npm - @sphereon/ssi-sdk.oid4vci-holder - Versions diffs - 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.48 - Mend

@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.cjs +419 -425
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +7 -10
package/dist/index.d.ts +7 -10
package/dist/index.js +513 -519
package/dist/index.js.map +1 -1
package/package.json +24 -25
package/src/agent/OID4VCIHolder.ts +34 -35
package/src/machines/firstPartyMachine.ts +1 -1
package/src/machines/oid4vciMachine.ts +1 -1
package/src/mappers/OIDC4VCIBrandingMapper.ts +1 -1
package/src/services/OID4VCIHolderService.ts +45 -46
package/src/types/FirstPartyMachine.ts +5 -6
package/src/types/IOID4VCIHolder.ts +2 -4

package/dist/index.js CHANGED Viewed

@@ -56,16 +56,13 @@ var require_nl = __commonJS({
 // src/agent/OID4VCIHolder.ts
 import { CredentialOfferClient, MetadataClient, OpenID4VCIClient as OpenID4VCIClient2 } from "@sphereon/oid4vci-client";
-import { DefaultURISchemes, getTypesFromObject as getTypesFromObject2 } from "@sphereon/oid4vci-common";
+import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCredentialOffer, getTypesFromObject as getTypesFromObject2 } from "@sphereon/oid4vci-common";
 import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
-import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
-import { ensureRawDocument } from "@sphereon/ssi-sdk.data-store-types";
-import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store-types";
-import { CredentialMapper as CredentialMapper2, CredentialRole, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
+import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
+import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
 import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
-import fetch from "cross-fetch";
 import { decodeJWT } from "did-jwt";
 import { v4 as uuidv42 } from "uuid";
@@ -152,7 +149,6 @@ var OID4VCIMachineGuards = /* @__PURE__ */ (function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
   OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
   OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
-  OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
   OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
   OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
   OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -980,410 +976,219 @@ var OID4VCIMachine = class {
 // src/services/OID4VCIHolderService.ts
 import { LOG } from "@sphereon/oid4vci-client";
-import { getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject } from "@sphereon/oid4vci-common";
+import { getSupportedCredentials, getTypesFromCredentialSupported, getTypesFromObject, OpenId4VCIVersion } from "@sphereon/oid4vci-common";
 import { KeyUse } from "@sphereon/ssi-sdk-ext.did-resolver-jwk";
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isIIdentifier, isManagedIdentifierDidResult, isManagedIdentifierResult, managedIdentifierToJwk } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { keyTypeFromCryptographicSuite } from "@sphereon/ssi-sdk-ext.key-utils";
-import { defaultHasher } from "@sphereon/ssi-sdk.core";
 import { CredentialMapper, JoseSignatureAlgorithm, mdocDecodedCredentialToUniformCredential, sdJwtDecodedCredentialToUniformCredential } from "@sphereon/ssi-types";
 import { asArray } from "@veramo/utils";
-// src/machines/firstPartyMachine.ts
-import { assign as assign2, createMachine as createMachine2, interpret as interpret2 } from "xstate";
-import { AuthorizationChallengeError } from "@sphereon/oid4vci-common";
-// src/services/FirstPartyMachineServices.ts
-import { OpenID4VCIClient } from "@sphereon/oid4vci-client";
-import { v4 as uuidv4 } from "uuid";
-var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
-  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
-  const oid4vciClient = await OpenID4VCIClient.fromState({
-    state: openID4VCIClientState
+// src/mappers/OIDC4VCIBrandingMapper.ts
+var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, issuerCredentialSubject } = args;
+  return oid4vciCombineDisplayLocalesFrom({
+    ...issuerCredentialSubject && {
+      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
+        issuerCredentialSubject
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
+    }
   });
-  return oid4vciClient.acquireAuthorizationChallengeCode({
-    clientId: oid4vciClient.clientId ?? uuidv4(),
-    ...authSession && {
-      authSession
+}, "oid4vciGetCredentialBrandingFrom");
+var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return credentialDisplay.reduce((localeDisplays, display) => {
+    const localeKey = display.locale || "";
+    localeDisplays.set(localeKey, display);
+    return localeDisplays;
+  }, /* @__PURE__ */ new Map());
+}, "oid4vciCredentialDisplayLocalesFrom");
+var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerCredentialSubject } = args;
+  const localeClaims = /* @__PURE__ */ new Map();
+  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
+    Object.entries(claim).forEach(([key, value]) => {
+      if (key === "mandatory" || key === "value_type") {
+        return;
+      }
+      if (key === "display" && Array.isArray(value)) {
+        value.forEach(({ name, locale = "" }) => {
+          if (!name) {
+            return;
+          }
+          if (!localeClaims.has(locale)) {
