@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.49

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.oid4vci-holder",
-  "version": "0.34.1-feature.FIDES.1.274+3d1f4edd",
+  "version": "0.34.1-feature.IDK.11.49+19dd3372",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -26,41 +26,40 @@
     "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.219",
+    "@sphereon/did-auth-siop": "0.19.1-next.2",
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
-    "@sphereon/oid4vci-client": "0.19.1-feature.DIIPv4.219",
-    "@sphereon/oid4vci-common": "0.19.1-feature.DIIPv4.219",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.core": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.credential-store": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.oidf-client": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.FIDES.1.274+3d1f4edd",
-    "@sphereon/ssi-types": "0.34.1-feature.FIDES.1.274+3d1f4edd",
+    "@sphereon/oid4vci-client": "0.19.1-next.2",
+    "@sphereon/oid4vci-common": "0.19.1-next.2",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.core": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.credential-store": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.oidf-client": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.IDK.11.49+19dd3372",
+    "@sphereon/ssi-types": "0.34.1-feature.IDK.11.49+19dd3372",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",
     "@veramo/utils": "4.2.0",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "dcql": "1.0.1",
     "i18n-js": "^3.9.2",
     "lodash.memoize": "^4.1.2",
     "uuid": "^9.0.1",
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vc-common": "0.19.1-feature.DIIPv4.219",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.FIDES.1.274+3d1f4edd",
+    "@sphereon/oid4vc-common": "0.19.1-next.2",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.IDK.11.49+19dd3372",
     "@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
@@ -90,5 +89,5 @@
     "OID4VCI",
     "State Machine"
   ],
-  "gitHead": "3d1f4edd13301b5e8ae524e80249b5e25f99eeac"
+  "gitHead": "19dd33727e96d37a7b9c9ff3dadcbfd2d1885d09"
 }

package/src/agent/OID4VCIHolder.ts

@@ -4,11 +4,13 @@ import {
   AuthorizationRequestOpts,
   AuthorizationServerClientOpts,
   AuthorizationServerOpts,
-  CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15,
-  CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15,
+  CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13,
+  CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13,
   CredentialOfferRequestWithBaseUrl,
   DefaultURISchemes,
   EndpointMetadataResult,
+  getTypesFromAuthorizationDetails,
+  getTypesFromCredentialOffer,
   getTypesFromObject,
   Jwt,
   NotificationRequest,
@@ -28,12 +30,12 @@ import {
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { IJwtService, JwsHeader } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'
-import { defaultHasher } from '@sphereon/ssi-sdk.core'
-import { ensureRawDocument } from '@sphereon/ssi-sdk.data-store-types'
 import {
   ConnectionType,
   CorrelationIdentifierType,
   CredentialCorrelationType,
+  CredentialRole,
+  ensureRawDocument,
   FindPartyArgs,
   IBasicCredentialLocaleBranding,
   IBasicIssuerLocaleBranding,
@@ -42,17 +44,17 @@ import {
   IIssuerLocaleBranding,
   NonPersistedIdentity,
   Party,
-} from '@sphereon/ssi-sdk.data-store-types'
+} from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
   type CredentialProofFormat,
-  CredentialRole,
   HasherSync,
   IVerifiableCredential,
   JoseSignatureAlgorithm,
   JoseSignatureAlgorithmString,
   JwtDecodedVerifiableCredential,
   Loggers,
+  OriginalVerifiableCredential,
   parseDid,
   SdJwtDecodedVerifiableCredentialPayload,
   WrappedW3CVerifiableCredential,
@@ -68,22 +70,9 @@ import {
   W3CVerifiableCredential,
 } from '@veramo/core'
 import { asArray, computeEntryHash } from '@veramo/utils'
-import fetch from 'cross-fetch'
 import { decodeJWT } from 'did-jwt'
 import { v4 as uuidv4 } from 'uuid'
 import { OID4VCIMachine } from '../machines/oid4vciMachine'
-import {
-  extractCredentialFromResponse,
-  getBasicIssuerLocaleBranding,
-  getCredentialBranding,
-  getCredentialConfigsSupportedMerged,
-  getIdentifierOpts,
-  getIssuanceOpts,
-  mapCredentialToAccept,
-  selectCredentialLocaleBranding,
-  startFirstPartApplicationMachine,
-  verifyCredentialToAccept,
-} from '../services/OID4VCIHolderService'
 import {
   AddContactIdentityArgs,
   AssertValidCredentialsArgs,
@@ -122,6 +111,19 @@ import {
   VerifyEBSICredentialIssuerArgs,
   VerifyEBSICredentialIssuerResult,
 } from '../types/IOID4VCIHolder'
+import {
+  getBasicIssuerLocaleBranding,
+  getCredentialBranding,
+  getCredentialConfigsSupportedMerged,
+  getIdentifierOpts,
+  getIssuanceOpts,
+  mapCredentialToAccept,
+  selectCredentialLocaleBranding,
+  startFirstPartApplicationMachine,
+  verifyCredentialToAccept,
+} from '../services/OID4VCIHolderService'
+import 'cross-fetch/polyfill'
+import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
 /**
  * {@inheritDoc IOID4VCIHolder}
@@ -149,7 +151,7 @@ export function signCallback(
   context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>,
   nonce?: string,
 ) {
-  return async (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => {
+  return async (jwt: Jwt, kid?: string) => {
     let resolution = await context.agent.identifierManagedGet(identifier)
     const jwk = jwt.header.jwk ?? (resolution.method === 'jwk' ? resolution.jwk : undefined)
     if (!resolution.issuer && !jwt.payload.iss) {
@@ -168,7 +170,7 @@ export function signCallback(
     }
     return (
       await context.agent.jwtCreateJwsCompactSignature({
-        issuer: { ...resolution, noIssPayloadUpdate: noIssPayloadUpdate ?? false },
+        issuer: { ...resolution, noIssPayloadUpdate: false },
         protectedHeader: header,
         payload,
       })
@@ -227,7 +229,7 @@ export class OID4VCIHolder implements IAgentPlugin {
     oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),
   }
 
