@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.DIIPv4.77 → 0.34.1-feature.IDK.11.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +435 -440
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +6 -9
  4. package/dist/index.d.ts +6 -9
  5. package/dist/index.js +530 -535
  6. package/dist/index.js.map +1 -1
  7. package/package.json +24 -25
  8. package/src/agent/OID4VCIHolder.ts +22 -23
  9. package/src/services/OID4VCIHolderService.ts +44 -45
  10. package/src/types/FirstPartyMachine.ts +5 -6
  11. package/src/types/IOID4VCIHolder.ts +1 -3
package/dist/index.cjs CHANGED
@@ -100,7 +100,6 @@ __export(index_exports, {
100
100
  RequestType: () => RequestType,
101
101
  SupportedLanguage: () => SupportedLanguage,
102
102
  createConfig: () => createConfig,
103
- extractCredentialFromResponse: () => extractCredentialFromResponse,
104
103
  getBasicIssuerLocaleBranding: () => getBasicIssuerLocaleBranding,
105
104
  getCredentialBranding: () => getCredentialBranding,
106
105
  getCredentialConfigsBasedOnFormatPref: () => getCredentialConfigsBasedOnFormatPref,
@@ -140,8 +139,7 @@ var import_oid4vci_common4 = require("@sphereon/oid4vci-common");
140
139
  var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.did-utils");
141
140
  var import_ssi_sdk_ext6 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
142
141
  var import_ssi_sdk_ext7 = require("@sphereon/ssi-sdk-ext.key-utils");
143
- var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
144
- var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store");
142
+ var import_ssi_sdk2 = require("@sphereon/ssi-sdk.data-store");
145
143
  var import_ssi_types2 = require("@sphereon/ssi-types");
146
144
  var import_utils2 = require("@veramo/utils");
147
145
  var import_did_jwt = require("did-jwt");
@@ -156,18 +154,18 @@ var import_i18n_js = __toESM(require("i18n-js"), 1);
156
154
  var import_lodash = __toESM(require("lodash.memoize"), 1);
157
155
 
158
156
  // src/types/IOID4VCIHolder.ts
159
- var OID4VCIHolderEvent = /* @__PURE__ */ function(OID4VCIHolderEvent2) {
157
+ var OID4VCIHolderEvent = /* @__PURE__ */ (function(OID4VCIHolderEvent2) {
160
158
  OID4VCIHolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
161
159
  OID4VCIHolderEvent2["CREDENTIAL_STORED"] = "credential_stored";
162
160
  OID4VCIHolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
163
161
  return OID4VCIHolderEvent2;
164
- }({});
165
- var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
162
+ })({});
163
+ var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
166
164
  SupportedLanguage2["ENGLISH"] = "en";
167
165
  SupportedLanguage2["DUTCH"] = "nl";
168
166
  return SupportedLanguage2;
169
- }({});
170
- var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
167
+ })({});
168
+ var OID4VCIMachineStates = /* @__PURE__ */ (function(OID4VCIMachineStates2) {
171
169
  OID4VCIMachineStates2["start"] = "start";
172
170
  OID4VCIMachineStates2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
173
171
  OID4VCIMachineStates2["getContact"] = "getContact";
@@ -198,18 +196,18 @@ var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
198
196
  OID4VCIMachineStates2["error"] = "error";
199
197
  OID4VCIMachineStates2["done"] = "done";
200
198
  return OID4VCIMachineStates2;
201
- }({});
202
- var OID4VCIMachineAddContactStates = /* @__PURE__ */ function(OID4VCIMachineAddContactStates2) {
199
+ })({});
200
+ var OID4VCIMachineAddContactStates = /* @__PURE__ */ (function(OID4VCIMachineAddContactStates2) {
203
201
  OID4VCIMachineAddContactStates2["idle"] = "idle";
204
202
  OID4VCIMachineAddContactStates2["next"] = "next";
205
203
  return OID4VCIMachineAddContactStates2;
206
- }({});
207
- var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ function(OID4VCIMachineVerifyPinStates2) {
204
+ })({});
205
+ var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ (function(OID4VCIMachineVerifyPinStates2) {
208
206
  OID4VCIMachineVerifyPinStates2["idle"] = "idle";
209
207
  OID4VCIMachineVerifyPinStates2["next"] = "next";
210
208
  return OID4VCIMachineVerifyPinStates2;
211
- }({});
212
- var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
209
+ })({});
210
+ var OID4VCIMachineEvents = /* @__PURE__ */ (function(OID4VCIMachineEvents2) {
213
211
  OID4VCIMachineEvents2["NEXT"] = "NEXT";
214
212
  OID4VCIMachineEvents2["PREVIOUS"] = "PREVIOUS";
215
213
  OID4VCIMachineEvents2["DECLINE"] = "DECLINE";
@@ -222,15 +220,14 @@ var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
222
220
  OID4VCIMachineEvents2["INVOKED_AUTHORIZATION_CODE_REQUEST"] = "INVOKED_AUTHORIZATION_CODE_REQUEST";
223
221
  OID4VCIMachineEvents2["PROVIDE_AUTHORIZATION_CODE_RESPONSE"] = "PROVIDE_AUTHORIZATION_CODE_RESPONSE";
224
222
  return OID4VCIMachineEvents2;
225
- }({});
226
- var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
223
+ })({});
224
+ var OID4VCIMachineGuards = /* @__PURE__ */ (function(OID4VCIMachineGuards2) {
227
225
  OID4VCIMachineGuards2["hasContactGuard"] = "oid4vciHasContactGuard";
228
226
  OID4VCIMachineGuards2["hasNoContactGuard"] = "oid4vciHasNoContactGuard";
229
227
  OID4VCIMachineGuards2["credentialsToSelectRequiredGuard"] = "oid4vciCredentialsToSelectRequiredGuard";
230
228
  OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
231
229
  OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
232
230
  OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
233
- OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
234
231
  OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
235
232
  OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
236
233
  OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -240,8 +237,8 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
240
237
  OID4VCIMachineGuards2["contactHasLowTrustGuard"] = "oid4vciContactHasLowTrustGuard";
241
238
  OID4VCIMachineGuards2["isFirstPartyApplication"] = "oid4vciIsFirstPartyApplication";
242
239
  return OID4VCIMachineGuards2;
243
- }({});
244
- var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
240
+ })({});
241
+ var OID4VCIMachineServices = /* @__PURE__ */ (function(OID4VCIMachineServices2) {
245
242
  OID4VCIMachineServices2["start"] = "start";
246
243