+            localeClaims.set(locale, []);
+          }
+          localeClaims.get(locale).push({
+            key: parentKey,
+            name
+          });
+        });
+      } else if (typeof value === "object" && value !== null) {
+        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
+      }
+    });
+  }, "processClaimObject");
+  processClaimObject(issuerCredentialSubject);
+  return localeClaims;
+}, "oid4vciIssuerCredentialSubjectLocalesFrom");
+var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return {
+    ...credentialDisplay.name && {
+      alias: credentialDisplay.name
     },
-    ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
-      issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
+    ...credentialDisplay.locale && {
+      locale: credentialDisplay.locale
     },
-    ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
-      issuerState: openID4VCIClientState.credentialOffer?.issuerState
+    ...credentialDisplay.logo && {
+      logo: {
+        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
+          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
+        },
+        ...credentialDisplay.logo.alt_text && {
+          alt: credentialDisplay.logo?.alt_text
+        }
+      }
     },
-    ...presentationDuringIssuanceSession && {
-      presentationDuringIssuanceSession
-    }
-  });
-}, "sendAuthorizationChallengeRequest");
-var createConfig = /* @__PURE__ */ __name(async (args, context) => {
-  const { presentationUri } = args;
-  if (!presentationUri) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  return context.agent.siopCreateConfig({
-    url: presentationUri
-  });
-}, "createConfig");
-var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, presentationUri } = args;
-  if (presentationUri === void 0) {
-    return Promise.reject(Error("Missing presentation uri in context"));
-  }
-  if (didAuthConfig === void 0) {
-    return Promise.reject(Error("Missing did auth config in context"));
-  }
-  return context.agent.siopGetSiopRequest({
-    didAuthConfig,
-    url: presentationUri
-  });
-}, "getSiopRequest");
-var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
-  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
-  const responseData = await context.agent.siopSendResponse({
-    authorizationRequestData,
-    selectedCredentials,
-    didAuthConfig,
-    isFirstParty: true
-  });
-  return responseData.body.presentation_during_issuance_session;
-}, "sendAuthorizationResponse");
-// src/machines/firstPartyMachine.ts
-var firstPartyMachineStates = {
-  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.done,
-        actions: assign2({
-          authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
-        })
-      },
-      onError: [
-        {
-          target: FirstPartyMachineStateTypes.createConfig,
-          cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === AuthorizationChallengeError.insufficient_authorization, "cond"),
-          actions: assign2({
-            authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
-            presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
-          })
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.text_color && {
+      text: {
+        color: credentialDisplay.text_color
+      }
+    },
+    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
+      background: {
+        ...credentialDisplay.background_image && {
+          image: {
+            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
+              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
+            },
+            ...credentialDisplay.background_image.alt_text && {
+              alt: credentialDisplay.background_image?.alt_text
+            }
+          }
         },
-        {
-          target: FirstPartyMachineStateTypes.error,
-          actions: assign2({
-            error: /* @__PURE__ */ __name((_ctx, _event) => ({
-              title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
-              message: _event.data.message,
-              stack: _event.data.stack
-            }), "error")
-          })
+        ...credentialDisplay.background_color && {
+          color: credentialDisplay.background_color
         }
-      ]
-    }
-  },
-  [FirstPartyMachineStateTypes.createConfig]: {
-    id: FirstPartyMachineStateTypes.createConfig,
-    invoke: {
-      src: FirstPartyMachineServices.createConfig,
-      onDone: {
-        target: FirstPartyMachineStateTypes.getSiopRequest,
-        actions: assign2({
-          didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_create_config_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
       }
     }
-  },
-  [FirstPartyMachineStateTypes.getSiopRequest]: {
-    id: FirstPartyMachineStateTypes.getSiopRequest,
-    invoke: {
-      src: FirstPartyMachineServices.getSiopRequest,
-      onDone: {
-        target: FirstPartyMachineStateTypes.selectCredentials,
-        actions: assign2({
-          authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
-        })
+  };
+}, "oid4vciCredentialLocaleBrandingFrom");
+var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...issuerCredentialSubjectLocales.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = issuerCredentialSubjectLocales.get(locale);
+    return {
+      ...display && await oid4vciCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