-  private readonly vcFormatPreferences: Array<string> = ['dc+sd-jwt', 'vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc'] // TODO see SSISDK-52 concerning vc+sd-jwt
+  private readonly vcFormatPreferences: Array<string> = ['vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc']
   private readonly jsonldCryptographicSuitePreferences: Array<string> = [
     'Ed25519Signature2018',
     'EcdsaSecp256k1Signature2019',
@@ -398,6 +400,7 @@ export class OID4VCIHolder implements IAgentPlugin {
       formats = Array.from(new Set(authFormats))
     }
     let oid4vciClient: OpenID4VCIClient
+    let types: string[][] | undefined = undefined
     let offer: CredentialOfferRequestWithBaseUrl | undefined
     if (requestData.existingClientState) {
       oid4vciClient = await OpenID4VCIClient.fromState({ state: requestData.existingClientState })
@@ -439,23 +442,20 @@ export class OID4VCIHolder implements IAgentPlugin {
       }
     }
 
-    let configurationIds: Array<string> = []
     if (offer) {
-      configurationIds = offer.original_credential_offer.credential_configuration_ids
+      types = getTypesFromCredentialOffer(offer.original_credential_offer)
     } else {
-      configurationIds = asArray(authorizationRequestOpts.authorizationDetails)
-        .filter((authDetails): authDetails is Exclude<AuthorizationDetails, string> => typeof authDetails !== 'string')
-        .map((authReqOpts) => authReqOpts.credential_configuration_id)
-        .filter((id): id is string => !!id)
+      types = asArray(authorizationRequestOpts.authorizationDetails)
+        .map((authReqOpts) => getTypesFromAuthorizationDetails(authReqOpts) ?? [])
+        .filter((inner) => inner.length > 0)
     }
 
+    const serverMetadata = await oid4vciClient.retrieveServerMetadata()
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
       client: oid4vciClient,
       vcFormatPreferences: formats,
-      configurationIds,
+      types,
     })
-
-    const serverMetadata = await oid4vciClient.retrieveServerMetadata()
     const credentialBranding = await getCredentialBranding({ credentialsSupported, context })
     const authorizationCodeURL = oid4vciClient.authorizationURL
     if (authorizationCodeURL) {
@@ -939,8 +939,7 @@ export class OID4VCIHolder implements IAgentPlugin {
           ? 'credential_accepted_holder_signed'
           : 'credential_deleted_holder_signed'
         logger.log(`Subject issuance/signing will be used, with event`, event)
-
-        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse)
+        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
         const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })
         console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)
         // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)
@@ -1170,9 +1169,9 @@ export class OID4VCIHolder implements IAgentPlugin {
     return undefined
   }
 
