@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feat.SSISDK.35.63 → 0.34.1-feat.SSISDK.55.243

package/dist/index.js

@@ -56,14 +56,16 @@ var require_nl = __commonJS({
 
 // src/agent/OID4VCIHolder.ts
 import { CredentialOfferClient, MetadataClient, OpenID4VCIClient as OpenID4VCIClient2 } from "@sphereon/oid4vci-client";
-import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCredentialOffer, getTypesFromObject as getTypesFromObject2 } from "@sphereon/oid4vci-common";
+import { DefaultURISchemes, getTypesFromObject as getTypesFromObject2 } from "@sphereon/oid4vci-common";
 import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
 import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
-import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
-import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
+import { ensureRawDocument } from "@sphereon/ssi-sdk.data-store-types";
+import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store-types";
+import { CredentialMapper as CredentialMapper2, CredentialRole, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
 import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
+import fetch from "cross-fetch";
 import { decodeJWT } from "did-jwt";
 import { v4 as uuidv42 } from "uuid";
 
@@ -978,14 +980,300 @@ var OID4VCIMachine = class {
 
 // src/services/OID4VCIHolderService.ts
 import { LOG } from "@sphereon/oid4vci-client";
-import { getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject, OpenId4VCIVersion } from "@sphereon/oid4vci-common";
+import { getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject } from "@sphereon/oid4vci-common";
 import { KeyUse } from "@sphereon/ssi-sdk-ext.did-resolver-jwk";
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isIIdentifier, isManagedIdentifierDidResult, isManagedIdentifierResult, managedIdentifierToJwk } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { keyTypeFromCryptographicSuite } from "@sphereon/ssi-sdk-ext.key-utils";
+import { defaultHasher } from "@sphereon/ssi-sdk.core";
 import { CredentialMapper, JoseSignatureAlgorithm, mdocDecodedCredentialToUniformCredential, sdJwtDecodedCredentialToUniformCredential } from "@sphereon/ssi-types";
 import { asArray } from "@veramo/utils";
 
+// src/machines/firstPartyMachine.ts
+import { assign as assign2, createMachine as createMachine2, interpret as interpret2 } from "xstate";
+import { AuthorizationChallengeError } from "@sphereon/oid4vci-common";
+
+// src/services/FirstPartyMachineServices.ts
+import { OpenID4VCIClient } from "@sphereon/oid4vci-client";
+import { v4 as uuidv4 } from "uuid";
+var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
+  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
+  const oid4vciClient = await OpenID4VCIClient.fromState({
+    state: openID4VCIClientState
+  });
+  return oid4vciClient.acquireAuthorizationChallengeCode({
+    clientId: oid4vciClient.clientId ?? uuidv4(),
+    ...authSession && {
+      authSession
+    },
+    ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
+      issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
+    },
+    ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
+      issuerState: openID4VCIClientState.credentialOffer?.issuerState
+    },
+    ...presentationDuringIssuanceSession && {
+      presentationDuringIssuanceSession
+    }
+  });
+}, "sendAuthorizationChallengeRequest");
+var createConfig = /* @__PURE__ */ __name(async (args, context) => {
+  const { presentationUri } = args;
+  if (!presentationUri) {
+    return Promise.reject(Error("Missing presentation uri in context"));
+  }
+  return context.agent.siopCreateConfig({
+    url: presentationUri
+  });
+}, "createConfig");
+var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
+  const { didAuthConfig, presentationUri } = args;
+  if (presentationUri === void 0) {
+    return Promise.reject(Error("Missing presentation uri in context"));
+  }
+  if (didAuthConfig === void 0) {
+    return Promise.reject(Error("Missing did auth config in context"));
+  }
+  return context.agent.siopGetSiopRequest({
+    didAuthConfig,
+    url: presentationUri
+  });
+}, "getSiopRequest");
+var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
+  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
+  const responseData = await context.agent.siopSendResponse({
+    authorizationRequestData,
+    selectedCredentials,
+    didAuthConfig,
+    isFirstParty: true
+  });
+  return responseData.body.presentation_during_issuance_session;
+}, "sendAuthorizationResponse");
+
+// src/machines/firstPartyMachine.ts
+var firstPartyMachineStates = {
+  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.done,
+        actions: assign2({
+          authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
+        })
+      },
+      onError: [
+        {
+          target: FirstPartyMachineStateTypes.createConfig,
+          cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === AuthorizationChallengeError.insufficient_authorization, "cond"),
+          actions: assign2({
+            authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