       },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("siopV2_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.selectCredentials]: {
-    id: FirstPartyMachineStateTypes.selectCredentials,
-    on: {
-      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
-        actions: assign2({
-          selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
-        })
-      },
-      [FirstPartyMachineEvents.NEXT]: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationResponse
-      },
-      [FirstPartyMachineEvents.DECLINE]: {
-        target: FirstPartyMachineStateTypes.declined
-      },
-      [FirstPartyMachineEvents.PREVIOUS]: {
-        target: FirstPartyMachineStateTypes.aborted
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
-    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
-    invoke: {
-      src: FirstPartyMachineServices.sendAuthorizationResponse,
-      onDone: {
-        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-        actions: assign2({
-          presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
-        })
-      },
-      onError: {
-        target: FirstPartyMachineStateTypes.error,
-        actions: assign2({
-          error: /* @__PURE__ */ __name((_ctx, _event) => ({
-            title: translate("oid4vci_machine_get_request_error_title"),
-            message: _event.data.message,
-            stack: _event.data.stack
-          }), "error")
-        })
-      }
-    }
-  },
-  [FirstPartyMachineStateTypes.aborted]: {
-    id: FirstPartyMachineStateTypes.aborted,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.declined]: {
-    id: FirstPartyMachineStateTypes.declined,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.error]: {
-    id: FirstPartyMachineStateTypes.error,
-    type: "final"
-  },
-  [FirstPartyMachineStateTypes.done]: {
-    id: FirstPartyMachineStateTypes.done,
-    type: "final"
-  }
-};
-var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
-  const initialContext = {
-    openID4VCIClientState: opts.openID4VCIClientState,
-    contact: opts.contact,
-    selectedCredentials: []
-  };
-  return createMachine2({
-    id: opts?.machineId ?? "FirstParty",
-    predictableActionArguments: true,
-    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
-    context: initialContext,
-    states: firstPartyMachineStates,
-    schema: {
-      events: {},
-      services: {}
-    }
-  });
-}, "createFirstPartyActivationMachine");
-var FirstPartyMachine = class _FirstPartyMachine {
-  static {
-    __name(this, "FirstPartyMachine");
-  }
-  static _instance;
-  static hasInstance() {
-    return _FirstPartyMachine._instance !== void 0;
-  }
-  static get instance() {
-    if (!_FirstPartyMachine._instance) {
-      throw Error("Please initialize ESIMActivation machine first");
-    }
-    return _FirstPartyMachine._instance;
-  }
-  static clearInstance(opts) {
-    const { stop } = opts;
-    if (_FirstPartyMachine.hasInstance()) {
-      if (stop) {
-        _FirstPartyMachine.stopInstance();
-      }
-    }
-    _FirstPartyMachine._instance = void 0;
-  }
-  static stopInstance() {
-    if (!_FirstPartyMachine.hasInstance()) {
-      return;
-    }
-    _FirstPartyMachine.instance.stop();
-    _FirstPartyMachine._instance = void 0;
-  }
-  static newInstance(opts) {
-    const { agentContext } = opts;
-    const services = {
-      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
-      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
-      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
-      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
-    };
-    const newInst = interpret2(createFirstPartyActivationMachine(opts).withConfig({
-      services: {
-        ...services,
-        ...opts?.services
-      },
-      guards: {
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      newInst.onTransition(opts.subscription);
-    }
-    if (opts?.requireCustomNavigationHook !== true) {
-      newInst.onTransition((snapshot) => {
-        if (opts?.stateNavigationListener) {
-          void opts.stateNavigationListener(newInst, snapshot);
-        }
-      });
-    }
-    return newInst;
-  }
-  static getInstance(opts) {
-    if (!_FirstPartyMachine._instance) {
-      if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
-      }
-      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
-    }
-    return _FirstPartyMachine._instance;
-  }
-};
-// src/mappers/OIDC4VCIBrandingMapper.ts
-var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, issuerCredentialSubject } = args;
-  return oid4vciCombineDisplayLocalesFrom({
-    ...issuerCredentialSubject && {
-      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
-        issuerCredentialSubject
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
+      claims
+    };
+  }));
+}, "oid4vciCombineDisplayLocalesFrom");
+var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, claimsMetadata } = args;
+  return sdJwtCombineDisplayLocalesFrom({
+    ...claimsMetadata && {
+      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
+        claimsMetadata
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
     }
   });
-}, "oid4vciGetCredentialBrandingFrom");
-var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+}, "sdJwtGetCredentialBrandingFrom");