  OID4VCIMachineServices2["getContact"] = "getContact";
247
244
  OID4VCIMachineServices2["getFederationTrust"] = "getFederationTrust";
@@ -256,17 +253,17 @@ var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
256
253
  OID4VCIMachineServices2["storeCredentials"] = "storeCredentials";
257
254
  OID4VCIMachineServices2["startFirstPartApplicationFlow"] = "startFirstPartApplicationFlow";
258
255
  return OID4VCIMachineServices2;
259
- }({});
260
- var RequestType = /* @__PURE__ */ function(RequestType2) {
256
+ })({});
257
+ var RequestType = /* @__PURE__ */ (function(RequestType2) {
261
258
  RequestType2["OPENID_INITIATE_ISSUANCE"] = "openid-initiate-issuance";
262
259
  RequestType2["OPENID_CREDENTIAL_OFFER"] = "openid-credential-offer";
263
260
  RequestType2["URL"] = "URL";
264
261
  return RequestType2;
265
- }({});
266
- var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
262
+ })({});
263
+ var IdentifierAliasEnum = /* @__PURE__ */ (function(IdentifierAliasEnum2) {
267
264
  IdentifierAliasEnum2["PRIMARY"] = "primary";
268
265
  return IdentifierAliasEnum2;
269
- }({});
266
+ })({});
270
267
 
271
268
  // src/localization/Localization.ts
272
269
  var Localization = class Localization2 {
@@ -308,7 +305,7 @@ var Localization = class Localization2 {
308
305
  var translate = Localization.translate;
309
306
 
310
307
  // src/types/FirstPartyMachine.ts
311
- var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStateTypes2) {
308
+ var FirstPartyMachineStateTypes = /* @__PURE__ */ (function(FirstPartyMachineStateTypes2) {
312
309
  FirstPartyMachineStateTypes2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
313
310
  FirstPartyMachineStateTypes2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
314
311
  FirstPartyMachineStateTypes2["selectCredentials"] = "selectCredentials";
@@ -319,21 +316,21 @@ var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStat
319
316
  FirstPartyMachineStateTypes2["aborted"] = "aborted";
320
317
  FirstPartyMachineStateTypes2["declined"] = "declined";
321
318
  return FirstPartyMachineStateTypes2;
322
- }({});
323
- var FirstPartyMachineServices = /* @__PURE__ */ function(FirstPartyMachineServices2) {
319
+ })({});
320
+ var FirstPartyMachineServices = /* @__PURE__ */ (function(FirstPartyMachineServices2) {
324
321
  FirstPartyMachineServices2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
325
322
  FirstPartyMachineServices2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
326
323
  FirstPartyMachineServices2["createConfig"] = "createConfig";
327
324
  FirstPartyMachineServices2["getSiopRequest"] = "getSiopRequest";
328
325
  return FirstPartyMachineServices2;
329
- }({});
330
- var FirstPartyMachineEvents = /* @__PURE__ */ function(FirstPartyMachineEvents2) {
326
+ })({});
327
+ var FirstPartyMachineEvents = /* @__PURE__ */ (function(FirstPartyMachineEvents2) {
331
328
  FirstPartyMachineEvents2["NEXT"] = "NEXT";
332
329
  FirstPartyMachineEvents2["PREVIOUS"] = "PREVIOUS";
333
330
  FirstPartyMachineEvents2["DECLINE"] = "DECLINE";
334
331
  FirstPartyMachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
335
332
  return FirstPartyMachineEvents2;
336
- }({});
333
+ })({});
337
334
 
338
335
  // src/machines/oid4vciMachine.ts
339
336
  var oid4vciHasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
@@ -1063,295 +1060,9 @@ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-resolver-jwk");
1063
1060
  var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.did-utils");
1064
1061
  var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
1065
1062
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.key-utils");
1066
- var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
1067
1063
  var import_ssi_types = require("@sphereon/ssi-types");
1068
1064
  var import_utils = require("@veramo/utils");
1069
1065
 
1070
- // src/machines/firstPartyMachine.ts
1071
- var import_xstate2 = require("xstate");
1072
- var import_oid4vci_common2 = require("@sphereon/oid4vci-common");
1073
-
1074
- // src/services/FirstPartyMachineServices.ts
1075
- var import_oid4vci_client = require("@sphereon/oid4vci-client");
1076
- var import_uuid = require("uuid");
1077
- var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
1078
- const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
1079
- const oid4vciClient = await import_oid4vci_client.OpenID4VCIClient.fromState({
1080
- state: openID4VCIClientState
1081
- });
1082
- return oid4vciClient.acquireAuthorizationChallengeCode({
1083
- clientId: oid4vciClient.clientId ?? (0, import_uuid.v4)(),
1084
- ...authSession && {
1085
- authSession
1086
- },
1087
- ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
1088
- issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
1089
- },
1090
- ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
1091
- issuerState: openID4VCIClientState.credentialOffer?.issuerState
1092
- },
1093
- ...presentationDuringIssuanceSession && {
1094
- presentationDuringIssuanceSession
1095
- }
1096
- });
1097
- }, "sendAuthorizationChallengeRequest");
1098
- var createConfig = /* @__PURE__ */ __name(async (args, context) => {
1099
- const { presentationUri } = args;
1100
- if (!presentationUri) {
1101
- return Promise.reject(Error("Missing presentation uri in context"));
1102
- }
1103
- return context.agent.siopCreateConfig({
1104
- url: presentationUri
1105
- });
1106
- }, "createConfig");
1107
- var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
1108
- const { didAuthConfig, presentationUri } = args;
1109
- if (presentationUri === void 0) {
1110
- return Promise.reject(Error("Missing presentation uri in context"));
1111
- }
1112
- if (didAuthConfig === void 0) {
1113
- return Promise.reject(Error("Missing did auth config in context"));
1114
- }
1115
- return context.agent.siopGetSiopRequest({
1116
- didAuthConfig,
1117
- url: presentationUri
1118
- });
1119
- }, "getSiopRequest");
1120
- var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
1121
- const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
1122
- const responseData = await context.agent.siopSendResponse({
1123
- authorizationRequestData,
1124
- selectedCredentials,
1125
- didAuthConfig,
1126
- isFirstParty: true
1127
- });
1128