+            presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
+          })
+        },
+        {
+          target: FirstPartyMachineStateTypes.error,
+          actions: assign2({
+            error: /* @__PURE__ */ __name((_ctx, _event) => ({
+              title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
+              message: _event.data.message,
+              stack: _event.data.stack
+            }), "error")
+          })
+        }
+      ]
+    }
+  },
+  [FirstPartyMachineStateTypes.createConfig]: {
+    id: FirstPartyMachineStateTypes.createConfig,
+    invoke: {
+      src: FirstPartyMachineServices.createConfig,
+      onDone: {
+        target: FirstPartyMachineStateTypes.getSiopRequest,
+        actions: assign2({
+          didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
+        })
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("oid4vci_machine_create_config_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
+      }
+    }
+  },
+  [FirstPartyMachineStateTypes.getSiopRequest]: {
+    id: FirstPartyMachineStateTypes.getSiopRequest,
+    invoke: {
+      src: FirstPartyMachineServices.getSiopRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.selectCredentials,
+        actions: assign2({
+          authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
+        })
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("siopV2_machine_get_request_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
+      }
+    }
+  },
+  [FirstPartyMachineStateTypes.selectCredentials]: {
+    id: FirstPartyMachineStateTypes.selectCredentials,
+    on: {
+      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
+        actions: assign2({
+          selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
+        })
+      },
+      [FirstPartyMachineEvents.NEXT]: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationResponse
+      },
+      [FirstPartyMachineEvents.DECLINE]: {
+        target: FirstPartyMachineStateTypes.declined
+      },
+      [FirstPartyMachineEvents.PREVIOUS]: {
+        target: FirstPartyMachineStateTypes.aborted
+      }
+    }
+  },
+  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationResponse,
+      onDone: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+        actions: assign2({
+          presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
+        })
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("oid4vci_machine_get_request_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
+      }
+    }
+  },
+  [FirstPartyMachineStateTypes.aborted]: {
+    id: FirstPartyMachineStateTypes.aborted,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.declined]: {
+    id: FirstPartyMachineStateTypes.declined,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.error]: {
+    id: FirstPartyMachineStateTypes.error,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.done]: {
+    id: FirstPartyMachineStateTypes.done,
+    type: "final"
+  }
+};
+var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
+  const initialContext = {
+    openID4VCIClientState: opts.openID4VCIClientState,
+    contact: opts.contact,
+    selectedCredentials: []
+  };
+  return createMachine2({
+    id: opts?.machineId ?? "FirstParty",
+    predictableActionArguments: true,
+    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    context: initialContext,
+    states: firstPartyMachineStates,
+    schema: {
+      events: {},
+      services: {}
+    }
+  });
+}, "createFirstPartyActivationMachine");
+var FirstPartyMachine = class _FirstPartyMachine {
+  static {
+    __name(this, "FirstPartyMachine");
+  }
+  static _instance;
+  static hasInstance() {
+    return _FirstPartyMachine._instance !== void 0;
+  }
+  static get instance() {
+    if (!_FirstPartyMachine._instance) {
+      throw Error("Please initialize ESIMActivation machine first");
+    }
+    return _FirstPartyMachine._instance;
+  }
+  static clearInstance(opts) {
+    const { stop } = opts;
+    if (_FirstPartyMachine.hasInstance()) {
+      if (stop) {
+        _FirstPartyMachine.stopInstance();
+      }
+    }
+    _FirstPartyMachine._instance = void 0;
+  }
+  static stopInstance() {
+    if (!_FirstPartyMachine.hasInstance()) {
+      return;
+    }
+    _FirstPartyMachine.instance.stop();
+    _FirstPartyMachine._instance = void 0;
+  }
+  static newInstance(opts) {
+    const { agentContext } = opts;
+    const services = {
+      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
+      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
+      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
+      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
+    };
+    const newInst = interpret2(createFirstPartyActivationMachine(opts).withConfig({
+      services: {
+        ...services,
+        ...opts?.services
+      },
+      guards: {
+        ...opts?.guards
+      }
+    }));
+    if (typeof opts?.subscription === "function") {
+      newInst.onTransition(opts.subscription);
+    }
+    if (opts?.requireCustomNavigationHook !== true) {