+var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
   const { credentialDisplay } = args;
   return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.locale || "";
+    const localeKey = display.lang || "";
     localeDisplays.set(localeKey, display);
     return localeDisplays;
   }, /* @__PURE__ */ new Map());
-}, "oid4vciCredentialDisplayLocalesFrom");
-var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerCredentialSubject } = args;
+}, "sdJwtCredentialDisplayLocalesFrom");
+var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { claimsMetadata } = args;
   const localeClaims = /* @__PURE__ */ new Map();
-  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
-    Object.entries(claim).forEach(([key, value]) => {
-      if (key === "mandatory" || key === "value_type") {
-        return;
-      }
-      if (key === "display" && Array.isArray(value)) {
-        value.forEach(({ name, locale = "" }) => {
-          if (!name) {
-            return;
-          }
-          if (!localeClaims.has(locale)) {
-            localeClaims.set(locale, []);
-          }
-          localeClaims.get(locale).push({
-            key: parentKey,
-            name
-          });
-        });
-      } else if (typeof value === "object" && value !== null) {
-        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
+  claimsMetadata.forEach((claim) => {
+    claim.display?.forEach((display) => {
+      const { lang = "", label } = display;
+      const key = claim.path.map((value) => String(value)).join(".");
+      if (!localeClaims.has(lang)) {
+        localeClaims.set(lang, []);
       }
+      localeClaims.get(lang).push({
+        key,
+        name: label
+      });
     });
-  }, "processClaimObject");
-  processClaimObject(issuerCredentialSubject);
+  });
   return localeClaims;
-}, "oid4vciIssuerCredentialSubjectLocalesFrom");
-var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+}, "sdJwtCredentialClaimLocalesFrom");
+var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
   const { credentialDisplay } = args;
   return {
     ...credentialDisplay.name && {
       alias: credentialDisplay.name
     },
-    ...credentialDisplay.locale && {
-      locale: credentialDisplay.locale
+    ...credentialDisplay.lang && {
+      locale: credentialDisplay.lang
     },
-    ...credentialDisplay.logo && {
+    ...credentialDisplay.rendering?.simple?.logo && {
       logo: {
-        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
-          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
+        ...credentialDisplay.rendering.simple.logo.uri && {
+          uri: credentialDisplay.rendering.simple.logo.uri
         },
-        ...credentialDisplay.logo.alt_text && {
-          alt: credentialDisplay.logo?.alt_text
+        ...credentialDisplay.rendering.simple.logo.alt_text && {
+          alt: credentialDisplay.rendering.simple.logo.alt_text
         }
       }
     },
     ...credentialDisplay.description && {
       description: credentialDisplay.description
     },
-    ...credentialDisplay.text_color && {
+    ...credentialDisplay.rendering?.simple?.text_color && {
       text: {
-        color: credentialDisplay.text_color
+        color: credentialDisplay.rendering.simple.text_color
       }
     },
-    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
+    ...credentialDisplay.rendering?.simple?.background_color && {
       background: {
-        ...credentialDisplay.background_image && {
-          image: {
-            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
-              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
-            },
-            ...credentialDisplay.background_image.alt_text && {
-              alt: credentialDisplay.background_image?.alt_text
-            }
-          }
-        },
-        ...credentialDisplay.background_color && {
-          color: credentialDisplay.background_color
-        }
+        color: credentialDisplay.rendering.simple.background_color
       }
     }
   };
-}, "oid4vciCredentialLocaleBrandingFrom");
-var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
+}, "sdJwtCredentialLocaleBrandingFrom");
+var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
   const locales = Array.from(/* @__PURE__ */ new Set([
-    ...issuerCredentialSubjectLocales.keys(),
+    ...claimsMetadata.keys(),
     ...credentialDisplayLocales.keys()
   ]));
   return Promise.all(locales.map(async (locale) => {
     const display = credentialDisplayLocales.get(locale);
-    const claims = issuerCredentialSubjectLocales.get(locale);
+    const claims = claimsMetadata.get(locale);
     return {
-      ...display && await oid4vciCredentialLocaleBrandingFrom({
+      ...display && await sdJwtCredentialLocaleBrandingFrom({
         credentialDisplay: display
       }),
       ...locale.length > 0 && {
@@ -1392,157 +1197,348 @@ var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
       claims
     };
   }));
-}, "oid4vciCombineDisplayLocalesFrom");
-var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, claimsMetadata } = args;
-  return sdJwtCombineDisplayLocalesFrom({
-    ...claimsMetadata && {
-      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
-        claimsMetadata
-      })
+}, "sdJwtCombineDisplayLocalesFrom");
+var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
+  return {