- return responseData.body.presentation_during_issuance_session;
1129
- }, "sendAuthorizationResponse");
1130
-
1131
- // src/machines/firstPartyMachine.ts
1132
- var firstPartyMachineStates = {
1133
- [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
1134
- id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1135
- invoke: {
1136
- src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
1137
- onDone: {
1138
- target: FirstPartyMachineStateTypes.done,
1139
- actions: (0, import_xstate2.assign)({
1140
- authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
1141
- })
1142
- },
1143
- onError: [
1144
- {
1145
- target: FirstPartyMachineStateTypes.createConfig,
1146
- cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === import_oid4vci_common2.AuthorizationChallengeError.insufficient_authorization, "cond"),
1147
- actions: (0, import_xstate2.assign)({
1148
- authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
1149
- presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
1150
- })
1151
- },
1152
- {
1153
- target: FirstPartyMachineStateTypes.error,
1154
- actions: (0, import_xstate2.assign)({
1155
- error: /* @__PURE__ */ __name((_ctx, _event) => ({
1156
- title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
1157
- message: _event.data.message,
1158
- stack: _event.data.stack
1159
- }), "error")
1160
- })
1161
- }
1162
- ]
1163
- }
1164
- },
1165
- [FirstPartyMachineStateTypes.createConfig]: {
1166
- id: FirstPartyMachineStateTypes.createConfig,
1167
- invoke: {
1168
- src: FirstPartyMachineServices.createConfig,
1169
- onDone: {
1170
- target: FirstPartyMachineStateTypes.getSiopRequest,
1171
- actions: (0, import_xstate2.assign)({
1172
- didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
1173
- })
1174
- },
1175
- onError: {
1176
- target: FirstPartyMachineStateTypes.error,
1177
- actions: (0, import_xstate2.assign)({
1178
- error: /* @__PURE__ */ __name((_ctx, _event) => ({
1179
- title: translate("oid4vci_machine_create_config_error_title"),
1180
- message: _event.data.message,
1181
- stack: _event.data.stack
1182
- }), "error")
1183
- })
1184
- }
1185
- }
1186
- },
1187
- [FirstPartyMachineStateTypes.getSiopRequest]: {
1188
- id: FirstPartyMachineStateTypes.getSiopRequest,
1189
- invoke: {
1190
- src: FirstPartyMachineServices.getSiopRequest,
1191
- onDone: {
1192
- target: FirstPartyMachineStateTypes.selectCredentials,
1193
- actions: (0, import_xstate2.assign)({
1194
- authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
1195
- })
1196
- },
1197
- onError: {
1198
- target: FirstPartyMachineStateTypes.error,
1199
- actions: (0, import_xstate2.assign)({
1200
- error: /* @__PURE__ */ __name((_ctx, _event) => ({
1201
- title: translate("siopV2_machine_get_request_error_title"),
1202
- message: _event.data.message,
1203
- stack: _event.data.stack
1204
- }), "error")
1205
- })
1206
- }
1207
- }
1208
- },
1209
- [FirstPartyMachineStateTypes.selectCredentials]: {
1210
- id: FirstPartyMachineStateTypes.selectCredentials,
1211
- on: {
1212
- [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
1213
- actions: (0, import_xstate2.assign)({
1214
- selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
1215
- })
1216
- },
1217
- [FirstPartyMachineEvents.NEXT]: {
1218
- target: FirstPartyMachineStateTypes.sendAuthorizationResponse
1219
- },
1220
- [FirstPartyMachineEvents.DECLINE]: {
1221
- target: FirstPartyMachineStateTypes.declined
1222
- },
1223
- [FirstPartyMachineEvents.PREVIOUS]: {
1224
- target: FirstPartyMachineStateTypes.aborted
1225
- }
1226
- }
1227
- },
1228
- [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
1229
- id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
1230
- invoke: {
1231
- src: FirstPartyMachineServices.sendAuthorizationResponse,
1232
- onDone: {
1233
- target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1234
- actions: (0, import_xstate2.assign)({
1235
- presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
1236
- })
1237
- },
1238
- onError: {
1239
- target: FirstPartyMachineStateTypes.error,
1240
- actions: (0, import_xstate2.assign)({
1241
- error: /* @__PURE__ */ __name((_ctx, _event) => ({
1242
- title: translate("oid4vci_machine_get_request_error_title"),
1243
- message: _event.data.message,
1244
- stack: _event.data.stack
1245
- }), "error")
1246
- })
1247
- }
1248
- }
1249
- },
1250
- [FirstPartyMachineStateTypes.aborted]: {
1251
- id: FirstPartyMachineStateTypes.aborted,
1252
- type: "final"
1253
- },
1254
- [FirstPartyMachineStateTypes.declined]: {
1255
- id: FirstPartyMachineStateTypes.declined,
1256
- type: "final"
1257
- },
1258
- [FirstPartyMachineStateTypes.error]: {
1259
- id: FirstPartyMachineStateTypes.error,
1260
- type: "final"
1261
- },
1262
- [FirstPartyMachineStateTypes.done]: {
1263
- id: FirstPartyMachineStateTypes.done,
1264
- type: "final"
1265
- }
1266
- };
1267
- var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
1268
- const initialContext = {
1269
- openID4VCIClientState: opts.openID4VCIClientState,
1270
- contact: opts.contact,
1271
- selectedCredentials: []
1272
- };
1273
- return (0, import_xstate2.createMachine)({
1274
- id: opts?.machineId ?? "FirstParty",
1275
- predictableActionArguments: true,
1276
- initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1277
- context: initialContext,
1278
- states: firstPartyMachineStates,
1279
- schema: {
1280
- events: {},
1281
- services: {}
1282
- }
1283
- });
1284
- }, "createFirstPartyActivationMachine");
1285
- var FirstPartyMachine = class _FirstPartyMachine {
1286
- static {
1287
- __name(this, "FirstPartyMachine");
1288
- }
1289
- static _instance;
1290
- static hasInstance() {
1291
- return _FirstPartyMachine._instance !== void 0;
1292
- }
1293
- static get instance() {
1294
- if (!_FirstPartyMachine._instance) {
1295
- throw Error("Please initialize ESIMActivation machine first");
1296
- }
1297
- return _FirstPartyMachine._instance;
1298
- }
1299
- static clearInstance(opts) {
1300
- const { stop } = opts;
1301
- if (_FirstPartyMachine.hasInstance()) {
1302
- if (stop) {
1303
- _FirstPartyMachine.stopInstance();
1304
- }
1305
- }
1306
- _FirstPartyMachine._instance = void 0;
1307
- }
1308
- static stopInstance() {
1309
- if (!_FirstPartyMachine.hasInstance()) {
