npm - @sphereon/ssi-sdk.oid4vci-holder - Versions diffs - 0.34.1-feature.DIIPv4.29 → 0.34.1-feature.DIIPv4.75 - Mend

@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.DIIPv4.29 → 0.34.1-feature.DIIPv4.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.cjs +389 -384
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +9 -6
package/dist/index.d.ts +9 -6
package/dist/index.js +497 -492
package/dist/index.js.map +1 -1
package/package.json +25 -24
package/src/agent/OID4VCIHolder.ts +23 -22
package/src/services/OID4VCIHolderService.ts +45 -44
package/src/types/FirstPartyMachine.ts +6 -5
package/src/types/IOID4VCIHolder.ts +3 -1

package/dist/index.cjs CHANGED Viewed

@@ -100,6 +100,7 @@ __export(index_exports, {
   RequestType: () => RequestType,
   SupportedLanguage: () => SupportedLanguage,
   createConfig: () => createConfig,
+  extractCredentialFromResponse: () => extractCredentialFromResponse,
   getBasicIssuerLocaleBranding: () => getBasicIssuerLocaleBranding,
   getCredentialBranding: () => getCredentialBranding,
   getCredentialConfigsBasedOnFormatPref: () => getCredentialConfigsBasedOnFormatPref,
@@ -139,7 +140,8 @@ var import_oid4vci_common4 = require("@sphereon/oid4vci-common");
 var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext6 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk_ext7 = require("@sphereon/ssi-sdk-ext.key-utils");
-var import_ssi_sdk2 = require("@sphereon/ssi-sdk.data-store");
+var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store");
 var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_utils2 = require("@veramo/utils");
 var import_did_jwt = require("did-jwt");
@@ -228,6 +230,7 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
   OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
   OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
+  OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
   OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
   OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
   OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -1060,271 +1063,10 @@ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-resolver-jwk");
 var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.key-utils");
+var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
 var import_ssi_types = require("@sphereon/ssi-types");
 var import_utils = require("@veramo/utils");
-// src/mappers/OIDC4VCIBrandingMapper.ts
-var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, issuerCredentialSubject } = args;
-  return oid4vciCombineDisplayLocalesFrom({
-    ...issuerCredentialSubject && {
-      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
-        issuerCredentialSubject
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "oid4vciGetCredentialBrandingFrom");
-var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.locale || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "oid4vciCredentialDisplayLocalesFrom");
-var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerCredentialSubject } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
-    Object.entries(claim).forEach(([key, value]) => {
-      if (key === "mandatory" || key === "value_type") {
-        return;
-      }
-      if (key === "display" && Array.isArray(value)) {
-        value.forEach(({ name, locale = "" }) => {
-          if (!name) {
-            return;
-          }
-          if (!localeClaims.has(locale)) {
-            localeClaims.set(locale, []);
-          }
-          localeClaims.get(locale).push({
-            key: parentKey,
-            name
-          });
-        });
-      } else if (typeof value === "object" && value !== null) {
-        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
-      }
-    });
-  }, "processClaimObject");
-  processClaimObject(issuerCredentialSubject);
-  return localeClaims;
-}, "oid4vciIssuerCredentialSubjectLocalesFrom");
-var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.locale && {
-      locale: credentialDisplay.locale
-    },
-    ...credentialDisplay.logo && {
-      logo: {
-        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
-          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
-        },
-        ...credentialDisplay.logo.alt_text && {
-          alt: credentialDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.text_color && {
-      text: {
-        color: credentialDisplay.text_color
-      }
-    },
-    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
-      background: {
-        ...credentialDisplay.background_image && {
-          image: {
