OID4VCIHolder");
-  }
-  hasher;
-  eventTypes = [
-    OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,
-    OID4VCIHolderEvent.CREDENTIAL_STORED,
-    OID4VCIHolderEvent.IDENTIFIER_CREATED
-  ];
-  methods = {
-    oid4vciHolderStart: this.oid4vciHolderStart.bind(this),
-    oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),
-    oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),
-    oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),
-    oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),
-    oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),
-    oid4vciHolderGetCredential: this.oid4vciHolderGetCredential.bind(this),
-    oid4vciHolderAddContactIdentity: this.oid4vciHolderAddContactIdentity.bind(this),
-    oid4vciHolderAssertValidCredentials: this.oid4vciHolderAssertValidCredentials.bind(this),
-    oid4vciHolderStoreCredentialBranding: this.oid4vciHolderStoreCredentialBranding.bind(this),
-    oid4vciHolderStoreCredentials: this.oid4vciHolderStoreCredentials.bind(this),
-    oid4vciHolderSendNotification: this.oid4vciHolderSendNotification.bind(this),
-    oid4vciHolderGetIssuerBranding: this.oid4vciHolderGetIssuerBranding.bind(this),
-    oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
-  };
-  vcFormatPreferences = [
-    "vc+sd-jwt",
-    "mso_mdoc",
-    "jwt_vc_json",
-    "jwt_vc",
-    "ldp_vc"
-  ];
-  jsonldCryptographicSuitePreferences = [
-    "Ed25519Signature2018",
-    "EcdsaSecp256k1Signature2019",
-    "Ed25519Signature2020",
-    "JsonWebSignature2020"
-  ];
-  didMethodPreferences = [
-    SupportedDidMethodEnum2.DID_JWK,
-    SupportedDidMethodEnum2.DID_KEY,
-    SupportedDidMethodEnum2.DID_OYD,
-    SupportedDidMethodEnum2.DID_EBSI,
-    SupportedDidMethodEnum2.DID_ION
-  ];
-  jwtCryptographicSuitePreferences = [
-    JoseSignatureAlgorithm2.ES256,
-    JoseSignatureAlgorithm2.ES256K,
-    JoseSignatureAlgorithm2.EdDSA
-  ];
-  static DEFAULT_MOBILE_REDIRECT_URI = `${DefaultURISchemes.CREDENTIAL_OFFER}://`;
-  defaultAuthorizationRequestOpts = {
-    redirectUri: _OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI
-  };
-  onContactIdentityCreated;
-  onCredentialStored;
-  onIdentifierCreated;
-  onVerifyEBSICredentialIssuer;
-  constructor(options) {
-    const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = defaultHasher2 } = {
-      ...options
-    };
-    this.hasher = hasher;
-    if (vcFormatPreferences !== void 0 && vcFormatPreferences.length > 0) {
-      this.vcFormatPreferences = vcFormatPreferences;
-    }
-    if (jsonldCryptographicSuitePreferences !== void 0 && jsonldCryptographicSuitePreferences.length > 0) {
-      this.jsonldCryptographicSuitePreferences = jsonldCryptographicSuitePreferences;
-    }
-    if (didMethodPreferences !== void 0 && didMethodPreferences.length > 0) {
-      this.didMethodPreferences = didMethodPreferences;
-    }
-    if (jwtCryptographicSuitePreferences !== void 0 && jwtCryptographicSuitePreferences.length > 0) {
-      this.jwtCryptographicSuitePreferences = jwtCryptographicSuitePreferences;
-    }
-    if (defaultAuthorizationRequestOptions) {
-      this.defaultAuthorizationRequestOpts = defaultAuthorizationRequestOptions;
-    }
-    this.onContactIdentityCreated = onContactIdentityCreated;
-    this.onCredentialStored = onCredentialStored;
-    this.onIdentifierCreated = onIdentifierCreated;
-    this.onVerifyEBSICredentialIssuer = onVerifyEBSICredentialIssuer;
-  }
-  async onEvent(event, context) {
-    switch (event.type) {
-      case OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED:
-        this.onContactIdentityCreated?.(event.data);
-        break;
-      case OID4VCIHolderEvent.CREDENTIAL_STORED:
-        this.onCredentialStored?.(event.data);
-        break;
-      case OID4VCIHolderEvent.IDENTIFIER_CREATED:
-        this.onIdentifierCreated?.(event.data);
-        break;
-      default:
-        return Promise.reject(Error(`Event type ${event.type} not supported`));
-    }
-  }
-  /**
-  * FIXME: This method can only be used locally. Creating the interpreter should be local to where the agent is running
-  */
-  async oid4vciHolderGetMachineInterpreter(opts, context) {
-    const authorizationRequestOpts = {
-      ...this.defaultAuthorizationRequestOpts,
-      ...opts.authorizationRequestOpts
-    };
-    const services = {
-      [OID4VCIMachineServices.start]: (args) => this.oid4vciHolderStart({
-        ...args,
-        authorizationRequestOpts
-      }, context),
-      [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args) => startFirstPartApplicationMachine({
-        ...args,
-        stateNavigationListener: opts.firstPartyStateNavigationListener
-      }, context),
-      [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
-      [OID4VCIMachineServices.getContact]: (args) => this.oid4vciHolderGetContact(args, context),
-      [OID4VCIMachineServices.getCredentials]: (args) => this.oid4vciHolderGetCredentials({
-        accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts,
-        ...args
-      }, context),
-      [OID4VCIMachineServices.addContactIdentity]: (args) => this.oid4vciHolderAddContactIdentity(args, context),
-      [OID4VCIMachineServices.getIssuerBranding]: (args) => this.oid4vciHolderGetIssuerBranding(args, context),