1310
- return;
1311
- }
1312
- _FirstPartyMachine.instance.stop();
1313
- _FirstPartyMachine._instance = void 0;
1314
- }
1315
- static newInstance(opts) {
1316
- const { agentContext } = opts;
1317
- const services = {
1318
- [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
1319
- [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
1320
- [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
1321
- [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
1322
- };
1323
- const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
1324
- services: {
1325
- ...services,
1326
- ...opts?.services
1327
- },
1328
- guards: {
1329
- ...opts?.guards
1330
- }
1331
- }));
1332
- if (typeof opts?.subscription === "function") {
1333
- newInst.onTransition(opts.subscription);
1334
- }
1335
- if (opts?.requireCustomNavigationHook !== true) {
1336
- newInst.onTransition((snapshot) => {
1337
- if (opts?.stateNavigationListener) {
1338
- void opts.stateNavigationListener(newInst, snapshot);
1339
- }
1340
- });
1341
- }
1342
- return newInst;
1343
- }
1344
- static getInstance(opts) {
1345
- if (!_FirstPartyMachine._instance) {
1346
- if (opts?.requireExisting === true) {
1347
- throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
1348
- }
1349
- _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
1350
- }
1351
- return _FirstPartyMachine._instance;
1352
- }
1353
- };
1354
-
1355
1066
  // src/mappers/OIDC4VCIBrandingMapper.ts
1356
1067
  var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
1357
1068
  const { credentialDisplay, issuerCredentialSubject } = args;
@@ -1530,97 +1241,383 @@ var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
1530
1241
  alt: credentialDisplay.rendering.simple.logo.alt_text
1531
1242
  }
1532
1243
  }
1533
- },
1534
- ...credentialDisplay.description && {
1535
- description: credentialDisplay.description
1536
- },
1537
- ...credentialDisplay.rendering?.simple?.text_color && {
1538
- text: {
1539
- color: credentialDisplay.rendering.simple.text_color
1244
+ },
1245
+ ...credentialDisplay.description && {
1246
+ description: credentialDisplay.description
1247
+ },
1248
+ ...credentialDisplay.rendering?.simple?.text_color && {
1249
+ text: {
1250
+ color: credentialDisplay.rendering.simple.text_color
1251
+ }
1252
+ },
1253
+ ...credentialDisplay.rendering?.simple?.background_color && {
1254
+ background: {
1255
+ color: credentialDisplay.rendering.simple.background_color
1256
+ }
1257
+ }
1258
+ };
1259
+ }, "sdJwtCredentialLocaleBrandingFrom");
1260
+ var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
1261
+ const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
1262
+ const locales = Array.from(/* @__PURE__ */ new Set([
1263
+ ...claimsMetadata.keys(),
1264
+ ...credentialDisplayLocales.keys()
1265
+ ]));
1266
+ return Promise.all(locales.map(async (locale) => {
1267
+ const display = credentialDisplayLocales.get(locale);
1268
+ const claims = claimsMetadata.get(locale);
1269
+ return {
1270
+ ...display && await sdJwtCredentialLocaleBrandingFrom({
1271
+ credentialDisplay: display
1272
+ }),
1273
+ ...locale.length > 0 && {
1274
+ locale
1275
+ },
1276
+ claims
1277
+ };
1278
+ }));
1279
+ }, "sdJwtCombineDisplayLocalesFrom");
1280
+ var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
1281
+ const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
1282
+ return {
1283
+ ...dynamicRegistrationClientMetadata?.client_name && {
1284
+ alias: dynamicRegistrationClientMetadata.client_name
1285
+ },
1286
+ ...issuerDisplay.name && {
1287
+ alias: issuerDisplay.name
1288
+ },
1289
+ ...issuerDisplay.locale && {
1290
+ locale: issuerDisplay.locale
1291
+ },
1292
+ ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
1293
+ logo: {
1294
+ ...dynamicRegistrationClientMetadata?.logo_uri && {
1295
+ uri: dynamicRegistrationClientMetadata?.logo_uri
1296
+ },
1297
+ ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
1298
+ uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
1299
+ },
1300
+ ...issuerDisplay.logo?.alt_text && {
1301
+ alt: issuerDisplay.logo?.alt_text
1302
+ }
1303
+ }
1304
+ },
1305
+ ...issuerDisplay.description && {
1306
+ description: issuerDisplay.description
1307
+ },
1308
+ ...issuerDisplay.text_color && {
1309
+ text: {
1310
+ color: issuerDisplay.text_color
1311
+ }
1312
+ },
1313
+ ...dynamicRegistrationClientMetadata?.client_uri && {
1314
+ clientUri: dynamicRegistrationClientMetadata.client_uri
1315
+ },
1316
+ ...dynamicRegistrationClientMetadata?.tos_uri && {
1317
+ tosUri: dynamicRegistrationClientMetadata.tos_uri
1318
+ },
1319
+ ...dynamicRegistrationClientMetadata?.policy_uri && {
1320
+ policyUri: dynamicRegistrationClientMetadata.policy_uri
1321
+ },
1322
+ ...dynamicRegistrationClientMetadata?.contacts && {
1323
+ contacts: dynamicRegistrationClientMetadata.contacts
1324
+ }
1325
+ };
1326
+ }, "issuerLocaleBrandingFrom");
1327
+
1328
+ // src/machines/firstPartyMachine.ts
1329
+ var import_xstate2 = require("xstate");
1330
+ var import_oid4vci_common2 = require("@sphereon/oid4vci-common");
1331
+
1332
+ // src/services/FirstPartyMachineServices.ts
1333
+ var import_oid4vci_client = require("@sphereon/oid4vci-client");
1334
+ var import_uuid = require("uuid");
1335
+ var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
1336
+ const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
1337
+ const oid4vciClient = await import_oid4vci_client.OpenID4VCIClient.fromState({
1338
+ state: openID4VCIClientState
1339
+ });
1340
+ return oid4vciClient.acquireAuthorizationChallengeCode({
1341
+ clientId: oid4vciClient.clientId ?? (0, import_uuid.v4)(),
1342
+ ...authSession && {
1343
+ authSession
1344
+ },
1345
+ ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
1346
+ issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
1347
+ },
1348
+ ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
1349
+ issuerState: openID4VCIClientState.credentialOffer?.issuerState
1350
+ },
1351
+ ...presentationDuringIssuanceSession && {
1352
+ presentationDuringIssuanceSession
1353
+ }
1354
+ });
1355
+ }, "sendAuthorizationChallengeRequest");
1356
+ var createConfig = /* @__PURE__ */ __name(async (args, context) => {
1357
+ const { presentationUri } = args;