-            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
-              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
-            },
-            ...credentialDisplay.background_image.alt_text && {
-              alt: credentialDisplay.background_image?.alt_text
-            }
-          }
-        },
-        ...credentialDisplay.background_color && {
-          color: credentialDisplay.background_color
-        }
-      }
-    }
-  };
-}, "oid4vciCredentialLocaleBrandingFrom");
-var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...issuerCredentialSubjectLocales.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = issuerCredentialSubjectLocales.get(locale);
-    return {
-      ...display && await oid4vciCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "oid4vciCombineDisplayLocalesFrom");
-var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, claimsMetadata } = args;
-  return sdJwtCombineDisplayLocalesFrom({
-    ...claimsMetadata && {
-      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
-        claimsMetadata
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "sdJwtGetCredentialBrandingFrom");
-var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.lang || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "sdJwtCredentialDisplayLocalesFrom");
-var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { claimsMetadata } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  claimsMetadata.forEach((claim) => {
-    claim.display?.forEach((display) => {
-      const { lang = "", label } = display;
-      const key = claim.path.map((value) => String(value)).join(".");
-      if (!localeClaims.has(lang)) {
-        localeClaims.set(lang, []);
-      }
-      localeClaims.get(lang).push({
-        key,
-        name: label
-      });
-    });
-  });
-  return localeClaims;
-}, "sdJwtCredentialClaimLocalesFrom");
-var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.lang && {
-      locale: credentialDisplay.lang
-    },
-    ...credentialDisplay.rendering?.simple?.logo && {
-      logo: {
-        ...credentialDisplay.rendering.simple.logo.uri && {
-          uri: credentialDisplay.rendering.simple.logo.uri
-        },
-        ...credentialDisplay.rendering.simple.logo.alt_text && {
-          alt: credentialDisplay.rendering.simple.logo.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.rendering?.simple?.text_color && {
-      text: {
-        color: credentialDisplay.rendering.simple.text_color
-      }
-    },
-    ...credentialDisplay.rendering?.simple?.background_color && {
-      background: {
-        color: credentialDisplay.rendering.simple.background_color
-      }
-    }
-  };
-}, "sdJwtCredentialLocaleBrandingFrom");
-var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...claimsMetadata.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = claimsMetadata.get(locale);
-    return {
-      ...display && await sdJwtCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "sdJwtCombineDisplayLocalesFrom");
-var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
-  return {
-    ...dynamicRegistrationClientMetadata?.client_name && {
-      alias: dynamicRegistrationClientMetadata.client_name
-    },
-    ...issuerDisplay.name && {
-      alias: issuerDisplay.name
-    },
-    ...issuerDisplay.locale && {
-      locale: issuerDisplay.locale
-    },
-    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
-      logo: {
-        ...dynamicRegistrationClientMetadata?.logo_uri && {
-          uri: dynamicRegistrationClientMetadata?.logo_uri
-        },
-        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
-          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
-        },
-        ...issuerDisplay.logo?.alt_text && {
-          alt: issuerDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...issuerDisplay.description && {
-      description: issuerDisplay.description
-    },
-    ...issuerDisplay.text_color && {
-      text: {
-        color: issuerDisplay.text_color
-      }
-    },
-    ...dynamicRegistrationClientMetadata?.client_uri && {
-      clientUri: dynamicRegistrationClientMetadata.client_uri
-    },
-    ...dynamicRegistrationClientMetadata?.tos_uri && {
-      tosUri: dynamicRegistrationClientMetadata.tos_uri
-    },
-    ...dynamicRegistrationClientMetadata?.policy_uri && {
-      policyUri: dynamicRegistrationClientMetadata.policy_uri
-    },
-    ...dynamicRegistrationClientMetadata?.contacts && {
-      contacts: dynamicRegistrationClientMetadata.contacts
-    }
-  };
-}, "issuerLocaleBrandingFrom");
 // src/machines/firstPartyMachine.ts