+    ...dynamicRegistrationClientMetadata?.client_name && {
+      alias: dynamicRegistrationClientMetadata.client_name
     },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "sdJwtGetCredentialBrandingFrom");
-var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.lang || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "sdJwtCredentialDisplayLocalesFrom");
-var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { claimsMetadata } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  claimsMetadata.forEach((claim) => {
-    claim.display?.forEach((display) => {
-      const { lang = "", label } = display;
-      const key = claim.path.map((value) => String(value)).join(".");
-      if (!localeClaims.has(lang)) {
-        localeClaims.set(lang, []);
+    ...issuerDisplay.name && {
+      alias: issuerDisplay.name
+    },
+    ...issuerDisplay.locale && {
+      locale: issuerDisplay.locale
+    },
+    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
+      logo: {
+        ...dynamicRegistrationClientMetadata?.logo_uri && {
+          uri: dynamicRegistrationClientMetadata?.logo_uri
+        },
+        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
+          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
+        },
+        ...issuerDisplay.logo?.alt_text && {
+          alt: issuerDisplay.logo?.alt_text
+        }
       }
-      localeClaims.get(lang).push({
-        key,
-        name: label
-      });
-    });
+    },
+    ...issuerDisplay.description && {
+      description: issuerDisplay.description
+    },
+    ...issuerDisplay.text_color && {
+      text: {
+        color: issuerDisplay.text_color
+      }
+    },
+    ...dynamicRegistrationClientMetadata?.client_uri && {
+      clientUri: dynamicRegistrationClientMetadata.client_uri
+    },
+    ...dynamicRegistrationClientMetadata?.tos_uri && {
+      tosUri: dynamicRegistrationClientMetadata.tos_uri
+    },
+    ...dynamicRegistrationClientMetadata?.policy_uri && {
+      policyUri: dynamicRegistrationClientMetadata.policy_uri
+    },
+    ...dynamicRegistrationClientMetadata?.contacts && {
+      contacts: dynamicRegistrationClientMetadata.contacts
+    }
+  };
+}, "issuerLocaleBrandingFrom");
+// src/machines/firstPartyMachine.ts
+import { assign as assign2, createMachine as createMachine2, interpret as interpret2 } from "xstate";
+import { AuthorizationChallengeError } from "@sphereon/oid4vci-common";
+// src/services/FirstPartyMachineServices.ts
+import { OpenID4VCIClient } from "@sphereon/oid4vci-client";
+import { v4 as uuidv4 } from "uuid";
+var sendAuthorizationChallengeRequest = /* @__PURE__ */ __name(async (args) => {
+  const { openID4VCIClientState, authSession, presentationDuringIssuanceSession } = args;
+  const oid4vciClient = await OpenID4VCIClient.fromState({
+    state: openID4VCIClientState
   });
-  return localeClaims;
-}, "sdJwtCredentialClaimLocalesFrom");
-var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
+  return oid4vciClient.acquireAuthorizationChallengeCode({
+    clientId: oid4vciClient.clientId ?? uuidv4(),
+    ...authSession && {
+      authSession
     },
-    ...credentialDisplay.lang && {
-      locale: credentialDisplay.lang
+    ...!authSession && openID4VCIClientState.credentialOffer?.preAuthorizedCode && {
+      issuerState: openID4VCIClientState.credentialOffer?.preAuthorizedCode
     },
-    ...credentialDisplay.rendering?.simple?.logo && {
-      logo: {
-        ...credentialDisplay.rendering.simple.logo.uri && {
-          uri: credentialDisplay.rendering.simple.logo.uri
+    ...!authSession && openID4VCIClientState.credentialOffer?.issuerState && {
+      issuerState: openID4VCIClientState.credentialOffer?.issuerState
+    },
+    ...presentationDuringIssuanceSession && {
+      presentationDuringIssuanceSession
+    }
+  });
+}, "sendAuthorizationChallengeRequest");
+var createConfig = /* @__PURE__ */ __name(async (args, context) => {
+  const { presentationUri } = args;
+  if (!presentationUri) {
+    return Promise.reject(Error("Missing presentation uri in context"));
+  }
+  return context.agent.siopCreateConfig({
+    url: presentationUri
+  });
+}, "createConfig");
+var getSiopRequest = /* @__PURE__ */ __name(async (args, context) => {
+  const { didAuthConfig, presentationUri } = args;
+  if (presentationUri === void 0) {
+    return Promise.reject(Error("Missing presentation uri in context"));
+  }
+  if (didAuthConfig === void 0) {
+    return Promise.reject(Error("Missing did auth config in context"));
+  }
+  return context.agent.siopGetSiopRequest({
+    didAuthConfig,
+    url: presentationUri
+  });
+}, "getSiopRequest");
+var sendAuthorizationResponse = /* @__PURE__ */ __name(async (args, context) => {
+  const { didAuthConfig, authorizationRequestData, selectedCredentials } = args;
+  const responseData = await context.agent.siopSendResponse({
+    authorizationRequestData,
+    selectedCredentials,
+    didAuthConfig,
+    isFirstParty: true
+  });
+  return responseData.body.presentation_during_issuance_session;
+}, "sendAuthorizationResponse");
+// src/machines/firstPartyMachine.ts
+var firstPartyMachineStates = {
+  [FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationChallengeRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.done,
+        actions: assign2({