1358
+ if (!presentationUri) {
1359
+ return Promise.reject(Error("Missing presentation uri in context"));
1360
+ }
1361
+ return context.agent.siopCreateConfig({
1362
+ url: presentationUri
1363
+ });
1364
+ }, "createConfig");
1365
+ var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
1366
+ const { didAuthConfig, presentationUri } = args;
1367
+ if (presentationUri === void 0) {
1368
+ return Promise.reject(Error("Missing presentation uri in context"));
1369
+ }
1370
+ if (didAuthConfig === void 0) {
1371
+ return Promise.reject(Error("Missing did auth config in context"));
1372
+ }
1373
+ return context.agent.siopGetSiopRequest({
1374
+ didAuthConfig,
1375
+ url: presentationUri
1376
+ });
1377
+ }, "getSiopRequest");
1378
+ var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
1379
+ const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
1380
+ const responseData = await context.agent.siopSendResponse({
1381
+ authorizationRequestData,
1382
+ selectedCredentials,
1383
+ didAuthConfig,
1384
+ isFirstParty: true
1385
+ });
1386
+ return responseData.body.presentation_during_issuance_session;
1387
+ }, "sendAuthorizationResponse");
1388
+
1389
+ // src/machines/firstPartyMachine.ts
1390
+ var firstPartyMachineStates = {
1391
+ [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
1392
+ id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1393
+ invoke: {
1394
+ src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
1395
+ onDone: {
1396
+ target: FirstPartyMachineStateTypes.done,
1397
+ actions: (0, import_xstate2.assign)({
1398
+ authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
1399
+ })
1400
+ },
1401
+ onError: [
1402
+ {
1403
+ target: FirstPartyMachineStateTypes.createConfig,
1404
+ cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === import_oid4vci_common2.AuthorizationChallengeError.insufficient_authorization, "cond"),
1405
+ actions: (0, import_xstate2.assign)({
1406
+ authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
1407
+ presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
1408
+ })
1409
+ },
1410
+ {
1411
+ target: FirstPartyMachineStateTypes.error,
1412
+ actions: (0, import_xstate2.assign)({
1413
+ error: /* @__PURE__ */ __name((_ctx, _event) => ({
1414
+ title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
1415
+ message: _event.data.message,
1416
+ stack: _event.data.stack
1417
+ }), "error")
1418
+ })
1419
+ }
1420
+ ]
1421
+ }
1422
+ },
1423
+ [FirstPartyMachineStateTypes.createConfig]: {
1424
+ id: FirstPartyMachineStateTypes.createConfig,
1425
+ invoke: {
1426
+ src: FirstPartyMachineServices.createConfig,
1427
+ onDone: {
1428
+ target: FirstPartyMachineStateTypes.getSiopRequest,
1429
+ actions: (0, import_xstate2.assign)({
1430
+ didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
1431
+ })
1432
+ },
1433
+ onError: {
1434
+ target: FirstPartyMachineStateTypes.error,
1435
+ actions: (0, import_xstate2.assign)({
1436
+ error: /* @__PURE__ */ __name((_ctx, _event) => ({
1437
+ title: translate("oid4vci_machine_create_config_error_title"),
1438
+ message: _event.data.message,
1439
+ stack: _event.data.stack
1440
+ }), "error")
1441
+ })
1442
+ }
1443
+ }
1444
+ },
1445
+ [FirstPartyMachineStateTypes.getSiopRequest]: {
1446
+ id: FirstPartyMachineStateTypes.getSiopRequest,
1447
+ invoke: {
1448
+ src: FirstPartyMachineServices.getSiopRequest,
1449
+ onDone: {
1450
+ target: FirstPartyMachineStateTypes.selectCredentials,
1451
+ actions: (0, import_xstate2.assign)({
1452
+ authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
1453
+ })
1454
+ },
1455
+ onError: {
1456
+ target: FirstPartyMachineStateTypes.error,
1457
+ actions: (0, import_xstate2.assign)({
1458
+ error: /* @__PURE__ */ __name((_ctx, _event) => ({
1459
+ title: translate("siopV2_machine_get_request_error_title"),
1460
+ message: _event.data.message,
1461
+ stack: _event.data.stack
1462
+ }), "error")
1463
+ })
1540
1464
  }
1541
- },
1542
- ...credentialDisplay.rendering?.simple?.background_color && {
1543
- background: {
1544
- color: credentialDisplay.rendering.simple.background_color
1465
+ }
1466
+ },
1467
+ [FirstPartyMachineStateTypes.selectCredentials]: {
1468
+ id: FirstPartyMachineStateTypes.selectCredentials,
1469
+ on: {
1470
+ [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
1471
+ actions: (0, import_xstate2.assign)({
1472
+ selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
1473
+ })
1474
+ },
1475
+ [FirstPartyMachineEvents.NEXT]: {
1476
+ target: FirstPartyMachineStateTypes.sendAuthorizationResponse
1477
+ },
1478
+ [FirstPartyMachineEvents.DECLINE]: {
1479
+ target: FirstPartyMachineStateTypes.declined
1480
+ },
1481
+ [FirstPartyMachineEvents.PREVIOUS]: {
1482
+ target: FirstPartyMachineStateTypes.aborted
1545
1483
  }
1546
1484
  }
1547
- };
1548
- }, "sdJwtCredentialLocaleBrandingFrom");
1549
- var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
1550
- const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
1551
- const locales = Array.from(/* @__PURE__ */ new Set([
1552
- ...claimsMetadata.keys(),
1553
- ...credentialDisplayLocales.keys()
1554
- ]));
1555
- return Promise.all(locales.map(async (locale) => {
1556
- const display = credentialDisplayLocales.get(locale);
1557
- const claims = claimsMetadata.get(locale);
1558
- return {
1559
- ...display && await sdJwtCredentialLocaleBrandingFrom({
1560
- credentialDisplay: display
1561
- }),
1562
- ...locale.length > 0 && {
1563
- locale
1485
+ },
1486
+ [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
1487
+ id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
1488
+ invoke: {
1489
+ src: FirstPartyMachineServices.sendAuthorizationResponse,
1490
+ onDone: {
1491
+ target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1492
+ actions: (0, import_xstate2.assign)({
1493
+ presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
1494
+ })
1564
1495
  },
1565
- claims
1496
+ onError: {
1497
+ target: FirstPartyMachineStateTypes.error,
1498
+ actions: (0, import_xstate2.assign)({
1499
+ error: /* @__PURE__ */ __name((_ctx, _event) => ({
1500
+ title: translate("oid4vci_machine_get_request_error_title"),
1501
+ message: _event.data.message,
1502
+ stack: _event.data.stack
1503