 var import_xstate2 = require("xstate");
 var import_oid4vci_common2 = require("@sphereon/oid4vci-common");
@@ -1528,96 +1270,357 @@ var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
     contact: opts.contact,
     selectedCredentials: []
   };
-  return (0, import_xstate2.createMachine)({
-    id: opts?.machineId ?? "FirstParty",
-    predictableActionArguments: true,
-    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    context: initialContext,
-    states: firstPartyMachineStates,
-    schema: {
-      events: {},
-      services: {}
+  return (0, import_xstate2.createMachine)({
+    id: opts?.machineId ?? "FirstParty",
+    predictableActionArguments: true,
+    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    context: initialContext,
+    states: firstPartyMachineStates,
+    schema: {
+      events: {},
+      services: {}
+    }
+  });
+}, "createFirstPartyActivationMachine");
+var FirstPartyMachine = class _FirstPartyMachine {
+  static {
+    __name(this, "FirstPartyMachine");
+  }
+  static _instance;
+  static hasInstance() {
+    return _FirstPartyMachine._instance !== void 0;
+  }
+  static get instance() {
+    if (!_FirstPartyMachine._instance) {
+      throw Error("Please initialize ESIMActivation machine first");
+    }
+    return _FirstPartyMachine._instance;
+  }
+  static clearInstance(opts) {
+    const { stop } = opts;
+    if (_FirstPartyMachine.hasInstance()) {
+      if (stop) {
+        _FirstPartyMachine.stopInstance();
+      }
+    }
+    _FirstPartyMachine._instance = void 0;
+  }
+  static stopInstance() {
+    if (!_FirstPartyMachine.hasInstance()) {
+      return;
+    }
+    _FirstPartyMachine.instance.stop();
+    _FirstPartyMachine._instance = void 0;
+  }
+  static newInstance(opts) {
+    const { agentContext } = opts;
+    const services = {
+      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
+      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
+      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
+      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
+    };
+    const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
+      services: {
+        ...services,
+        ...opts?.services
+      },
+      guards: {
+        ...opts?.guards
+      }
+    }));
+    if (typeof opts?.subscription === "function") {
+      newInst.onTransition(opts.subscription);
+    }
+    if (opts?.requireCustomNavigationHook !== true) {
+      newInst.onTransition((snapshot) => {
+        if (opts?.stateNavigationListener) {
+          void opts.stateNavigationListener(newInst, snapshot);
+        }
+      });
+    }
+    return newInst;
+  }
+  static getInstance(opts) {
+    if (!_FirstPartyMachine._instance) {
+      if (opts?.requireExisting === true) {
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+      }
+      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    }
+    return _FirstPartyMachine._instance;
+  }
+};
+// src/mappers/OIDC4VCIBrandingMapper.ts
+var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, issuerCredentialSubject } = args;
+  return oid4vciCombineDisplayLocalesFrom({
+    ...issuerCredentialSubject && {
+      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
+        issuerCredentialSubject
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
+    }
+  });
+}, "oid4vciGetCredentialBrandingFrom");
+var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return credentialDisplay.reduce((localeDisplays, display) => {
+    const localeKey = display.locale || "";
+    localeDisplays.set(localeKey, display);
+    return localeDisplays;
+  }, /* @__PURE__ */ new Map());
+}, "oid4vciCredentialDisplayLocalesFrom");
+var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerCredentialSubject } = args;
+  const localeClaims = /* @__PURE__ */ new Map();
+  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
+    Object.entries(claim).forEach(([key, value]) => {
+      if (key === "mandatory" || key === "value_type") {
+        return;
+      }
+      if (key === "display" && Array.isArray(value)) {
+        value.forEach(({ name, locale = "" }) => {
+          if (!name) {
+            return;
+          }
+          if (!localeClaims.has(locale)) {
+            localeClaims.set(locale, []);
+          }
+          localeClaims.get(locale).push({
+            key: parentKey,
+            name
+          });
+        });
+      } else if (typeof value === "object" && value !== null) {
+        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
+      }
+    });
+  }, "processClaimObject");