+          authorizationCodeResponse: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationCodeResponse")
+        })
+      },
+      onError: [
+        {
+          target: FirstPartyMachineStateTypes.createConfig,
+          cond: /* @__PURE__ */ __name((_ctx, _event) => _event.data.error === AuthorizationChallengeError.insufficient_authorization, "cond"),
+          actions: assign2({
+            authSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data.auth_session, "authSession"),
+            presentationUri: /* @__PURE__ */ __name((_ctx, _event) => _event.data.presentation, "presentationUri")
+          })
         },
-        ...credentialDisplay.rendering.simple.logo.alt_text && {
-          alt: credentialDisplay.rendering.simple.logo.alt_text
+        {
+          target: FirstPartyMachineStateTypes.error,
+          actions: assign2({
+            error: /* @__PURE__ */ __name((_ctx, _event) => ({
+              title: translate("oid4vci_machine_send_authorization_challenge_request_error_title"),
+              message: _event.data.message,
+              stack: _event.data.stack
+            }), "error")
+          })
         }
+      ]
+    }
+  },
+  [FirstPartyMachineStateTypes.createConfig]: {
+    id: FirstPartyMachineStateTypes.createConfig,
+    invoke: {
+      src: FirstPartyMachineServices.createConfig,
+      onDone: {
+        target: FirstPartyMachineStateTypes.getSiopRequest,
+        actions: assign2({
+          didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
+        })
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("oid4vci_machine_create_config_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
       }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.rendering?.simple?.text_color && {
-      text: {
-        color: credentialDisplay.rendering.simple.text_color
+    }
+  },
+  [FirstPartyMachineStateTypes.getSiopRequest]: {
+    id: FirstPartyMachineStateTypes.getSiopRequest,
+    invoke: {
+      src: FirstPartyMachineServices.getSiopRequest,
+      onDone: {
+        target: FirstPartyMachineStateTypes.selectCredentials,
+        actions: assign2({
+          authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
+        })
+      },
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("siopV2_machine_get_request_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
       }
-    },
-    ...credentialDisplay.rendering?.simple?.background_color && {
-      background: {
-        color: credentialDisplay.rendering.simple.background_color
+    }
+  },
+  [FirstPartyMachineStateTypes.selectCredentials]: {
+    id: FirstPartyMachineStateTypes.selectCredentials,
+    on: {
+      [FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS]: {
+        actions: assign2({
+          selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
+        })
+      },
+      [FirstPartyMachineEvents.NEXT]: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationResponse
+      },
+      [FirstPartyMachineEvents.DECLINE]: {
+        target: FirstPartyMachineStateTypes.declined
+      },
+      [FirstPartyMachineEvents.PREVIOUS]: {
+        target: FirstPartyMachineStateTypes.aborted
       }
     }
-  };
-}, "sdJwtCredentialLocaleBrandingFrom");
-var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...claimsMetadata.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = claimsMetadata.get(locale);
-    return {
-      ...display && await sdJwtCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
+  },
+  [FirstPartyMachineStateTypes.sendAuthorizationResponse]: {
+    id: FirstPartyMachineStateTypes.sendAuthorizationResponse,
+    invoke: {
+      src: FirstPartyMachineServices.sendAuthorizationResponse,
+      onDone: {
+        target: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+        actions: assign2({
+          presentationDuringIssuanceSession: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "presentationDuringIssuanceSession")
+        })
       },
-      claims
+      onError: {
+        target: FirstPartyMachineStateTypes.error,
+        actions: assign2({
+          error: /* @__PURE__ */ __name((_ctx, _event) => ({
+            title: translate("oid4vci_machine_get_request_error_title"),
+            message: _event.data.message,
+            stack: _event.data.stack
+          }), "error")
+        })
+      }
+    }
+  },
+  [FirstPartyMachineStateTypes.aborted]: {
+    id: FirstPartyMachineStateTypes.aborted,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.declined]: {
+    id: FirstPartyMachineStateTypes.declined,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.error]: {
+    id: FirstPartyMachineStateTypes.error,
+    type: "final"
+  },
+  [FirstPartyMachineStateTypes.done]: {
+    id: FirstPartyMachineStateTypes.done,
+    type: "final"
+  }
+};
+var createFirstPartyActivationMachine = /* @__PURE__ */ __name((opts) => {
+  const initialContext = {
+    openID4VCIClientState: opts.openID4VCIClientState,
+    contact: opts.contact,
+    selectedCredentials: []
+  };
+  return createMachine2({
+    id: opts?.machineId ?? "FirstParty",
+    predictableActionArguments: true,
+    initial: FirstPartyMachineStateTypes.sendAuthorizationChallengeRequest,
+    context: initialContext,
+    states: firstPartyMachineStates,
+    schema: {
+      events: {},
+      services: {}
+    }
+  });
+}, "createFirstPartyActivationMachine");