+ }), "error")
1504
+ })
1505
+ }
1506
+ }
1507
+ },
1508
+ [FirstPartyMachineStateTypes.aborted]: {
1509
+ id: FirstPartyMachineStateTypes.aborted,
1510
+ type: "final"
1511
+ },
1512
+ [FirstPartyMachineStateTypes.declined]: {
1513
+ id: FirstPartyMachineStateTypes.declined,
1514
+ type: "final"
1515
+ },
1516
+ [FirstPartyMachineStateTypes.error]: {
1517
+ id: FirstPartyMachineStateTypes.error,
1518
+ type: "final"
1519
+ },
1520
+ [FirstPartyMachineStateTypes.done]: {
1521
+ id: FirstPartyMachineStateTypes.done,
1522
+ type: "final"
1523
+ }
1524
+ };
1525
+ var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
1526
+ const initialContext = {
1527
+ openID4VCIClientState: opts.openID4VCIClientState,
1528
+ contact: opts.contact,
1529
+ selectedCredentials: []
1530
+ };
1531
+ return (0, import_xstate2.createMachine)({
1532
+ id: opts?.machineId ?? "FirstParty",
1533
+ predictableActionArguments: true,
1534
+ initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
1535
+ context: initialContext,
1536
+ states: firstPartyMachineStates,
1537
+ schema: {
1538
+ events: {},
1539
+ services: {}
1540
+ }
1541
+ });
1542
+ }, "createFirstPartyActivationMachine");
1543
+ var FirstPartyMachine = class _FirstPartyMachine {
1544
+ static {
1545
+ __name(this, "FirstPartyMachine");
1546
+ }
1547
+ static _instance;
1548
+ static hasInstance() {
1549
+ return _FirstPartyMachine._instance !== void 0;
1550
+ }
1551
+ static get instance() {
1552
+ if (!_FirstPartyMachine._instance) {
1553
+ throw Error("Please initialize ESIMActivation machine first");
1554
+ }
1555
+ return _FirstPartyMachine._instance;
1556
+ }
1557
+ static clearInstance(opts) {
1558
+ const { stop } = opts;
1559
+ if (_FirstPartyMachine.hasInstance()) {
1560
+ if (stop) {
1561
+ _FirstPartyMachine.stopInstance();
1562
+ }
1563
+ }
1564
+ _FirstPartyMachine._instance = void 0;
1565
+ }
1566
+ static stopInstance() {
1567
+ if (!_FirstPartyMachine.hasInstance()) {
1568
+ return;
1569
+ }
1570
+ _FirstPartyMachine.instance.stop();
1571
+ _FirstPartyMachine._instance = void 0;
1572
+ }
1573
+ static newInstance(opts) {
1574
+ const { agentContext } = opts;
1575
+ const services = {
1576
+ [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
1577
+ [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
1578
+ [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
1579
+ [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
1566
1580
  };
1567
- }));
1568
- }, "sdJwtCombineDisplayLocalesFrom");
1569
- var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
1570
- const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
1571
- return {
1572
- ...dynamicRegistrationClientMetadata?.client_name && {
1573
- alias: dynamicRegistrationClientMetadata.client_name
1574
- },
1575
- ...issuerDisplay.name && {
1576
- alias: issuerDisplay.name
1577
- },
1578
- ...issuerDisplay.locale && {
1579
- locale: issuerDisplay.locale
1580
- },
1581
- ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
1582
- logo: {
1583
- ...dynamicRegistrationClientMetadata?.logo_uri && {
1584
- uri: dynamicRegistrationClientMetadata?.logo_uri
1585
- },
1586
- ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
1587
- uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
1588
- },
1589
- ...issuerDisplay.logo?.alt_text && {
1590
- alt: issuerDisplay.logo?.alt_text
1591
- }
1581
+ const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
1582
+ services: {
1583
+ ...services,
1584
+ ...opts?.services
1585
+ },
1586
+ guards: {
1587
+ ...opts?.guards
1592
1588
  }
1593
- },
1594
- ...issuerDisplay.description && {
1595
- description: issuerDisplay.description
1596
- },
1597
- ...issuerDisplay.text_color && {
1598
- text: {
1599
- color: issuerDisplay.text_color
1589
+ }));
1590
+ if (typeof opts?.subscription === "function") {
1591
+ newInst.onTransition(opts.subscription);
1592
+ }
1593
+ if (opts?.requireCustomNavigationHook !== true) {
1594
+ newInst.onTransition((snapshot) => {
1595
+ if (opts?.stateNavigationListener) {
1596
+ void opts.stateNavigationListener(newInst, snapshot);
1597
+ }
1598
+ });
1599
+ }
1600
+ return newInst;
1601
+ }
1602
+ static getInstance(opts) {
1603
+ if (!_FirstPartyMachine._instance) {
1604
+ if (opts?.requireExisting === true) {
1605
+ throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
1600
1606
  }
1601
- },
1602
- ...dynamicRegistrationClientMetadata?.client_uri && {
1603
- clientUri: dynamicRegistrationClientMetadata.client_uri
1604
- },
1605
- ...dynamicRegistrationClientMetadata?.tos_uri && {
1606
- tosUri: dynamicRegistrationClientMetadata.tos_uri
1607
- },
1608
- ...dynamicRegistrationClientMetadata?.policy_uri && {
1609
- policyUri: dynamicRegistrationClientMetadata.policy_uri
1610
- },
1611
- ...dynamicRegistrationClientMetadata?.contacts && {
1612
- contacts: dynamicRegistrationClientMetadata.contacts
1607
+ _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
1613
1608
  }
1614
- };
1615
- }, "issuerLocaleBrandingFrom");
1609
+ return _FirstPartyMachine._instance;
1610
+ }
1611
+ };
1616
1612
 
1617
1613
  // src/services/OID4VCIHolderService.ts
1614
+ var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
1618
1615
  var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
1619
1616
  const { credentialsSupported, context } = args;
1620
1617
  const credentialBranding = {};
1621
1618
  await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
1622
1619
  let sdJwtTypeMetadata;
1623
- if (credentialsConfigSupported.format === "dc+sd-jwt") {
1620
+ if (credentialsConfigSupported.format === "vc+sd-jwt") {
1624
1621
  const vct = credentialsConfigSupported.vct;
1625
1622
  if (vct.startsWith("http")) {
1626
1623
  try {
@@ -1686,7 +1683,10 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
1686
1683
  }, "selectCredentialLocaleBranding");
1687
1684
  var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1688
1685
  const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
1689
- const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse);
1686
+ const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
1687
+ if (!credential) {
1688
+ return Promise.reject(Error("No credential found in credential response"));
1689
+ }
1690
1690