-      [OID4VCIMachineServices.storeIssuerBranding]: (args) => this.oid4vciHolderStoreIssuerBranding(args, context),
-      [OID4VCIMachineServices.assertValidCredentials]: (args) => this.oid4vciHolderAssertValidCredentials(args, context),
-      [OID4VCIMachineServices.storeCredentialBranding]: (args) => this.oid4vciHolderStoreCredentialBranding(args, context),
-      [OID4VCIMachineServices.storeCredentials]: (args) => this.oid4vciHolderStoreCredentials(args, context),
-      [OID4VCIMachineServices.sendNotification]: (args) => this.oid4vciHolderSendNotification(args, context),
-      [OID4VCIMachineServices.getFederationTrust]: (args) => this.getFederationTrust(args, context)
-    };
-    const oid4vciMachineInstanceArgs = {
-      ...opts,
-      authorizationRequestOpts,
-      services: {
-        ...services,
-        ...opts.services
-      }
-    };
-    const { interpreter } = await OID4VCIMachine.newInstance(oid4vciMachineInstanceArgs, context);
-    return {
-      interpreter
-    };
-  }
-  /**
-  * This method is run before the machine starts! So there is no concept of the state machine context or states yet
-  *
-  * The result of this method can be directly passed into the start method of the state machine
-  * @param args
-  * @param context
-  * @private
-  */
-  async oid4vciHolderStart(args, context) {
-    const { requestData } = args;
-    if (!requestData) {
-      throw Error(`Cannot start the OID4VCI holder flow without request data being provided`);
-    }
-    const { uri = void 0 } = requestData;
-    if (!uri) {
-      return Promise.reject(Error("Missing request URI in context"));
-    }
-    const authorizationRequestOpts = {
-      ...this.defaultAuthorizationRequestOpts,
-      ...args.authorizationRequestOpts
-    };
-    authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails ? asArray2(authorizationRequestOpts.authorizationDetails).filter((detail) => typeof detail === "string" || this.vcFormatPreferences.includes(detail.format)) : void 0;
-    if (!authorizationRequestOpts.redirectUri) {
-      authorizationRequestOpts.redirectUri = _OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI;
-    }
-    if (authorizationRequestOpts.redirectUri.startsWith("http") && !authorizationRequestOpts.clientId) {
-      authorizationRequestOpts.clientId = authorizationRequestOpts.redirectUri;
-    }
-    let formats = this.vcFormatPreferences;
-    const authFormats = authorizationRequestOpts?.authorizationDetails?.map((detail) => typeof detail === "object" && "format" in detail && detail.format ? detail.format : void 0).filter((format) => !!format).map((format) => format);
-    if (authFormats && authFormats.length > 0) {
-      formats = Array.from(new Set(authFormats));
-    }
-    let oid4vciClient;
-    let types = void 0;
-    let offer;
-    if (requestData.existingClientState) {
-      oid4vciClient = await OpenID4VCIClient2.fromState({
-        state: requestData.existingClientState
-      });
-      offer = oid4vciClient.credentialOffer;
-    } else {
-      offer = requestData.credentialOffer;
-      if (uri.startsWith(RequestType.OPENID_INITIATE_ISSUANCE) || uri.startsWith(RequestType.OPENID_CREDENTIAL_OFFER) || uri.match(/https?:\/\/.*credential_offer(_uri)=?.*/)) {
-        if (!offer) {
-          offer = await CredentialOfferClient.fromURI(uri);
-        }
-      } else {
-        if (!!offer) {
-          logger.warning(`Non default URI used for credential offer: ${uri}`);
-        }
-      }
-      if (!offer) {
-        logger.log(`Issuer url received (no credential offer): ${uri}`);
-        oid4vciClient = await OpenID4VCIClient2.fromCredentialIssuer({
-          credentialIssuer: uri,
-          authorizationRequest: authorizationRequestOpts,
-          clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
-        });
-      } else {
-        logger.log(`Credential offer received: ${uri}`);
-        oid4vciClient = await OpenID4VCIClient2.fromURI({
-          uri,
-          authorizationRequest: authorizationRequestOpts,
-          clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
-        });
-      }
-    }
-    if (offer) {
-      types = getTypesFromCredentialOffer(offer.original_credential_offer);
-    } else {
-      types = asArray2(authorizationRequestOpts.authorizationDetails).map((authReqOpts) => getTypesFromAuthorizationDetails(authReqOpts) ?? []).filter((inner) => inner.length > 0);
-    }
-    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
-    const credentialsSupported = await getCredentialConfigsSupportedMerged({
-      client: oid4vciClient,
-      vcFormatPreferences: formats,
-      types
-    });
-    const credentialBranding = await getCredentialBranding({
-      credentialsSupported,
-      context
-    });
-    const authorizationCodeURL = oid4vciClient.authorizationURL;
-    if (authorizationCodeURL) {
-      logger.log(`authorization code URL ${authorizationCodeURL}`);
-    }
-    const oid4vciClientState = JSON.parse(await oid4vciClient.exportState());
-    return {
-      authorizationCodeURL,
-      credentialBranding,
-      credentialsSupported,
-      serverMetadata,
-      oid4vciClientState
-    };
-  }
-  async oid4vciHolderCreateCredentialsToSelectFrom(args, context) {
-    const { credentialBranding, locale, selectedCredentials, credentialsSupported } = args;