+      newInst.onTransition((snapshot) => {
+        if (opts?.stateNavigationListener) {
+          void opts.stateNavigationListener(newInst, snapshot);
+        }
+      });
+    }
+    return newInst;
+  }
+  static getInstance(opts) {
+    if (!_FirstPartyMachine._instance) {
+      if (opts?.requireExisting === true) {
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+      }
+      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    }
+    return _FirstPartyMachine._instance;
+  }
+};
+
 // src/mappers/OIDC4VCIBrandingMapper.ts
 var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
   const { credentialDisplay, issuerCredentialSubject } = args;
@@ -1151,390 +1439,104 @@ var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
   return {
     ...credentialDisplay.name && {
       alias: credentialDisplay.name
-    },
-    ...credentialDisplay.lang && {
-      locale: credentialDisplay.lang
-    },
-    ...credentialDisplay.rendering?.simple?.logo && {
-      logo: {
-        ...credentialDisplay.rendering.simple.logo.uri && {
-          uri: credentialDisplay.rendering.simple.logo.uri
-        },
-        ...credentialDisplay.rendering.simple.logo.alt_text && {
-          alt: credentialDisplay.rendering.simple.logo.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.rendering?.simple?.text_color && {
-      text: {
-        color: credentialDisplay.rendering.simple.text_color
-      }
-    },
-    ...credentialDisplay.rendering?.simple?.background_color && {
-      background: {
-        color: credentialDisplay.rendering.simple.background_color
-      }
-    }
-  };
-}, "sdJwtCredentialLocaleBrandingFrom");
-var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...claimsMetadata.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = claimsMetadata.get(locale);
-    return {
-      ...display && await sdJwtCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "sdJwtCombineDisplayLocalesFrom");
-var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
-  return {
-    ...dynamicRegistrationClientMetadata?.client_name && {
-      alias: dynamicRegistrationClientMetadata.client_name
-    },
-    ...issuerDisplay.name && {
-      alias: issuerDisplay.name
-    },
-    ...issuerDisplay.locale && {
-      locale: issuerDisplay.locale
-    },
-    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
-      logo: {
-        ...dynamicRegistrationClientMetadata?.logo_uri && {
-          uri: dynamicRegistrationClientMetadata?.logo_uri
-        },
-        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
-          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
-        },
-        ...issuerDisplay.logo?.alt_text && {
-          alt: issuerDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...issuerDisplay.description && {
-      description: issuerDisplay.description
-    },
-    ...issuerDisplay.text_color && {
-      text: {
-        color: issuerDisplay.text_color
-      }
-    },
-    ...dynamicRegistrationClientMetadata?.client_uri && {
-      clientUri: dynamicRegistrationClientMetadata.client_uri
-    },
-    ...dynamicRegistrationClientMetadata?.tos_uri && {
-      tosUri: dynamicRegistrationClientMetadata.tos_uri
-    },
-    ...dynamicRegistrationClientMetadata?.policy_uri && {
-      policyUri: dynamicRegistrationClientMetadata.policy_uri
-    },
-    ...dynamicRegistrationClientMetadata?.contacts && {
-      contacts: dynamicRegistrationClientMetadata.contacts
-    }
-  };
-}, "issuerLocaleBrandingFrom");
-
-// src/machines/firstPartyMachine.ts
-import { assign as assign2, createMachine as createMachine2, interpret as interpret2 } from "xstate";
-import { AuthorizationChallengeError } from "@sphereon/oid4vci-common";
-
-// src/services/FirstPartyMachineServices.ts
-import { OpenID4VCIClient } from "@sphereon/oid4vci-client";
-import { v4 as uuidv4 } from "uuid";
-var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
-  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
-  const oid4vciClient = await OpenID4VCIClient.fromState({
-    state: openID4VCIClientState
-  });
-  return oid4vciClient.acquireAuthorizationChallengeCode({
-    clientId: oid4vciClient.clientId ?? uuidv4(),
-    ...authSession && {
-      authSession
-    },
-    ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
-      issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
-    },
-    ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
-      issuerState: openID4VCIClientState.credentialOffer?.issuerState
-    },
-    ...presentationDuringIssuanceSession && {
-      presentationDuringIssuanceSession
-    }
-  });
-}, "sendAuthorizationChallengeRequest");
-var createConfig = /* @__PURE__ */ __name(async (args, context) => {
-  const { presentationUri } = args;
-  if (!presentationUri) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  return context.agent.siopCreateConfig({
-    url: presentationUri
-  });
-}, "createConfig");
-var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, presentationUri } = args;
-  if (presentationUri === void 0) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  if (didAuthConfig === void 0) {