+var FirstPartyMachine = class _FirstPartyMachine {
+  static {
+    __name(this, "FirstPartyMachine");
+  }
+  static _instance;
+  static hasInstance() {
+    return _FirstPartyMachine._instance !== void 0;
+  }
+  static get instance() {
+    if (!_FirstPartyMachine._instance) {
+      throw Error("Please initialize ESIMActivation machine first");
+    }
+    return _FirstPartyMachine._instance;
+  }
+  static clearInstance(opts) {
+    const { stop } = opts;
+    if (_FirstPartyMachine.hasInstance()) {
+      if (stop) {
+        _FirstPartyMachine.stopInstance();
+      }
+    }
+    _FirstPartyMachine._instance = void 0;
+  }
+  static stopInstance() {
+    if (!_FirstPartyMachine.hasInstance()) {
+      return;
+    }
+    _FirstPartyMachine.instance.stop();
+    _FirstPartyMachine._instance = void 0;
+  }
+  static newInstance(opts) {
+    const { agentContext } = opts;
+    const services = {
+      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
+      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
+      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
+      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
     };
-  }));
-}, "sdJwtCombineDisplayLocalesFrom");
-var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
-  return {
-    ...dynamicRegistrationClientMetadata?.client_name && {
-      alias: dynamicRegistrationClientMetadata.client_name
-    },
-    ...issuerDisplay.name && {
-      alias: issuerDisplay.name
-    },
-    ...issuerDisplay.locale && {
-      locale: issuerDisplay.locale
-    },
-    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
-      logo: {
-        ...dynamicRegistrationClientMetadata?.logo_uri && {
-          uri: dynamicRegistrationClientMetadata?.logo_uri
-        },
-        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
-          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
-        },
-        ...issuerDisplay.logo?.alt_text && {
-          alt: issuerDisplay.logo?.alt_text
-        }
+    const newInst = interpret2(createFirstPartyActivationMachine(opts).withConfig({
+      services: {
+        ...services,
+        ...opts?.services
+      },
+      guards: {
+        ...opts?.guards
       }
-    },
-    ...issuerDisplay.description && {
-      description: issuerDisplay.description
-    },
-    ...issuerDisplay.text_color && {
-      text: {
-        color: issuerDisplay.text_color
+    }));
+    if (typeof opts?.subscription === "function") {
+      newInst.onTransition(opts.subscription);
+    }
+    if (opts?.requireCustomNavigationHook !== true) {
+      newInst.onTransition((snapshot) => {
+        if (opts?.stateNavigationListener) {
+          void opts.stateNavigationListener(newInst, snapshot);
+        }
+      });
+    }
+    return newInst;
+  }
+  static getInstance(opts) {
+    if (!_FirstPartyMachine._instance) {
+      if (opts?.requireExisting === true) {
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
       }
-    },
-    ...dynamicRegistrationClientMetadata?.client_uri && {
-      clientUri: dynamicRegistrationClientMetadata.client_uri
-    },
-    ...dynamicRegistrationClientMetadata?.tos_uri && {
-      tosUri: dynamicRegistrationClientMetadata.tos_uri
-    },
-    ...dynamicRegistrationClientMetadata?.policy_uri && {
-      policyUri: dynamicRegistrationClientMetadata.policy_uri
-    },
-    ...dynamicRegistrationClientMetadata?.contacts && {
-      contacts: dynamicRegistrationClientMetadata.contacts
+      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
     }
-  };
-}, "issuerLocaleBrandingFrom");
+    return _FirstPartyMachine._instance;
+  }
+};
 // src/services/OID4VCIHolderService.ts
+import { defaultHasher } from "@sphereon/ssi-sdk.core";
 var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
   const { credentialsSupported, context } = args;
   const credentialBranding = {};
   await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
     let sdJwtTypeMetadata;
-    if (credentialsConfigSupported.format === "dc+sd-jwt") {
+    if (credentialsConfigSupported.format === "vc+sd-jwt") {
       const vct = credentialsConfigSupported.vct;
       if (vct.startsWith("http")) {
         try {
@@ -1608,7 +1604,10 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse);
+  const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
+  if (!credential) {
+    return Promise.reject(Error("No credential found in credential response"));
+  }
   const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, {
     hasher: hasher ?? defaultHasher
   });
@@ -1660,7 +1659,11 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 }, "verifyCredentialToAccept");
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
-  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse);
+  const credentialResponse = credentialToAccept.credentialResponse;
+  const verifiableCredential = credentialResponse.credential;
+  if (!verifiableCredential) {
+    return Promise.reject(Error("No credential found in credential response"));
+  }
   const wrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
     hasher
   });
@@ -1680,7 +1683,6 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     uniformVerifiableCredential = wrappedVerifiableCredential.credential;
   }
   const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
-  const credentialResponse = credentialToAccept.credentialResponse;