+  processClaimObject(issuerCredentialSubject);
+  return localeClaims;
+}, "oid4vciIssuerCredentialSubjectLocalesFrom");
+var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return {
+    ...credentialDisplay.name && {
+      alias: credentialDisplay.name
+    },
+    ...credentialDisplay.locale && {
+      locale: credentialDisplay.locale
+    },
+    ...credentialDisplay.logo && {
+      logo: {
+        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
+          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
+        },
+        ...credentialDisplay.logo.alt_text && {
+          alt: credentialDisplay.logo?.alt_text
+        }
+      }
+    },
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.text_color && {
+      text: {
+        color: credentialDisplay.text_color
+      }
+    },
+    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
+      background: {
+        ...credentialDisplay.background_image && {
+          image: {
+            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
+              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
+            },
+            ...credentialDisplay.background_image.alt_text && {
+              alt: credentialDisplay.background_image?.alt_text
+            }
+          }
+        },
+        ...credentialDisplay.background_color && {
+          color: credentialDisplay.background_color
+        }
+      }
+    }
+  };
+}, "oid4vciCredentialLocaleBrandingFrom");
+var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...issuerCredentialSubjectLocales.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = issuerCredentialSubjectLocales.get(locale);
+    return {
+      ...display && await oid4vciCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
+      },
+      claims
+    };
+  }));
+}, "oid4vciCombineDisplayLocalesFrom");
+var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, claimsMetadata } = args;
+  return sdJwtCombineDisplayLocalesFrom({
+    ...claimsMetadata && {
+      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
+        claimsMetadata
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
     }
   });
-}, "createFirstPartyActivationMachine");
-var FirstPartyMachine = class _FirstPartyMachine {
-  static {
-    __name(this, "FirstPartyMachine");
-  }
-  static _instance;
-  static hasInstance() {
-    return _FirstPartyMachine._instance !== void 0;
-  }
-  static get instance() {
-    if (!_FirstPartyMachine._instance) {
-      throw Error("Please initialize ESIMActivation machine first");
-    }
-    return _FirstPartyMachine._instance;
-  }
-  static clearInstance(opts) {
-    const { stop } = opts;
-    if (_FirstPartyMachine.hasInstance()) {
-      if (stop) {
-        _FirstPartyMachine.stopInstance();
+}, "sdJwtGetCredentialBrandingFrom");
+var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return credentialDisplay.reduce((localeDisplays, display) => {
+    const localeKey = display.lang || "";
+    localeDisplays.set(localeKey, display);
+    return localeDisplays;
+  }, /* @__PURE__ */ new Map());
+}, "sdJwtCredentialDisplayLocalesFrom");
+var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { claimsMetadata } = args;
+  const localeClaims = /* @__PURE__ */ new Map();
+  claimsMetadata.forEach((claim) => {
+    claim.display?.forEach((display) => {
+      const { lang = "", label } = display;
+      const key = claim.path.map((value) => String(value)).join(".");
+      if (!localeClaims.has(lang)) {
+        localeClaims.set(lang, []);
       }
-    }
-    _FirstPartyMachine._instance = void 0;
-  }
-  static stopInstance() {
-    if (!_FirstPartyMachine.hasInstance()) {
-      return;
-    }
-    _FirstPartyMachine.instance.stop();
-    _FirstPartyMachine._instance = void 0;
-  }
-  static newInstance(opts) {
-    const { agentContext } = opts;
-    const services = {
-      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
-      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
-      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
-      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
-    };
-    const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
-      services: {
-        ...services,
-        ...opts?.services
-      },
-      guards: {
-        ...opts?.guards
+      localeClaims.get(lang).push({
+        key,
+        name: label
+      });
+    });
+  });
+  return localeClaims;
+}, "sdJwtCredentialClaimLocalesFrom");
+var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return {
+    ...credentialDisplay.name && {
+      alias: credentialDisplay.name