-    return Promise.reject(Error("Missing did auth config in context"));
-  }
-  return context.agent.siopGetSiopRequest({
-    didAuthConfig,
-    url: presentationUri
-  });
-}, "getSiopRequest");
-var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
-  const responseData = await context.agent.siopSendResponse({
-    authorizationRequestData,
-    selectedCredentials,
-    didAuthConfig,
-    isFirstParty: true
-  });
-  return responseData.body.presentation_during_issuance_session;
-}, "sendAuthorizationResponse");
-
-// src/machines/firstPartyMachine.ts
-var firstPartyMachineStates = {
-  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.done,
-        actions: assign2({
-          authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
-        })
-      },
-      onError: [
-        {
-          target: FirstPartyMachineStateTypes.createConfig,
-          cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === AuthorizationChallengeError.insufficient_authorization, "cond"),
-          actions: assign2({
-            authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
-            presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
-          })
-        },
-        {
-          target: FirstPartyMachineStateTypes.error,
-          actions: assign2({
-            error: /* @__PURE__ */ __name((_ctx, _event) => ({
-              title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
-              message: _event.data.message,
-              stack: _event.data.stack
-            }), "error")
-          })
-        }
-      ]
-    }
-  },
-  [FirstPartyMachineStateTypes.createConfig]: {
-    id: FirstPartyMachineStateTypes.createConfig,
-    invoke: {
-      src: FirstPartyMachineServices.createConfig,
-      onDone: {
-        target: FirstPartyMachineStateTypes.getSiopRequest,
-        actions: assign2({
-          didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_create_config_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.getSiopRequest]: {
-    id: FirstPartyMachineStateTypes.getSiopRequest,
-    invoke: {
-      src: FirstPartyMachineServices.getSiopRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.selectCredentials,
-        actions: assign2({
-          authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("siopV2_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
+    },
+    ...credentialDisplay.lang && {
+      locale: credentialDisplay.lang
+    },
+    ...credentialDisplay.rendering?.simple?.logo && {
+      logo: {
+        ...credentialDisplay.rendering.simple.logo.uri && {
+          uri: credentialDisplay.rendering.simple.logo.uri
+        },
+        ...credentialDisplay.rendering.simple.logo.alt_text && {
+          alt: credentialDisplay.rendering.simple.logo.alt_text
+        }
       }
-    }
-  },
-  [FirstPartyMachineStateTypes.selectCredentials]: {
-    id: FirstPartyMachineStateTypes.selectCredentials,
-    on: {
-      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
-        actions: assign2({
-          selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
-        })
-      },
-      [FirstPartyMachineEvents.NEXT]: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationResponse
-      },
-      [FirstPartyMachineEvents.DECLINE]: {
-        target: FirstPartyMachineStateTypes.declined
-      },
-      [FirstPartyMachineEvents.PREVIOUS]: {
-        target: FirstPartyMachineStateTypes.aborted
+    },
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.rendering?.simple?.text_color && {
+      text: {
+        color: credentialDisplay.rendering.simple.text_color
       }
-    }
-  },
-  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationResponse,
-      onDone: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-        actions: assign2({
-          presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
+    },
+    ...credentialDisplay.rendering?.simple?.background_color && {
+      background: {
+        color: credentialDisplay.rendering.simple.background_color
       }
     }
-  },
-  [FirstPartyMachineStateTypes.aborted]: {
-    id: FirstPartyMachineStateTypes.aborted,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.declined]: {
-    id: FirstPartyMachineStateTypes.declined,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.error]: {
-    id: FirstPartyMachineStateTypes.error,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.done]: {
-    id: FirstPartyMachineStateTypes.done,
-    type: "final"
-  }
-};
-var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
-  const initialContext = {
-    openID4VCIClientState: opts.openID4VCIClientState,
-    contact: opts.contact,
-    selectedCredentials: []
   };
-  return createMachine2({
-    id: opts?.machineId ?? "FirstParty",
-    predictableActionArguments: true,
-    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    context: initialContext,
-    states: firstPartyMachineStates,
-    schema: {
-      events: {},
-      services: {}
-    }
-  });
-}, "createFirstPartyActivationMachine");
-var FirstPartyMachine = class _FirstPartyMachine {