-    logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(", ")}`);
-    const credentialSelection = await Promise.all(Object.entries(credentialsSupported).map(async ([id, credentialConfigSupported]) => {
-      const credentialTypes = getTypesFromObject2(credentialConfigSupported);
-      const localeBranding = !credentialBranding ? void 0 : credentialBranding?.[id] ?? Object.entries(credentialBranding).find(([type, _brandings]) => {
-        credentialTypes && type in credentialTypes;
-      })?.map(([type, supported]) => supported);
-      const credentialAlias = (await selectCredentialLocaleBranding({
-        locale,
-        localeBranding
-      }))?.alias;
-      return {
-        id: uuidv42(),
-        credentialId: id,
-        credentialTypes: credentialTypes ?? asArray2(id),
-        credentialAlias: credentialAlias ?? id,
-        isSelected: false
-      };
-    }));
-    if (credentialSelection.length >= 1) {
-      credentialSelection.map((sel) => selectedCredentials.push(sel.credentialId));
-    }
-    logger.log(`Credential selection ${JSON.stringify(credentialSelection)}`);
-    return credentialSelection;
-  }
-  async oid4vciHolderGetContact(args, context) {
-    const { serverMetadata } = args;
-    if (serverMetadata === void 0) {
-      return Promise.reject(Error("Missing serverMetadata in context"));
-    }
-    const names = new Set(serverMetadata.credentialIssuerMetadata?.display?.map((display) => display.name).filter((name2) => name2 != void 0).map((name2) => name2) ?? []);
-    const name = names.size > 0 ? Array.from(names)[0] : void 0;
-    const correlationId = new URL(serverMetadata.issuer).hostname;
-    const filter = [
-      {
-        identities: {
-          identifier: {
-            correlationId
-          }
-        }
-      }
-    ];
-    if (name) {
-      filter.push({
-        contact: {
-          legalName: name
-        }
-      });
-      filter.push({
-        contact: {
-          displayName: name
-        }
-      });
-    }
-    const parties = await context.agent.cmGetContacts({
-      filter
-    });
-    if (parties.length > 1) {
-      logger.warning(`Get contacts returned more than one result: ${parties.length}, ${parties.map((party2) => party2.contact.displayName).join(",")}`);
-    }
-    const party = parties.length >= 1 ? parties[0] : void 0;
-    logger.log(`Party involved: `, party);
-    return party;
-  }
-  async oid4vciHolderGetCredentials(args, context) {
-    const { verificationCode, openID4VCIClientState, didMethodPreferences = this.didMethodPreferences, issuanceOpt, accessTokenOpts } = args;
-    logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts);
-    if (!openID4VCIClientState) {
-      return Promise.reject(Error("Missing openID4VCI client state in context"));
-    }
-    const client = await OpenID4VCIClient2.fromState({
-      state: openID4VCIClientState
-    });
-    const credentialsSupported = await getCredentialConfigsSupportedMerged({
-      client,
-      vcFormatPreferences: this.vcFormatPreferences,
-      configurationIds: args.selectedCredentials
-    });
-    const serverMetadata = await client.retrieveServerMetadata();
-    const issuanceOpts = await getIssuanceOpts({
-      client,
-      credentialsSupported,
-      serverMetadata,
-      context,
-      didMethodPreferences: Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences,
-      jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences,
-      jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences,
-      ...issuanceOpt && {
-        forceIssuanceOpt: issuanceOpt
-      }
-    });
-    const getCredentials = issuanceOpts.map(async (issuanceOpt2) => await this.oid4vciHolderGetCredential({
-      issuanceOpt: issuanceOpt2,
-      pin: verificationCode,
-      client,
-      accessTokenOpts
-    }, context));
-    const allCredentials = await Promise.all(getCredentials);
-    logger.log(`Credentials received`, allCredentials);
-    return allCredentials;
-  }
-  async oid4vciHolderGetCredential(args, context) {
-    const { issuanceOpt, pin, client, accessTokenOpts } = args;
-    logger.info(`Getting credential`, issuanceOpt);
-    if (!issuanceOpt) {
-      return Promise.reject(Error(`Cannot get credential issuance options`));
-    }
-    const identifier = await getIdentifierOpts({
-      issuanceOpt,
-      context
-    });
-    issuanceOpt.identifier = identifier;
-    logger.info(`ID opts`, identifier);
-    const alg = await signatureAlgorithmFromKey({
-      key: identifier.key
-    });
-    const jwk = isManagedIdentifierJwkResult(identifier) ? identifier.jwk : void 0;
-    const callbacks = {
-      signCallback: signCallback(identifier, context)
-    };
-    try {
-      if (!client.clientId) {
-        client.clientId = isManagedIdentifierDidResult2(identifier) ? identifier.did : identifier.issuer;
-      }
-      let asOpts = void 0;
-      let kid = accessTokenOpts?.clientOpts?.kid ?? identifier.kid;
-      if (accessTokenOpts?.clientOpts) {
-        const clientId = accessTokenOpts.clientOpts.clientId ?? client.clientId ?? identifier.issuer;
-        if (client.isEBSI() && clientId?.startsWith("http") && kid?.includes("#")) {
-          kid = kid.split("#")[1];
-        }
-        const clientOpts = {