+    },
+    ...credentialDisplay.lang && {
+      locale: credentialDisplay.lang
+    },
+    ...credentialDisplay.rendering?.simple?.logo && {
+      logo: {
+        ...credentialDisplay.rendering.simple.logo.uri && {
+          uri: credentialDisplay.rendering.simple.logo.uri
+        },
+        ...credentialDisplay.rendering.simple.logo.alt_text && {
+          alt: credentialDisplay.rendering.simple.logo.alt_text
+        }
+      }
+    },
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.rendering?.simple?.text_color && {
+      text: {
+        color: credentialDisplay.rendering.simple.text_color
+      }
+    },
+    ...credentialDisplay.rendering?.simple?.background_color && {
+      background: {
+        color: credentialDisplay.rendering.simple.background_color
       }
-    }));
-    if (typeof opts?.subscription === "function") {
-      newInst.onTransition(opts.subscription);
     }
-    if (opts?.requireCustomNavigationHook !== true) {
-      newInst.onTransition((snapshot) => {
-        if (opts?.stateNavigationListener) {
-          void opts.stateNavigationListener(newInst, snapshot);
+  };
+}, "sdJwtCredentialLocaleBrandingFrom");
+var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...claimsMetadata.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = claimsMetadata.get(locale);
+    return {
+      ...display && await sdJwtCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
+      },
+      claims
+    };
+  }));
+}, "sdJwtCombineDisplayLocalesFrom");
+var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
+  return {
+    ...dynamicRegistrationClientMetadata?.client_name && {
+      alias: dynamicRegistrationClientMetadata.client_name
+    },
+    ...issuerDisplay.name && {
+      alias: issuerDisplay.name
+    },
+    ...issuerDisplay.locale && {
+      locale: issuerDisplay.locale
+    },
+    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
+      logo: {
+        ...dynamicRegistrationClientMetadata?.logo_uri && {
+          uri: dynamicRegistrationClientMetadata?.logo_uri
+        },
+        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
+          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
+        },
+        ...issuerDisplay.logo?.alt_text && {
+          alt: issuerDisplay.logo?.alt_text
         }
-      });
-    }
-    return newInst;
-  }
-  static getInstance(opts) {
-    if (!_FirstPartyMachine._instance) {
-      if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
       }
-      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    },
+    ...issuerDisplay.description && {
+      description: issuerDisplay.description
+    },
+    ...issuerDisplay.text_color && {
+      text: {
+        color: issuerDisplay.text_color
+      }
+    },
+    ...dynamicRegistrationClientMetadata?.client_uri && {
+      clientUri: dynamicRegistrationClientMetadata.client_uri
+    },
+    ...dynamicRegistrationClientMetadata?.tos_uri && {
+      tosUri: dynamicRegistrationClientMetadata.tos_uri
+    },
+    ...dynamicRegistrationClientMetadata?.policy_uri && {
+      policyUri: dynamicRegistrationClientMetadata.policy_uri
+    },
+    ...dynamicRegistrationClientMetadata?.contacts && {
+      contacts: dynamicRegistrationClientMetadata.contacts
     }
-    return _FirstPartyMachine._instance;
-  }
-};
+  };
+}, "issuerLocaleBrandingFrom");
 // src/services/OID4VCIHolderService.ts
-var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
 var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
   const { credentialsSupported, context } = args;
   const credentialBranding = {};
   await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
     let sdJwtTypeMetadata;
-    if (credentialsConfigSupported.format === "vc+sd-jwt") {
+    if (credentialsConfigSupported.format === "dc+sd-jwt") {
       const vct = credentialsConfigSupported.vct;
       if (vct.startsWith("http")) {
         try {
@@ -1683,10 +1686,7 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
-  if (!credential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse);
   const wrappedVC = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
     hasher: hasher ?? import_ssi_sdk.defaultHasher
   });
@@ -1738,11 +1738,7 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 }, "verifyCredentialToAccept");
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
-  const credentialResponse = credentialToAccept.credentialResponse;
-  const verifiableCredential = credentialResponse.credential;
-  if (!verifiableCredential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse);