  const wrappedVC = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
1691
1691
  hasher: hasher ?? import_ssi_sdk.defaultHasher
1692
1692
  });
@@ -1738,7 +1738,11 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1738
1738
  }, "verifyCredentialToAccept");
1739
1739
  var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1740
1740
  const { credentialToAccept, hasher } = args;
1741
- const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse);
1741
+ const credentialResponse = credentialToAccept.credentialResponse;
1742
+ const verifiableCredential = credentialResponse.credential;
1743
+ if (!verifiableCredential) {
1744
+ return Promise.reject(Error("No credential found in credential response"));
1745
+ }
1742
1746
  const wrappedVerifiableCredential = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
1743
1747
  hasher
1744
1748
  });
@@ -1758,7 +1762,6 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1758
1762
  uniformVerifiableCredential = wrappedVerifiableCredential.credential;
1759
1763
  }
1760
1764
  const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : import_ssi_types.CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
1761
- const credentialResponse = credentialToAccept.credentialResponse;
1762
1765
  return {
1763
1766
  correlationId,
1764
1767
  credentialToAccept,
@@ -1770,18 +1773,6 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
1770
1773
  }
1771
1774
  };
1772
1775
  }, "mapCredentialToAccept");
1773
- var extractCredentialFromResponse = /* @__PURE__ */ __name((credentialResponse) => {
1774
- let credential;
1775
- if ("credential" in credentialResponse) {
1776
- credential = credentialResponse.credential;
1777
- } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
1778
- credential = credentialResponse.credentials[0].credential;
1779
- }
1780
- if (!credential) {
1781
- throw new Error("No credential found in credential response");
1782
- }
1783
- return credential;
1784
- }, "extractCredentialFromResponse");
1785
1776
  var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
1786
1777
  const { issuanceOpt, context } = args;
1787
1778
  const { identifier: identifierArg } = issuanceOpt;
@@ -1890,19 +1881,24 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
1890
1881
  }
1891
1882
  __name(createIdFromTypes, "createIdFromTypes");
1892
1883
  if (configurationId) {
1893
- const allSupported2 = client.getCredentialsSupported(format);
1884
+ const allSupported2 = client.getCredentialsSupported(false);
1894
1885
  return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
1895
1886
  }
1896
- if (!client.credentialOffer) {
1897
- return Promise.reject(Error("openID4VCIClient has no credentialOffer"));
1887
+ if (!types && !client.credentialOffer) {
1888
+ return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
1898
1889
  }
1899
- if (!types) {
1900
- return Promise.reject(Error("openID4VCIClient has no types"));
1890
+ if (!Array.isArray(format) && client.credentialOffer) {
1891
+ if (client.version() > import_oid4vci_common3.OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
1892
+ format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
1893
+ if (format?.length === 0) {
1894
+ format = void 0;
1895
+ }
1896
+ }
1901
1897
  }
1902
1898
  const offerSupported = (0, import_oid4vci_common3.getSupportedCredentials)({
1903
- types: [
1899
+ types: types ? [
1904
1900
  types
1905
- ],
1901
+ ] : client.getCredentialOfferTypes(),
1906
1902
  format,
1907
1903
  version: client.version(),
1908
1904
  issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
@@ -2077,8 +2073,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
2077
2073
  case "jwt":
2078
2074
  case "jwt_vc_json":
2079
2075
  case "jwt_vc":
2080
- //case 'vc+sd-jwt': FIXME re-enable for vcdm2
2081
- case "dc+sd-jwt":
2076
+ case "vc+sd-jwt":
2082
2077
  case "mso_mdoc": {
2083
2078
  const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
2084
2079
  if (supportedPreferences.length > 0) {
@@ -2147,6 +2142,7 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
2147
2142
 
2148
2143
  // src/agent/OID4VCIHolder.ts
2149
2144
  var import_polyfill = require("cross-fetch/polyfill");
2145
+ var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
2150
2146
  var oid4vciHolderContextMethods = [
2151
2147
  "cmGetContacts",
2152
2148
  "cmGetContact",
@@ -2162,7 +2158,7 @@ var oid4vciHolderContextMethods = [
2162
2158
  ];
2163
2159
  var logger = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:holder");
2164
2160
  function signCallback(identifier, context, nonce) {
2165
- return async (jwt, kid, noIssPayloadUpdate) => {
2161
+ return async (jwt, kid) => {
2166
2162
  let resolution = await context.agent.identifierManagedGet(identifier);
2167
2163
  const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
2168
2164
  if (!resolution.issuer && !jwt.payload.iss) {
@@ -2180,7 +2176,7 @@ function signCallback(identifier, context, nonce) {
2180
2176
  return (await context.agent.jwtCreateJwsCompactSignature({
2181
2177
  issuer: {
2182
2178
  ...resolution,
2183
- noIssPayloadUpdate: noIssPayloadUpdate ?? false
2179
+ noIssPayloadUpdate: false
2184
2180
  },
2185
2181
  protectedHeader: header,
2186
2182
  payload
@@ -2215,7 +2211,6 @@ var OID4VCIHolder = class _OID4VCIHolder {
2215
2211
  oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
2216
2212
  };
2217
2213
  vcFormatPreferences = [
2218
- "dc+sd-jwt",
2219
2214
  "vc+sd-jwt",
2220
2215
  "mso_mdoc",
2221
2216
  "jwt_vc_json",
@@ -2249,7 +2244,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
2249
2244
  onIdentifierCreated;
2250
2245
  onVerifyEBSICredentialIssuer;
2251
2246
  constructor(options) {
2252
- const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk2.defaultHasher } = {
2247
+ const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk3.defaultHasher } = {
2253
2248
  ...options
2254
2249
  };
2255
2250
  this.hasher = hasher;
@@ -2630,26 +2625,26 @@ var OID4VCIHolder = class _OID4VCIHolder {
2630
2625
  return Promise.reject(Error("Missing credential offers in context"));
2631
2626
  }
2632
2627
  let correlationId = credentialsToAccept[0].correlationId;
2633
- let identifierType = import_ssi_sdk3.CorrelationIdentifierType.DID;