-          ...accessTokenOpts.clientOpts,
-          clientId,
-          kid,
-          // @ts-ignore
-          alg: accessTokenOpts.clientOpts.alg ?? alg,
-          signCallbacks: accessTokenOpts.clientOpts.signCallbacks ?? callbacks
-        };
-        asOpts = {
-          clientOpts
-        };
-      }
-      await client.acquireAccessToken({
-        clientId: client.clientId,
-        pin,
-        authorizationResponse: JSON.parse(await client.exportState()).authorizationCodeResponse,
-        additionalRequestParams: accessTokenOpts?.additionalRequestParams,
-        ...asOpts && {
-          asOpts
-        }
-      });
-      const types = getTypesFromObject2(issuanceOpt);
-      const id = "id" in issuanceOpt && issuanceOpt.id ? issuanceOpt.id : void 0;
-      const credentialTypes = asArray2(issuanceOpt.credentialConfigurationId ?? types ?? id);
-      if (!credentialTypes || credentialTypes.length === 0) {
-        return Promise.reject(Error("cannot determine credential id to request"));
-      }
-      const credentialDefinition = this.getCredentialDefinition(issuanceOpt);
-      const credentialResponse = await client.acquireCredentials({
-        ...credentialDefinition && {
-          context: credentialDefinition["@context"]
-        },
-        credentialTypes,
-        proofCallbacks: callbacks,
-        format: issuanceOpt.format,
-        // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying
-        deferredCredentialAwait: true,
-        ...!jwk && {
-          kid
-        },
-        jwk,
-        alg,
-        jti: uuidv42()
-      });
-      const credential = {
-        id: issuanceOpt.credentialConfigurationId ?? id,
-        types: types ?? asArray2(credentialTypes),
-        issuanceOpt,
-        credentialResponse
-      };
-      return mapCredentialToAccept({
-        credentialToAccept: credential,
-        hasher: this.hasher
-      });
-    } catch (error) {
-      return Promise.reject(error);
-    }
-  }
-  async oid4vciHolderAddContactIdentity(args, context) {
-    const { credentialsToAccept, contact } = args;
-    if (!contact) {
-      return Promise.reject(Error("Missing contact in context"));
-    }
-    if (credentialsToAccept === void 0 || credentialsToAccept.length === 0) {
-      return Promise.reject(Error("Missing credential offers in context"));
-    }
-    let correlationId = credentialsToAccept[0].correlationId;
-    let identifierType = CorrelationIdentifierType.DID;
-    if (!correlationId.toLowerCase().startsWith("did:")) {
-      identifierType = CorrelationIdentifierType.URL;
-      if (correlationId.startsWith("http")) {
-        correlationId = new URL(correlationId).hostname;
-      }
-    }
-    const identity = {
-      alias: credentialsToAccept[0].correlationId,
-      origin: IdentityOrigin.EXTERNAL,
-      roles: [
-        CredentialRole.ISSUER
-      ],
-      identifier: {
-        type: identifierType,
-        correlationId
-      },
-      ...identifierType === CorrelationIdentifierType.URL && {
-        connection: {
-          type: ConnectionType.OPENID_CONNECT,
-          config: {
-            clientId: "138d7bf8-c930-4c6e-b928-97d3a4928b01",
-            clientSecret: "03b3955f-d020-4f2a-8a27-4e452d4e27a0",
-            scopes: [
-              "auth"
-            ],
-            issuer: "https://example.com/app-test",
-            redirectUrl: "app:/callback",
-            dangerouslyAllowInsecureHttpRequests: true,
-            clientAuthMethod: "post"
-          }
-        }
-      }
-    };
-    await context.agent.emit(OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED, {
-      contactId: contact.id,
-      identity
-    });
-    logger.log(`Contact added: ${correlationId}`);
-    return context.agent.cmAddIdentity({
-      contactId: contact.id,
-      identity
-    });
-  }
-  async oid4vciHolderGetIssuerBranding(args, context) {
-    const { serverMetadata, contact } = args;
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
-    if (issuerCorrelationId) {
-      const branding = await context.agent.ibGetIssuerBranding({
-        filter: [
-          {
-            issuerCorrelationId
-          }
-        ]
-      });
-      if (branding.length > 0) {
-        return branding[0].localeBranding;
-      }
-    }
-    if (!serverMetadata) {
-      return Promise.reject(Error("Missing serverMetadata in context"));
-    }
-    return getBasicIssuerLocaleBranding({
-      display: serverMetadata.credentialIssuerMetadata?.display ?? [],
-      dynamicRegistrationClientMetadata: serverMetadata.credentialIssuerMetadata,
-      context
-    });
-  }
-  async oid4vciHolderStoreIssuerBranding(args, context) {
-    const { issuerBranding, contact } = args;
-    if (!issuerBranding || issuerBranding.length === 0 || issuerBranding[0].id) {
-      return;
-    }
-    if (!contact) {
-      return Promise.reject(Error("Missing contact in context"));
-    }
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
-    const branding = await context.agent.ibGetIssuerBranding({
-      filter: [
-        {
-          issuerCorrelationId
-        }
-      ]
-    });
-    if (branding.length > 0) {
-      return;
-    }
-    await context.agent.ibAddIssuerBranding({
-      localeBranding: issuerBranding,
-      issuerCorrelationId
-    });
-  }