   const wrappedVerifiableCredential = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
     hasher
   });
@@ -1762,6 +1758,7 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     uniformVerifiableCredential = wrappedVerifiableCredential.credential;
   }
   const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : import_ssi_types.CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
+  const credentialResponse = credentialToAccept.credentialResponse;
   return {
     correlationId,
     credentialToAccept,
@@ -1773,6 +1770,18 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     }
   };
 }, "mapCredentialToAccept");
+var extractCredentialFromResponse = /* @__PURE__ */ __name((credentialResponse) => {
+  let credential;
+  if ("credential" in credentialResponse) {
+    credential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    credential = credentialResponse.credentials[0].credential;
+  }
+  if (!credential) {
+    throw new Error("No credential found in credential response");
+  }
+  return credential;
+}, "extractCredentialFromResponse");
 var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
   const { issuanceOpt, context } = args;
   const { identifier: identifierArg } = issuanceOpt;
@@ -1881,24 +1890,19 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
   }
   __name(createIdFromTypes, "createIdFromTypes");
   if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(false);
+    const allSupported2 = client.getCredentialsSupported(format);
     return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
   }
-  if (!types && !client.credentialOffer) {
-    return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
+  if (!client.credentialOffer) {
+    return Promise.reject(Error("openID4VCIClient has no credentialOffer"));
   }
-  if (!Array.isArray(format) && client.credentialOffer) {
-    if (client.version() > import_oid4vci_common3.OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
-      format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
-      if (format?.length === 0) {
-        format = void 0;
-      }
-    }
+  if (!types) {
+    return Promise.reject(Error("openID4VCIClient has no types"));
   }
   const offerSupported = (0, import_oid4vci_common3.getSupportedCredentials)({
-    types: types ? [
+    types: [
       types
-    ] : client.getCredentialOfferTypes(),
+    ],
     format,
     version: client.version(),
     issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
@@ -2073,7 +2077,8 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
-    case "vc+sd-jwt":
+    //case 'vc+sd-jwt':  FIXME re-enable for vcdm2
+    case "dc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
       if (supportedPreferences.length > 0) {
@@ -2142,7 +2147,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 // src/agent/OID4VCIHolder.ts
 var import_polyfill = require("cross-fetch/polyfill");
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2158,7 +2162,7 @@ var oid4vciHolderContextMethods = [
 ];
 var logger = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:holder");
 function signCallback(identifier, context, nonce) {
-  return async (jwt, kid) => {
+  return async (jwt, kid, noIssPayloadUpdate) => {
     let resolution = await context.agent.identifierManagedGet(identifier);
     const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
     if (!resolution.issuer && !jwt.payload.iss) {
@@ -2176,7 +2180,7 @@ function signCallback(identifier, context, nonce) {
     return (await context.agent.jwtCreateJwsCompactSignature({
       issuer: {
         ...resolution,
-        noIssPayloadUpdate: false
+        noIssPayloadUpdate: noIssPayloadUpdate ?? false
       },
       protectedHeader: header,
       payload
@@ -2211,6 +2215,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
   };
   vcFormatPreferences = [
+    "dc+sd-jwt",
     "vc+sd-jwt",
     "mso_mdoc",
     "jwt_vc_json",
@@ -2244,7 +2249,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   onIdentifierCreated;
   onVerifyEBSICredentialIssuer;
   constructor(options) {
-    const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk3.defaultHasher } = {
+    const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk2.defaultHasher } = {
       ...options
     };
     this.hasher = hasher;
@@ -2625,26 +2630,26 @@ var OID4VCIHolder = class _OID4VCIHolder {
       return Promise.reject(Error("Missing credential offers in context"));
     }
     let correlationId = credentialsToAccept[0].correlationId;
-    let identifierType = import_ssi_sdk2.CorrelationIdentifierType.DID;