-  static {
-    __name(this, "FirstPartyMachine");
-  }
-  static _instance;
-  static hasInstance() {
-    return _FirstPartyMachine._instance !== void 0;
-  }
-  static get instance() {
-    if (!_FirstPartyMachine._instance) {
-      throw Error("Please initialize ESIMActivation machine first");
-    }
-    return _FirstPartyMachine._instance;
-  }
-  static clearInstance(opts) {
-    const { stop } = opts;
-    if (_FirstPartyMachine.hasInstance()) {
-      if (stop) {
-        _FirstPartyMachine.stopInstance();
-      }
-    }
-    _FirstPartyMachine._instance = void 0;
-  }
-  static stopInstance() {
-    if (!_FirstPartyMachine.hasInstance()) {
-      return;
-    }
-    _FirstPartyMachine.instance.stop();
-    _FirstPartyMachine._instance = void 0;
-  }
-  static newInstance(opts) {
-    const { agentContext } = opts;
-    const services = {
-      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
-      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
-      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
-      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
-    };
-    const newInst = interpret2(createFirstPartyActivationMachine(opts).withConfig({
-      services: {
-        ...services,
-        ...opts?.services
+}, "sdJwtCredentialLocaleBrandingFrom");
+var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...claimsMetadata.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = claimsMetadata.get(locale);
+    return {
+      ...display && await sdJwtCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
       },
-      guards: {
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      newInst.onTransition(opts.subscription);
-    }
-    if (opts?.requireCustomNavigationHook !== true) {
-      newInst.onTransition((snapshot) => {
-        if (opts?.stateNavigationListener) {
-          void opts.stateNavigationListener(newInst, snapshot);
+      claims
+    };
+  }));
+}, "sdJwtCombineDisplayLocalesFrom");
+var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
+  return {
+    ...dynamicRegistrationClientMetadata?.client_name && {
+      alias: dynamicRegistrationClientMetadata.client_name
+    },
+    ...issuerDisplay.name && {
+      alias: issuerDisplay.name
+    },
+    ...issuerDisplay.locale && {
+      locale: issuerDisplay.locale
+    },
+    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
+      logo: {
+        ...dynamicRegistrationClientMetadata?.logo_uri && {
+          uri: dynamicRegistrationClientMetadata?.logo_uri
+        },
+        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
+          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
+        },
+        ...issuerDisplay.logo?.alt_text && {
+          alt: issuerDisplay.logo?.alt_text
         }
-      });
-    }
-    return newInst;
-  }
-  static getInstance(opts) {
-    if (!_FirstPartyMachine._instance) {
-      if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
       }
-      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    },
+    ...issuerDisplay.description && {
+      description: issuerDisplay.description
+    },
+    ...issuerDisplay.text_color && {
+      text: {
+        color: issuerDisplay.text_color
+      }
+    },
+    ...dynamicRegistrationClientMetadata?.client_uri && {
+      clientUri: dynamicRegistrationClientMetadata.client_uri
+    },
+    ...dynamicRegistrationClientMetadata?.tos_uri && {
+      tosUri: dynamicRegistrationClientMetadata.tos_uri
+    },
+    ...dynamicRegistrationClientMetadata?.policy_uri && {
+      policyUri: dynamicRegistrationClientMetadata.policy_uri
+    },
+    ...dynamicRegistrationClientMetadata?.contacts && {
+      contacts: dynamicRegistrationClientMetadata.contacts
     }
-    return _FirstPartyMachine._instance;
-  }
-};
+  };
+}, "issuerLocaleBrandingFrom");
 
 // src/services/OID4VCIHolderService.ts
-import { defaultHasher } from "@sphereon/ssi-sdk.core";
 var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
   const { credentialsSupported, context } = args;
   const credentialBranding = {};
@@ -1606,16 +1608,7 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credentialResponse = mappedCredential.credentialToAccept.credentialResponse;
-  let credential;
-  if ("credential" in credentialResponse) {
-    credential = credentialResponse.credential;
-  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-    credential = credentialResponse.credentials[0].credential;
-  }
-  if (!credential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse);
   const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, {
     hasher: hasher ?? defaultHasher
   });
@@ -1667,16 +1660,7 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 }, "verifyCredentialToAccept");
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
-  const credentialResponse = credentialToAccept.credentialResponse;
-  let verifiableCredential;
-  if ("credential" in credentialResponse) {
-    verifiableCredential = credentialResponse.credential;
-  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-    verifiableCredential = credentialResponse.credentials[0].credential;