-  private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 | undefined {
+  private getCredentialDefinition(issuanceOpt: IssuanceOpts): CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | undefined {
     if (issuanceOpt.format == 'ldp_vc' || issuanceOpt.format == 'jwt_vc_json-ld') {
-      return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15).credential_definition
+      return (issuanceOpt as CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13).credential_definition
     }
     return undefined
   }

package/src/machines/firstPartyMachine.ts

@@ -1,6 +1,6 @@
 import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
 import { AuthorizationChallengeCodeResponse, AuthorizationChallengeError, AuthorizationChallengeErrorResponse } from '@sphereon/oid4vci-common'
-import { DidAuthConfig } from '@sphereon/ssi-sdk.data-store-types'
+import { DidAuthConfig } from '@sphereon/ssi-sdk.data-store'
 import { CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
 import { createConfig, getSiopRequest, sendAuthorizationChallengeRequest, sendAuthorizationResponse } from '../services/FirstPartyMachineServices'
 import { translate } from '../localization/Localization'

package/src/machines/oid4vciMachine.ts

@@ -1,5 +1,5 @@
 import { AuthorizationChallengeCodeResponse, AuthzFlowType, toAuthorizationResponsePayload } from '@sphereon/oid4vci-common'
-import { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store-types'
+import { IBasicIssuerLocaleBranding, Identity, IIssuerLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store'
 import { assign, createMachine, DoneInvokeEvent, interpret } from 'xstate'
 import { translate } from '../localization/Localization'
 import {

package/src/mappers/OIDC4VCIBrandingMapper.ts

@@ -1,5 +1,5 @@
 import { CredentialsSupportedDisplay, NameAndLocale } from '@sphereon/oid4vci-common'
-import { IBasicCredentialClaim, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'
+import { IBasicCredentialClaim, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
 import { SdJwtClaimDisplayMetadata, SdJwtClaimMetadata, SdJwtClaimPath, SdJwtTypeDisplayMetadata } from '@sphereon/ssi-types'
 import {
   IssuerLocaleBrandingFromArgs,

package/src/services/OID4VCIHolderService.ts

@@ -1,15 +1,16 @@
 import { LOG } from '@sphereon/oid4vci-client'
 import {
-  AuthorizationChallengeCodeResponse,
   CredentialConfigurationSupported,
-  CredentialConfigurationSupportedSdJwtVcV1_0_15,
-  CredentialResponse,
-  CredentialResponseV1_0_15,
   CredentialSupportedSdJwtVc,
+  CredentialConfigurationSupportedSdJwtVcV1_0_13,
+  CredentialOfferFormatV1_0_11,
+  CredentialResponse,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
   getTypesFromObject,
   MetadataDisplay,
+  OpenId4VCIVersion,
+  AuthorizationChallengeCodeResponse,
 } from '@sphereon/oid4vci-common'
 import { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
@@ -22,8 +23,7 @@ import {
   managedIdentifierToJwk,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'
-import { defaultHasher } from '@sphereon/ssi-sdk.core'
-import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store-types'
+import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
   Hasher,
@@ -40,12 +40,8 @@ import {
 } from '@sphereon/ssi-types'
 import { asArray } from '@veramo/utils'
 import { translate } from '../localization/Localization'
-import { FirstPartyMachine } from '../machines/firstPartyMachine'
-import { issuerLocaleBrandingFrom, oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
-import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
 import {
   DidAgents,
-  GetBasicIssuerLocaleBrandingArgs,
   GetCredentialBrandingArgs,
   GetCredentialConfigsSupportedArgs,
   GetCredentialConfigsSupportedBySingleTypeOrIdArgs,
@@ -53,17 +49,22 @@ import {
   GetIssuanceCryptoSuiteArgs,
   GetIssuanceDidMethodArgs,
   GetIssuanceOptsArgs,
+  GetBasicIssuerLocaleBrandingArgs,
   GetPreferredCredentialFormatsArgs,
   IssuanceOpts,
   MapCredentialToAcceptArgs,
   MappedCredentialToAccept,
   OID4VCIHolderEvent,
-  RequiredContext,
   SelectAppLocaleBrandingArgs,
-  StartFirstPartApplicationMachine,
   VerificationResult,
   VerifyCredentialToAcceptArgs,
+  StartFirstPartApplicationMachine,
+  RequiredContext,
 } from '../types/IOID4VCIHolder'
+import { oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom, issuerLocaleBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
+import { FirstPartyMachine } from '../machines/firstPartyMachine'
+import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
+import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
 export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {
   const { credentialsSupported, context } = args
@@ -71,8 +72,8 @@ export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Pr
   await Promise.all(
     Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]): Promise<void> => {
       let sdJwtTypeMetadata: SdJwtTypeMetadata | undefined
-      if (credentialsConfigSupported.format === 'dc+sd-jwt') {
-        const vct = (<CredentialSupportedSdJwtVc | CredentialConfigurationSupportedSdJwtVcV1_0_15>credentialsConfigSupported).vct
+      if (credentialsConfigSupported.format === 'vc+sd-jwt') {
+        const vct = (<CredentialSupportedSdJwtVc | CredentialConfigurationSupportedSdJwtVcV1_0_13>credentialsConfigSupported).vct
         if (vct.startsWith('http')) {
           try {
             sdJwtTypeMetadata = await context.agent.fetchSdJwtTypeMetadataFromVctUrl({ vct })
@@ -152,7 +153,10 @@ export const selectCredentialLocaleBranding = async (
 export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args
 