+    let identifierType = import_ssi_sdk3.CorrelationIdentifierType.DID;
     if (!correlationId.toLowerCase().startsWith("did:")) {
-      identifierType = import_ssi_sdk2.CorrelationIdentifierType.URL;
+      identifierType = import_ssi_sdk3.CorrelationIdentifierType.URL;
       if (correlationId.startsWith("http")) {
         correlationId = new URL(correlationId).hostname;
       }
     }
     const identity = {
       alias: credentialsToAccept[0].correlationId,
-      origin: import_ssi_sdk2.IdentityOrigin.EXTERNAL,
+      origin: import_ssi_sdk3.IdentityOrigin.EXTERNAL,
       roles: [
-        import_ssi_sdk2.CredentialRole.ISSUER
+        import_ssi_sdk3.CredentialRole.ISSUER
       ],
       identifier: {
         type: identifierType,
         correlationId
       },
-      ...identifierType === import_ssi_sdk2.CorrelationIdentifierType.URL && {
+      ...identifierType === import_ssi_sdk3.CorrelationIdentifierType.URL && {
         connection: {
-          type: import_ssi_sdk2.ConnectionType.OPENID_CONNECT,
+          type: import_ssi_sdk3.ConnectionType.OPENID_CONNECT,
           config: {
             clientId: "138d7bf8-c930-4c6e-b928-97d3a4928b01",
             clientSecret: "03b3955f-d020-4f2a-8a27-4e452d4e27a0",
@@ -2671,7 +2676,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   }
   async oid4vciHolderGetIssuerBranding(args, context) {
     const { serverMetadata, contact } = args;
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     if (issuerCorrelationId) {
       const branding = await context.agent.ibGetIssuerBranding({
         filter: [
@@ -2701,7 +2706,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (!contact) {
       return Promise.reject(Error("Missing contact in context"));
     }
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     const branding = await context.agent.ibGetIssuerBranding({
       filter: [
         {
@@ -2797,9 +2802,9 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
+        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse);
         const wrappedIssuerVC = import_ssi_types2.CredentialMapper.toWrappedVerifiableCredential(issuerVC, {
-          hasher: this.hasher ?? import_ssi_sdk3.defaultHasher
+          hasher: this.hasher ?? import_ssi_sdk2.defaultHasher
         });
         console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
         let issuer;
@@ -2900,11 +2905,11 @@ var OID4VCIHolder = class _OID4VCIHolder {
       const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
       const persistedCredential = await context.agent.crsAddCredential({
         credential: {
-          rawDocument: (0, import_ssi_sdk2.ensureRawDocument)(persistCredential),
+          rawDocument: (0, import_ssi_sdk3.ensureRawDocument)(persistCredential),
           kmsKeyRef,
           identifierMethod: method,
-          credentialRole: import_ssi_sdk2.CredentialRole.HOLDER,
-          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk2.CredentialCorrelationType.DID : import_ssi_sdk2.CredentialCorrelationType.URL,
+          credentialRole: import_ssi_sdk3.CredentialRole.HOLDER,
+          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk3.CredentialCorrelationType.DID : import_ssi_sdk3.CredentialCorrelationType.URL,
           issuerCorrelationId: issuer,
           subjectCorrelationType,
           subjectCorrelationId
@@ -2972,12 +2977,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "did":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierDidResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             identifier.did
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             typeof identifier.identifier === "string" ? identifier.identifier : identifier.identifier.did
           ];
         }
@@ -2985,12 +2990,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "kid":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierKidResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.kid
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.identifier
           ];
         }
@@ -2998,19 +3003,19 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "x5c":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierX5cResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.x5c.join("\r\n")
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierX5cOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.identifier.join("\r\n")
           ];
         }
         break;
     }
     return [
-      import_ssi_sdk2.CredentialCorrelationType.URL,
+      import_ssi_sdk3.CredentialCorrelationType.URL,
       issuer
     ];
   }