-  async oid4vciHolderAssertValidCredentials(args, context) {
-    const { credentialsToAccept, issuanceOpt } = args;
-    return await Promise.all(credentialsToAccept.map((credentialToAccept) => verifyCredentialToAccept({
-      mappedCredential: credentialToAccept,
-      onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,
-      hasher: this.hasher,
-      schemaValidation: issuanceOpt?.schemaValidation,
-      context
-    })));
-  }
-  async oid4vciHolderStoreCredentialBranding(args, context) {
-    const { credentialBranding, serverMetadata, selectedCredentials, credentialsToAccept } = args;
-    if (serverMetadata === void 0) {
-      return Promise.reject(Error("Missing serverMetadata in context"));
-    } else if (selectedCredentials.length === 0) {
-      logger.warning(`No credentials selected for issuer: ${serverMetadata.issuer}`);
-      return;
-    }
-    let counter = 0;
-    for (const credentialId of selectedCredentials) {
-      const localeBranding = credentialBranding?.[credentialId];
-      if (localeBranding && localeBranding.length > 0) {
-        const credential = credentialsToAccept.find((credAccept) => credAccept.credentialToAccept.id === credentialId || JSON.stringify(credAccept.types) === credentialId || credentialsToAccept[counter]);
-        counter++;
-        await context.agent.ibAddCredentialBranding({
-          vcHash: computeEntryHash(credential.rawVerifiableCredential),
-          issuerCorrelationId: new URL(serverMetadata.issuer).hostname,
-          localeBranding
-        });
-        logger.log(`Credential branding for issuer ${serverMetadata.issuer} and type ${credentialId} stored with locales ${localeBranding.map((b) => b.locale).join(",")}`);
-      } else {
-        logger.warning(`No credential branding found for issuer: ${serverMetadata.issuer} and type ${credentialId}`);
-      }
-    }
-  }
-  async oid4vciHolderStoreCredentials(args, context) {
-    function trimmed(input) {
-      const trim = input?.trim();
-      if (trim === "") {
-        return void 0;
-      }
-      return trim;
-    }
-    __name(trimmed, "trimmed");
-    const { credentialsToAccept, openID4VCIClientState, credentialsSupported, serverMetadata, selectedCredentials } = args;
-    const mappedCredentialToAccept = credentialsToAccept[0];
-    if (selectedCredentials && selectedCredentials.length > 1) {
-      logger.error(`More than 1 credential selected ${selectedCredentials.join(", ")}, but current service only stores 1 credential!`);
-    }
-    const issuanceOpt = args.issuanceOpt ?? mappedCredentialToAccept.credentialToAccept.issuanceOpt;
-    if (!issuanceOpt || !issuanceOpt.identifier) {
-      return Promise.reject(Error("issuanceOpt.identifier must me set in order to store a credential"));
-    }
-    const { kmsKeyRef, method } = issuanceOpt.identifier;
-    let persist = true;
-    const verifiableCredential = mappedCredentialToAccept.uniformVerifiableCredential;
-    const notificationId = mappedCredentialToAccept.credentialToAccept.credentialResponse.notification_id;
-    const subjectIssuance = mappedCredentialToAccept.credential_subject_issuance;
-    const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint;
-    let holderCredential = void 0;
-    if (!notificationEndpoint) {
-      logger.log(`Notifications not supported by issuer ${serverMetadata?.issuer}. Will not provide a notification`);
-    } else if (notificationEndpoint && !notificationId) {
-      logger.warning(`Notification endpoint available in issuer metadata with value ${notificationEndpoint}, but no ${notificationId} provided. Will not send a notification to issuer ${serverMetadata?.issuer}`);
-    } else if (notificationEndpoint && notificationId) {
-      logger.log(`Notification id ${notificationId} found, will send back a notification to ${notificationEndpoint}`);
-      let event = "credential_accepted";
-      if (Array.isArray(subjectIssuance?.notification_events_supported)) {
-        event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
-        logger.log(`Subject issuance/signing will be used, with event`, event);
-        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
-        const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
-          hasher: this.hasher ?? defaultHasher2
-        });
-        console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
-        let issuer;
-        if (CredentialMapper2.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {
-          issuer = trimmed(wrappedIssuerVC.decoded?.sub);
-        } else if (CredentialMapper2.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {
-          issuer = trimmed(wrappedIssuerVC.credential?.sub) ?? trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC));
-        } else if (CredentialMapper2.isWrappedMdocCredential(wrappedIssuerVC)) {
-          return Promise.reject(Error("mdoc not yet supported"));
-        }
-        if (!issuer) {
-          issuer = trimmed(verifiableCredential.credentialSubject?.id);
-        }
-        if (!issuer && openID4VCIClientState?.kid?.startsWith("did:")) {
-          issuer = parseDid(openID4VCIClientState?.kid).did;
-        }
-        if (!issuer && openID4VCIClientState?.jwk?.kid?.startsWith("did:")) {
-          issuer = parseDid(openID4VCIClientState.jwk.kid).did;
-        }