-  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse)
+  const credential = mappedCredential.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
+  if (!credential) {
+    return Promise.reject(Error('No credential found in credential response'))
+  }
 
   const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })
   if (
@@ -201,7 +205,11 @@ export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArg
 export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Promise<MappedCredentialToAccept> => {
   const { credentialToAccept, hasher } = args
 
-  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse) as W3CVerifiableCredential
+  const credentialResponse: CredentialResponse = credentialToAccept.credentialResponse
+  const verifiableCredential: W3CVerifiableCredential | undefined = credentialResponse.credential
+  if (!verifiableCredential) {
+    return Promise.reject(Error('No credential found in credential response'))
+  }
 
   const wrappedVerifiableCredential: WrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(
     verifiableCredential as OriginalVerifiableCredential,
@@ -232,7 +240,6 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
         ? uniformVerifiableCredential.decodedPayload.iss
         : uniformVerifiableCredential.issuer.id
 
-  const credentialResponse = credentialToAccept.credentialResponse as CredentialResponseV1_0_15
   return {
     correlationId,
     credentialToAccept,
@@ -243,27 +250,6 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
   }
 }
 
-export const extractCredentialFromResponse = (credentialResponse: CredentialResponse): OriginalVerifiableCredential => {
-  let credential: OriginalVerifiableCredential | undefined
-
-  if ('credential' in credentialResponse) {
-    credential = credentialResponse.credential as OriginalVerifiableCredential
-  } else if (
-    'credentials' in credentialResponse &&
-    credentialResponse.credentials &&
-    Array.isArray(credentialResponse.credentials) &&
-    credentialResponse.credentials.length > 0
-  ) {
-    credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)
-  }
-
-  if (!credential) {
-    throw new Error('No credential found in credential response')
-  }
-
-  return credential
-}
-
 export const getIdentifierOpts = async (args: GetIdentifierArgs): Promise<ManagedIdentifierResult> => {
   const { issuanceOpt, context } = args
   const { identifier: identifierArg } = issuanceOpt
@@ -384,7 +370,7 @@ export const getCredentialConfigsSupportedBySingleTypeOrId = async (
   }
 
   if (configurationId) {
-    const allSupported = client.getCredentialsSupported(format)
+    const allSupported = client.getCredentialsSupported(false)
     return Object.fromEntries(
       Object.entries(allSupported).filter(
         ([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId,
@@ -392,15 +378,29 @@ export const getCredentialConfigsSupportedBySingleTypeOrId = async (
     )
   }
 