-  }
-  if (!verifiableCredential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse);
   const wrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
     hasher
   });
@@ -1696,6 +1680,7 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     uniformVerifiableCredential = wrappedVerifiableCredential.credential;
   }
   const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
+  const credentialResponse = credentialToAccept.credentialResponse;
   return {
     correlationId,
     credentialToAccept,
@@ -1707,6 +1692,18 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     }
   };
 }, "mapCredentialToAccept");
+var extractCredentialFromResponse = /* @__PURE__ */ __name((credentialResponse) => {
+  let credential;
+  if ("credential" in credentialResponse) {
+    credential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    credential = credentialResponse.credentials[0].credential;
+  }
+  if (!credential) {
+    throw new Error("No credential found in credential response");
+  }
+  return credential;
+}, "extractCredentialFromResponse");
 var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
   const { issuanceOpt, context } = args;
   const { identifier: identifierArg } = issuanceOpt;
@@ -1815,24 +1812,19 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
   }
   __name(createIdFromTypes, "createIdFromTypes");
   if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(false);
+    const allSupported2 = client.getCredentialsSupported(format);
     return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
   }
-  if (!types && !client.credentialOffer) {
-    return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
+  if (!client.credentialOffer) {
+    return Promise.reject(Error("openID4VCIClient has no credentialOffer"));
   }
-  if (!Array.isArray(format) && client.credentialOffer) {
-    if (client.version() > OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
-      format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
-      if (format?.length === 0) {
-        format = void 0;
-      }
-    }
+  if (!types) {
+    return Promise.reject(Error("openID4VCIClient has no types"));
   }
   const offerSupported = getSupportedCredentials({
-    types: types ? [
+    types: [
       types
-    ] : client.getCredentialOfferTypes(),
+    ],
     format,
     version: client.version(),
     issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
@@ -2007,7 +1999,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
-    case "vc+sd-jwt":
+    //case 'vc+sd-jwt': // TODO see SSISDK-52 concerning vc+sd-jwt
     case "dc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
@@ -2076,7 +2068,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 }, "startFirstPartApplicationMachine");
 
 // src/agent/OID4VCIHolder.ts
-import "cross-fetch/polyfill";
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2297,7 +2288,6 @@ var OID4VCIHolder = class _OID4VCIHolder {
       formats = Array.from(new Set(authFormats));
     }
     let oid4vciClient;
-    let types = void 0;
     let offer;
     if (requestData.existingClientState) {
       oid4vciClient = await OpenID4VCIClient2.fromState({
@@ -2333,17 +2323,18 @@ var OID4VCIHolder = class _OID4VCIHolder {
         });
       }
     }
+    let configurationIds = [];
     if (offer) {
-      types = getTypesFromCredentialOffer(offer.original_credential_offer);
+      configurationIds = offer.original_credential_offer.credential_configuration_ids;
     } else {
-      types = asArray2(authorizationRequestOpts.authorizationDetails).map((authReqOpts) => getTypesFromAuthorizationDetails(authReqOpts) ?? []).filter((inner) => inner.length > 0);
+      configurationIds = asArray2(authorizationRequestOpts.authorizationDetails).filter((authDetails) => typeof authDetails !== "string").map((authReqOpts) => authReqOpts.credential_configuration_id).filter((id) => !!id);
     }
-    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
       client: oid4vciClient,
       vcFormatPreferences: formats,
-      types
+      configurationIds
     });
+    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialBranding = await getCredentialBranding({
       credentialsSupported,
       context
@@ -2732,16 +2723,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse;
-        let issuerVC;
-        if ("credential" in credentialResponse) {
-          issuerVC = credentialResponse.credential;
-        } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-          issuerVC = credentialResponse.credentials[0].credential;
-        }
-        if (!issuerVC) {
-          return Promise.reject(Error("No credential found in credential response"));
-        }
+        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse);
         const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
           hasher: this.hasher ?? defaultHasher2
         });
@@ -3112,6 +3094,7 @@ export {
   RequestType,
   SupportedLanguage,
   createConfig,
+  extractCredentialFromResponse,
   getBasicIssuerLocaleBranding,
   getCredentialBranding,
   getCredentialConfigsBasedOnFormatPref,