-        if (!issuer && openID4VCIClientState?.clientId) {
-          issuer = trimmed(openID4VCIClientState.clientId);
-        }
-        if (!issuer && openID4VCIClientState?.accessTokenResponse) {
-          const decodedJwt = decodeJWT(openID4VCIClientState.accessTokenResponse.access_token);
-          issuer = decodedJwt.payload.sub;
-        }
-        if (!issuer && mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier) {
-          const resolution = await context.agent.identifierManagedGet(mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier);
-          issuer = resolution.issuer;
-        }
-        if (!issuer) {
-          throw Error(`We could not determine the issuer, which means we cannot sign the credential`);
-        }
-        logger.log(`Issuer for self-issued credential will be: ${issuer}`);
-        const holderCredentialToSign = wrappedIssuerVC.decoded;
-        let proofFormat = "lds";
-        if (wrappedIssuerVC.format.includes("jwt") && !wrappedIssuerVC.format.includes("mso_mdoc")) {
-          holderCredentialToSign.iss = issuer;
-          proofFormat = "jwt";
-        }
-        if ("issuer" in holderCredentialToSign && !("iss" in holderCredentialToSign)) {
-          holderCredentialToSign.issuer = issuer;
-        }
-        if ("sub" in holderCredentialToSign) {
-          holderCredentialToSign.sub = issuer;
-        }
-        if ("credentialSubject" in holderCredentialToSign && !Array.isArray(holderCredentialToSign.credentialSubject)) {
-          holderCredentialToSign.credentialSubject.id = issuer;
-        }
-        if ("vc" in holderCredentialToSign) {
-          if (holderCredentialToSign.vc.credentialSubject) {
-            holderCredentialToSign.vc.credentialSubject.id = issuer;
-          }
-          holderCredentialToSign.vc.issuer = issuer;
-          delete holderCredentialToSign.vc.proof;
-          delete holderCredentialToSign.vc.issuanceDate;
-        }
-        delete holderCredentialToSign.proof;
-        delete holderCredentialToSign.issuanceDate;
-        delete holderCredentialToSign.iat;
-        logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign);
-        const issuedVC = await context.agent.createVerifiableCredential({
-          credential: holderCredentialToSign,
-          fetchRemoteContexts: true,
-          save: false,
-          proofFormat
-        });
-        if (!issuedVC) {
-          throw Error(`Could not issue holder credential from the wallet`);
-        }
-        logger.log(`Holder ${issuedVC.issuer} issued new credential with id ${issuedVC.id}`, issuedVC);
-        holderCredential = CredentialMapper2.storedCredentialToOriginalFormat(issuedVC);
-        persist = event === "credential_accepted_holder_signed";
-      }
-      const notificationRequest = {
-        notification_id: notificationId,
-        ...holderCredential && {
-          credential: holderCredential
-        },
-        event
-      };
-      await this.oid4vciHolderSendNotification({
-        openID4VCIClientState,
-        stored: persist,
-        credentialsToAccept,
-        credentialsSupported,
-        notificationRequest,
-        serverMetadata
-      }, context);
-    }
-    const persistCredential = holderCredential ? CredentialMapper2.storedCredentialToOriginalFormat(holderCredential) : mappedCredentialToAccept.rawVerifiableCredential;
-    if (!persist && holderCredential) {
-      logger.log(`Will not persist credential, since we are signing as a holder and the issuer asked not to persist`);
-    } else {
-      logger.log(`Persisting credential`, persistCredential);
-      const issuer = CredentialMapper2.issuerCorrelationIdFromIssuerType(verifiableCredential.issuer);
-      const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
-      const persistedCredential = await context.agent.crsAddCredential({
-        credential: {
-          rawDocument: ensureRawDocument(persistCredential),
-          kmsKeyRef,
-          identifierMethod: method,
-          credentialRole: CredentialRole.HOLDER,
-          issuerCorrelationType: issuer?.startsWith("did:") ? CredentialCorrelationType.DID : CredentialCorrelationType.URL,
-          issuerCorrelationId: issuer,
-          subjectCorrelationType,
-          subjectCorrelationId
-        }
-      });
-      await context.agent.emit(OID4VCIHolderEvent.CREDENTIAL_STORED, {
-        credential: persistedCredential,
-        vcHash: persistedCredential.hash
-      });
-    }
-  }
-  async oid4vciHolderSendNotification(args, context) {
-    const { serverMetadata, notificationRequest, openID4VCIClientState } = args;
-    const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint;
-    if (!notificationEndpoint) {
-      return;
-    } else if (!openID4VCIClientState) {
-      return Promise.reject(Error("Missing openID4VCI client state in context"));
-    } else if (!notificationRequest) {
-      return Promise.reject(Error("Missing notification request"));
-    }
-    logger.log(`Will send notification to ${notificationEndpoint}`, notificationRequest);
-    const client = await OpenID4VCIClient2.fromState({
-      state: openID4VCIClientState
-    });
-    await client.sendNotification({
-      notificationEndpoint
-    }, notificationRequest, openID4VCIClientState?.accessTokenResponse?.access_token);