-  if (!client.credentialOffer) {
-    return Promise.reject(Error('openID4VCIClient has no credentialOffer'))
+  if (!types && !client.credentialOffer) {
+    return Promise.reject(Error('openID4VCIClient has no credentialOffer and no types where provided'))
+    /*} else if (!format && !client.credentialOffer) {
+    return Promise.reject(Error('openID4VCIClient has no credentialOffer and no formats where provided'))*/
   }
-  if (!types) {
-    return Promise.reject(Error('openID4VCIClient has no types'))
+  // We should always have a credential offer at this point given the above
+  if (!Array.isArray(format) && client.credentialOffer) {
+    if (
+      client.version() > OpenId4VCIVersion.VER_1_0_09 &&
+      typeof client.credentialOffer.credential_offer === 'object' &&
+      'credentials' in client.credentialOffer.credential_offer
+    ) {
+      format = client.credentialOffer.credential_offer.credentials
+        .filter((cred: CredentialOfferFormatV1_0_11 | string) => typeof cred !== 'string')
+        .map((cred: CredentialOfferFormatV1_0_11 | string) => (cred as CredentialOfferFormatV1_0_11).format)
+      if (format?.length === 0) {
+        format = undefined // Otherwise we would match nothing
+      }
+    }
   }
 
   const offerSupported = getSupportedCredentials({
-    types: [types],
+    types: types ? [types] : client.getCredentialOfferTypes(),
     format,
     version: client.version(),
     issuerMetadata: client.endpointMetadata.credentialIssuerMetadata,
@@ -580,8 +580,7 @@ export const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs):
     case 'jwt':
     case 'jwt_vc_json':
     case 'jwt_vc':
-    //case 'vc+sd-jwt': // TODO see SSISDK-52 concerning vc+sd-jwt
-    case 'dc+sd-jwt':
+    case 'vc+sd-jwt':
     case 'mso_mdoc': {
       const supportedPreferences: Array<JoseSignatureAlgorithm | JoseSignatureAlgorithmString> = jwtCryptographicSuitePreferences.filter(
         (suite: JoseSignatureAlgorithm | JoseSignatureAlgorithmString) => signing_algs_supported.includes(suite),

package/src/types/FirstPartyMachine.ts

@@ -1,11 +1,10 @@
-import { RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'
+import { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'
 import { OpenID4VCIClientState } from '@sphereon/oid4vci-client'
-import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
+import { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store'
+import { PresentationDefinitionWithLocation, RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'
 import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
-import { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store-types'
+import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
 import { IIdentifier } from '@veramo/core'
-import { DcqlQuery } from 'dcql'
-import { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'
 import { ErrorDetails, RequiredContext } from './IOID4VCIHolder'
 
 export enum FirstPartyMachineStateTypes {
@@ -150,7 +149,7 @@ export type SiopV2AuthorizationRequestData = {
   clientIdScheme?: string
   clientId?: string
   entityId?: string
-  dcqlQuery: DcqlQuery
+  presentationDefinitions?: PresentationDefinitionWithLocation[]
 }
 
 export type FirstPartyMachineNavigationArgs = {

package/src/types/IOID4VCIHolder.ts

@@ -7,7 +7,6 @@ import {
   CredentialConfigurationSupported,
   CredentialOfferRequestWithBaseUrl,
   CredentialResponse,
-  CredentialResponseV1_0_15,
   CredentialsSupportedDisplay,
   EndpointMetadataResult,
   ExperimentalSubjectIssuance,
@@ -34,7 +33,7 @@ import {
   Identity,
   IIssuerLocaleBranding,
   Party,
-} from '@sphereon/ssi-sdk.data-store-types'
+} from '@sphereon/ssi-sdk.data-store'
 import { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding'
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
@@ -378,7 +377,6 @@ export enum OID4VCIMachineGuards {
   requirePinGuard = 'oid4vciRequirePinGuard',
   requireAuthorizationGuard = 'oid4vciRequireAuthorizationGuard',
   noAuthorizationGuard = 'oid4vciNoAuthorizationGuard',
-  hasNonceEndpointGuard = 'oid4vciHasNonceEndpointGuard ',
   hasAuthorizationResponse = 'oid4vciHasAuthorizationResponse',
   hasNoContactIdentityGuard = 'oid4vciHasNoContactIdentityGuard',
   verificationCodeGuard = 'oid4vciVerificationCodeGuard',
@@ -503,7 +501,7 @@ export type CredentialToAccept = {
   id?: string
   types: string[]
   issuanceOpt: IssuanceOpts
-  credentialResponse: CredentialResponseV1_0_15 | CredentialResponse
+  credentialResponse: CredentialResponse
 }
 
 export type GetCredentialConfigsSupportedArgs = {