2628
+ let identifierType = import_ssi_sdk2.CorrelationIdentifierType.DID;
2634
2629
  if (!correlationId.toLowerCase().startsWith("did:")) {
2635
- identifierType = import_ssi_sdk3.CorrelationIdentifierType.URL;
2630
+ identifierType = import_ssi_sdk2.CorrelationIdentifierType.URL;
2636
2631
  if (correlationId.startsWith("http")) {
2637
2632
  correlationId = new URL(correlationId).hostname;
2638
2633
  }
2639
2634
  }
2640
2635
  const identity = {
2641
2636
  alias: credentialsToAccept[0].correlationId,
2642
- origin: import_ssi_sdk3.IdentityOrigin.EXTERNAL,
2637
+ origin: import_ssi_sdk2.IdentityOrigin.EXTERNAL,
2643
2638
  roles: [
2644
- import_ssi_sdk3.CredentialRole.ISSUER
2639
+ import_ssi_sdk2.CredentialRole.ISSUER
2645
2640
  ],
2646
2641
  identifier: {
2647
2642
  type: identifierType,
2648
2643
  correlationId
2649
2644
  },
2650
- ...identifierType === import_ssi_sdk3.CorrelationIdentifierType.URL && {
2645
+ ...identifierType === import_ssi_sdk2.CorrelationIdentifierType.URL && {
2651
2646
  connection: {
2652
- type: import_ssi_sdk3.ConnectionType.OPENID_CONNECT,
2647
+ type: import_ssi_sdk2.ConnectionType.OPENID_CONNECT,
2653
2648
  config: {
2654
2649
  clientId: "138d7bf8-c930-4c6e-b928-97d3a4928b01",
2655
2650
  clientSecret: "03b3955f-d020-4f2a-8a27-4e452d4e27a0",
@@ -2676,7 +2671,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
2676
2671
  }
2677
2672
  async oid4vciHolderGetIssuerBranding(args, context) {
2678
2673
  const { serverMetadata, contact } = args;
2679
- const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
2674
+ const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
2680
2675
  if (issuerCorrelationId) {
2681
2676
  const branding = await context.agent.ibGetIssuerBranding({
2682
2677
  filter: [
@@ -2706,7 +2701,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
2706
2701
  if (!contact) {
2707
2702
  return Promise.reject(Error("Missing contact in context"));
2708
2703
  }
2709
- const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
2704
+ const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
2710
2705
  const branding = await context.agent.ibGetIssuerBranding({
2711
2706
  filter: [
2712
2707
  {
@@ -2802,9 +2797,9 @@ var OID4VCIHolder = class _OID4VCIHolder {
2802
2797
  if (Array.isArray(subjectIssuance?.notification_events_supported)) {
2803
2798
  event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
2804
2799
  logger.log(`Subject issuance/signing will be used, with event`, event);
2805
- const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse);
2800
+ const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
2806
2801
  const wrappedIssuerVC = import_ssi_types2.CredentialMapper.toWrappedVerifiableCredential(issuerVC, {
2807
- hasher: this.hasher ?? import_ssi_sdk2.defaultHasher
2802
+ hasher: this.hasher ?? import_ssi_sdk3.defaultHasher
2808
2803
  });
2809
2804
  console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
2810
2805
  let issuer;
@@ -2905,11 +2900,11 @@ var OID4VCIHolder = class _OID4VCIHolder {
2905
2900
  const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
2906
2901
  const persistedCredential = await context.agent.crsAddCredential({
2907
2902
  credential: {
2908
- rawDocument: (0, import_ssi_sdk3.ensureRawDocument)(persistCredential),
2903
+ rawDocument: (0, import_ssi_sdk2.ensureRawDocument)(persistCredential),
2909
2904
  kmsKeyRef,
2910
2905
  identifierMethod: method,
2911
- credentialRole: import_ssi_sdk3.CredentialRole.HOLDER,
2912
- issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk3.CredentialCorrelationType.DID : import_ssi_sdk3.CredentialCorrelationType.URL,
2906
+ credentialRole: import_ssi_sdk2.CredentialRole.HOLDER,
2907
+ issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk2.CredentialCorrelationType.DID : import_ssi_sdk2.CredentialCorrelationType.URL,
2913
2908
  issuerCorrelationId: issuer,
2914
2909
  subjectCorrelationType,
2915
2910
  subjectCorrelationId
@@ -2977,12 +2972,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
2977
2972
  case "did":
2978
2973
  if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierDidResult)(identifier)) {
2979
2974
  return [
2980
- import_ssi_sdk3.CredentialCorrelationType.DID,
2975
+ import_ssi_sdk2.CredentialCorrelationType.DID,
2981
2976
  identifier.did
2982
2977
  ];
2983
2978
  } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
2984
2979
  return [
2985
- import_ssi_sdk3.CredentialCorrelationType.DID,
2980
+ import_ssi_sdk2.CredentialCorrelationType.DID,
2986
2981
  typeof identifier.identifier === "string" ? identifier.identifier : identifier.identifier.did
2987
2982
  ];
2988
2983
  }
@@ -2990,12 +2985,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
2990
2985
  case "kid":
2991
2986
  if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierKidResult)(identifier)) {
2992
2987
  return [
2993
- import_ssi_sdk3.CredentialCorrelationType.KID,
2988
+ import_ssi_sdk2.CredentialCorrelationType.KID,
2994
2989
  identifier.kid
2995
2990
  ];
2996
2991
  } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
2997
2992
  return [
2998
- import_ssi_sdk3.CredentialCorrelationType.KID,
2993
+ import_ssi_sdk2.CredentialCorrelationType.KID,
2999
2994
  identifier.identifier
3000
2995
  ];
3001
2996
  }
@@ -3003,19 +2998,19 @@ var OID4VCIHolder = class _OID4VCIHolder {
3003
2998
  case "x5c":
3004
2999
  if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierX5cResult)(identifier)) {
3005
3000
  return [
3006
- import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
3001
+ import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
3007
3002
  identifier.x5c.join("\r\n")
3008
3003
  ];
3009
3004
  } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierX5cOpts)(identifier)) {
3010
3005
  return [
3011
- import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
3006
+ import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
3012
3007
  identifier.identifier.join("\r\n")
3013
3008
  ];
3014
3009
  }
3015
3010
  break;
3016
3011
  }
3017
3012
  return [
3018
- import_ssi_sdk3.CredentialCorrelationType.URL,
3013
+ import_ssi_sdk2.CredentialCorrelationType.URL,
3019
3014
  issuer
3020
3015
  ];
3021
3016
  }