-    logger.log(`Notification to ${notificationEndpoint} has been dispatched`);
-  }
-  async getFederationTrust(args, context) {
-    const { requestData, serverMetadata, trustAnchors } = args;
-    if (trustAnchors.length === 0) {
-      return Promise.reject(Error("No trust anchors found"));
-    }
-    if (!requestData?.uri) {
-      return Promise.reject(Error("Missing request URI in context"));
-    }
-    if (!serverMetadata) {
-      return Promise.reject(Error("Missing serverMetadata in context"));
-    }
-    const url = new URL(requestData?.uri);
-    const params = new URLSearchParams(url.search);
-    const openidFederation = params.get("openid_federation");
-    const entityIdentifier = openidFederation ?? serverMetadata.issuer;
-    if (entityIdentifier.startsWith("http://")) {
-      console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`);
-      return [];
-    }
-    const result = await context.agent.identifierExternalResolveByOIDFEntityId({
-      method: "entity_id",
-      trustAnchors,
-      identifier: entityIdentifier
-    });
-    return result.trustedAnchors;
-  }
-  async oid4vciHolderGetIssuerMetadata(args, context) {
-    const { issuer, errorOnNotFound = true } = args;
-    return MetadataClient.retrieveAllMetadata(issuer, {
-      errorOnNotFound
-    });
-  }
-  determineSubjectCorrelation(identifier, issuer) {
-    switch (identifier.method) {
-      case "did":
-        if (isManagedIdentifierResult2(identifier) && isManagedIdentifierDidResult2(identifier)) {
-          return [
-            CredentialCorrelationType.DID,
-            identifier.did
-          ];
-        } else if (isManagedIdentifierDidOpts(identifier)) {
-          return [
-            CredentialCorrelationType.DID,
-            typeof identifier.identifier === "string" ? identifier.identifier : identifier.identifier.did
-          ];
-        }
-        break;
-      case "kid":
-        if (isManagedIdentifierResult2(identifier) && isManagedIdentifierKidResult(identifier)) {
-          return [
-            CredentialCorrelationType.KID,
-            identifier.kid
-          ];
-        } else if (isManagedIdentifierDidOpts(identifier)) {
-          return [
-            CredentialCorrelationType.KID,
-            identifier.identifier
-          ];
-        }
-        break;
-      case "x5c":
-        if (isManagedIdentifierResult2(identifier) && isManagedIdentifierX5cResult(identifier)) {
-          return [
-            CredentialCorrelationType.X509_SAN,
-            identifier.x5c.join("\r\n")
-          ];
-        } else if (isManagedIdentifierX5cOpts(identifier)) {
-          return [
-            CredentialCorrelationType.X509_SAN,
-            identifier.identifier.join("\r\n")
-          ];
-        }
-        break;
-    }
-    return [
-      CredentialCorrelationType.URL,
-      issuer
-    ];
-  }
-  idFromW3cCredentialSubject(wrappedIssuerVC) {
-    if (Array.isArray(wrappedIssuerVC.credential?.credentialSubject)) {
-      if (wrappedIssuerVC.credential?.credentialSubject.length > 0) {
-        return wrappedIssuerVC.credential?.credentialSubject[0].id;
-      }
-    } else {
-      return wrappedIssuerVC.credential?.credentialSubject?.id;
-    }
-    return void 0;
-  }
-  getCredentialDefinition(issuanceOpt) {
-    if (issuanceOpt.format == "ldp_vc" || issuanceOpt.format == "jwt_vc_json-ld") {
-      return issuanceOpt.credential_definition;
-    }
-    return void 0;
-  }
-};
-
-// src/listeners/headlessStateNavListener.ts
-import { Loggers as Loggers2, LogLevel, LogMethod } from "@sphereon/ssi-types";
-var logger2 = Loggers2.DEFAULT.options("sphereon:oid4vci:holder", {
-  defaultLogLevel: LogLevel.DEBUG,
-  methods: [
-    LogMethod.CONSOLE
-  ]
-}).get("sphereon:oid4vci:holder");
-var OID4VCICallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
-  return async (oid4vciMachine, state) => {
-    if (state._event.type === "internal") {
-      logger2.debug("oid4vciCallbackStateListener: internal event");
-      return;
-    }
-    logger2.info(`VCI state listener state: ${JSON.stringify(state.value)}`);
-    if (!callbacks || callbacks.size === 0) {
-      logger2.info(`VCI no callbacks registered for state: ${JSON.stringify(state.value)}`);
-      return;
-    }
-    for (const [stateKey, callback] of callbacks) {
-      if (state.matches(stateKey)) {
-        logger2.log(`VCI state callback for state: ${JSON.stringify(state.value)}, will execute...`);
-        await callback(oid4vciMachine, state).then(() => logger2.log(`state callback executed for state: ${JSON.stringify(state.value)}`)).catch((error) => {
-          logger2.error(`VCI state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`);
-          if (error.stack) {
-            logger2.error(error.stack);
-          }
-        });
-        break;
-      }
-    }
-  };
-}, "OID4VCICallbackStateListener");
-
-// src/link-handler/index.ts
-import { CredentialOfferClient as CredentialOfferClient2 } from "@sphereon/oid4vci-client";
-import { convertURIToJsonObject } from "@sphereon/oid4vci-common";
-import { LinkHandlerAdapter } from "@sphereon/ssi-sdk.core";
-import { interpreterStartOrResume } from "@sphereon/ssi-sdk.xstate-machine-persistence";
-var OID4VCIHolderLinkHandler = class extends LinkHandlerAdapter {
-  static {