   return {
     correlationId,
     credentialToAccept,
@@ -1692,18 +1694,6 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     }
   };
 }, "mapCredentialToAccept");
-var extractCredentialFromResponse = /* @__PURE__ */ __name((credentialResponse) => {
-  let credential;
-  if ("credential" in credentialResponse) {
-    credential = credentialResponse.credential;
-  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-    credential = credentialResponse.credentials[0].credential;
-  }
-  if (!credential) {
-    throw new Error("No credential found in credential response");
-  }
-  return credential;
-}, "extractCredentialFromResponse");
 var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
   const { issuanceOpt, context } = args;
   const { identifier: identifierArg } = issuanceOpt;
@@ -1812,19 +1802,24 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
   }
   __name(createIdFromTypes, "createIdFromTypes");
   if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(format);
+    const allSupported2 = client.getCredentialsSupported(false);
     return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
   }
-  if (!client.credentialOffer) {
-    return Promise.reject(Error("openID4VCIClient has no credentialOffer"));
+  if (!types && !client.credentialOffer) {
+    return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
   }
-  if (!types) {
-    return Promise.reject(Error("openID4VCIClient has no types"));
+  if (!Array.isArray(format) && client.credentialOffer) {
+    if (client.version() > OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
+      format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
+      if (format?.length === 0) {
+        format = void 0;
+      }
+    }
   }
   const offerSupported = getSupportedCredentials({
-    types: [
+    types: types ? [
       types
-    ],
+    ] : client.getCredentialOfferTypes(),
     format,
     version: client.version(),
     issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
@@ -1999,8 +1994,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
-    //case 'vc+sd-jwt': // TODO see SSISDK-52 concerning vc+sd-jwt
-    case "dc+sd-jwt":
+    case "vc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
       if (supportedPreferences.length > 0) {
@@ -2068,6 +2062,8 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 }, "startFirstPartApplicationMachine");
 // src/agent/OID4VCIHolder.ts
+import "cross-fetch/polyfill";
+import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2083,7 +2079,7 @@ var oid4vciHolderContextMethods = [
 ];
 var logger = Loggers.DEFAULT.get("sphereon:oid4vci:holder");
 function signCallback(identifier, context, nonce) {
-  return async (jwt, kid, noIssPayloadUpdate) => {
+  return async (jwt, kid) => {
     let resolution = await context.agent.identifierManagedGet(identifier);
     const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
     if (!resolution.issuer && !jwt.payload.iss) {
@@ -2101,7 +2097,7 @@ function signCallback(identifier, context, nonce) {
     return (await context.agent.jwtCreateJwsCompactSignature({
       issuer: {
         ...resolution,
-        noIssPayloadUpdate: noIssPayloadUpdate ?? false
+        noIssPayloadUpdate: false
       },
       protectedHeader: header,
       payload
@@ -2136,7 +2132,6 @@ var OID4VCIHolder = class _OID4VCIHolder {
     oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
   };
   vcFormatPreferences = [
-    "dc+sd-jwt",
     "vc+sd-jwt",
     "mso_mdoc",
     "jwt_vc_json",
@@ -2288,6 +2283,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       formats = Array.from(new Set(authFormats));
     }
     let oid4vciClient;
+    let types = void 0;
     let offer;
     if (requestData.existingClientState) {
       oid4vciClient = await OpenID4VCIClient2.fromState({
@@ -2323,18 +2319,17 @@ var OID4VCIHolder = class _OID4VCIHolder {
         });
       }
     }
-    let configurationIds = [];
     if (offer) {
-      configurationIds = offer.original_credential_offer.credential_configuration_ids;
+      types = getTypesFromCredentialOffer(offer.original_credential_offer);
     } else {
-      configurationIds = asArray2(authorizationRequestOpts.authorizationDetails).filter((authDetails) => typeof authDetails !== "string").map((authReqOpts) => authReqOpts.credential_configuration_id).filter((id) => !!id);
+      types = asArray2(authorizationRequestOpts.authorizationDetails).map((authReqOpts) => getTypesFromAuthorizationDetails(authReqOpts) ?? []).filter((inner) => inner.length > 0);
     }
+    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
       client: oid4vciClient,
       vcFormatPreferences: formats,
-      configurationIds
+      types
     });
-    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialBranding = await getCredentialBranding({
       credentialsSupported,
       context
@@ -2723,7 +2718,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse);
+        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
         const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
           hasher: this.hasher ?? defaultHasher2
         });
@@ -3094,7 +3089,6 @@ export {
   RequestType,
   SupportedLanguage,
   createConfig,
-  extractCredentialFromResponse,
   getBasicIssuerLocaleBranding,
   getCredentialBranding,
   getCredentialConfigsBasedOnFormatPref,