-    __name(this, "OID4VCIHolderLinkHandler");
-  }
-  context;
-  stateNavigationListener;
-  firstPartyStateNavigationListener;
-  noStateMachinePersistence;
-  authorizationRequestOpts;
-  clientOpts;
-  trustAnchors;
-  constructor(args) {
-    super({
-      ...args,
-      id: "OID4VCIHolder"
-    });
-    this.authorizationRequestOpts = args.authorizationRequestOpts;
-    this.clientOpts = args.clientOpts;
-    this.context = args.context;
-    this.noStateMachinePersistence = args.noStateMachinePersistence === true;
-    this.stateNavigationListener = args.stateNavigationListener;
-    this.firstPartyStateNavigationListener = args.firstPartyStateNavigationListener;
-    this.trustAnchors = args.trustAnchors;
-  }
-  async handle(url, opts) {
-    const uri = new URL(url).toString();
-    const offerData = convertURIToJsonObject(uri);
-    const hasCode = "code" in offerData && !!offerData.code && !("issuer" in offerData);
-    const code = hasCode ? offerData.code : void 0;
-    const clientOpts = {
-      ...this.clientOpts,
-      ...opts?.clientOpts
-    };
-    const oid4vciMachine = await this.context.agent.oid4vciHolderGetMachineInterpreter({
-      requestData: {
-        // We know this can only be invoked with a credential offer, so we convert the URI to offer
-        ...!hasCode && {
-          credentialOffer: await CredentialOfferClient2.fromURI(uri)
-        },
-        ...hasCode && {
-          code
-        },
-        createAuthorizationRequestURL: opts?.createAuthorizationRequestURL,
-        flowType: opts?.flowType,
-        uri
-      },
-      trustAnchors: this.trustAnchors,
-      authorizationRequestOpts: {
-        ...this.authorizationRequestOpts,
-        ...opts?.authorizationRequestOpts
-      },
-      ...(clientOpts.clientId || clientOpts.clientAssertionType) && {
-        clientOpts
-      },
-      stateNavigationListener: this.stateNavigationListener,
-      firstPartyStateNavigationListener: this.firstPartyStateNavigationListener
-    });
-    const interpreter = oid4vciMachine.interpreter;
-    if (!opts?.machineState && this.context.agent.availableMethods().includes("machineStatesFindActive")) {
-      const stateType = hasCode ? "existing" : "new";
-      await interpreterStartOrResume({
-        stateType,
-        interpreter,
-        context: this.context,
-        cleanupAllOtherInstances: true,
-        cleanupOnFinalState: true,
-        singletonCheck: true,
-        noRegistration: this.noStateMachinePersistence
-      });
-    } else {
-      interpreter.start(opts?.machineState);
-    }
-    if (hasCode) {
-      interpreter.send(OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE, {
-        data: uri
-      });
-    }
-  }
-};
-export {
-  FirstPartyMachineEvents,
-  FirstPartyMachineServices,
-  FirstPartyMachineStateTypes,
-  IdentifierAliasEnum,
-  OID4VCICallbackStateListener,
-  OID4VCIHolder,
-  OID4VCIHolderEvent,
-  OID4VCIHolderLinkHandler,
-  OID4VCIMachineAddContactStates,
-  OID4VCIMachineEvents,
-  OID4VCIMachineGuards,
-  OID4VCIMachineServices,
-  OID4VCIMachineStates,
-  OID4VCIMachineVerifyPinStates,
-  RequestType,
-  SupportedLanguage,
-  createConfig,
-  getBasicIssuerLocaleBranding,
-  getCredentialBranding,
-  getCredentialConfigsBasedOnFormatPref,
-  getCredentialConfigsSupported,
-  getCredentialConfigsSupportedBySingleTypeOrId,
-  getCredentialConfigsSupportedMerged,
-  getIdentifierOpts,
-  getIssuanceCryptoSuite,
-  getIssuanceMethod,
-  getIssuanceOpts,
-  getSiopRequest,
-  issuerLocaleBrandingFrom,
-  mapCredentialToAccept,
-  oid4vciCombineDisplayLocalesFrom,
-  oid4vciCredentialDisplayLocalesFrom,
-  oid4vciCredentialLocaleBrandingFrom,
-  oid4vciGetCredentialBrandingFrom,
-  oid4vciHolderContextMethods,
-  oid4vciIssuerCredentialSubjectLocalesFrom,
-  sdJwtCombineDisplayLocalesFrom,
-  sdJwtCredentialClaimLocalesFrom,
-  sdJwtCredentialDisplayLocalesFrom,
-  sdJwtCredentialLocaleBrandingFrom,
-  sdJwtGetCredentialBrandingFrom,
-  selectCredentialLocaleBranding,
-  sendAuthorizationChallengeRequest,
-  sendAuthorizationResponse,
-  signCallback,
-  startFirstPartApplicationMachine,
-  verifyCredentialToAccept
-};
+"use strict";
+/**
+ * @public
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signCallback = exports.oid4vciHolderContextMethods = exports.OID4VCIHolder = void 0;
+var OID4VCIHolder_1 = require("./agent/OID4VCIHolder");
+Object.defineProperty(exports, "OID4VCIHolder", { enumerable: true, get: function () { return OID4VCIHolder_1.OID4VCIHolder; } });
+Object.defineProperty(exports, "oid4vciHolderContextMethods", { enumerable: true, get: function () { return OID4VCIHolder_1.oid4vciHolderContextMethods; } });
+Object.defineProperty(exports, "signCallback", { enumerable: true, get: function () { return OID4VCIHolder_1.signCallback; } });
+__exportStar(require("./mappers/OIDC4VCIBrandingMapper"), exports);
+__exportStar(require("./services/OID4VCIHolderService"), exports);
+__exportStar(require("./services/FirstPartyMachineServices"), exports);
+__exportStar(require("./types/IOID4VCIHolder"), exports);
+__exportStar(require("./types/FirstPartyMachine"), exports);
+__exportStar(require("./listeners/headlessStateNavListener"), exports);
+__exportStar(require("./link-handler"), exports);
 //# sourceMappingURL=index.js.map