@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.SSISDK.26.RP.58 → 0.34.1-feature.SSISDK.44.finish.dcql.309

package/dist/index.cjs

@@ -100,6 +100,7 @@ __export(index_exports, {
   RequestType: () => RequestType,
   SupportedLanguage: () => SupportedLanguage,
   createConfig: () => createConfig,
+  extractCredentialFromResponse: () => extractCredentialFromResponse,
   getBasicIssuerLocaleBranding: () => getBasicIssuerLocaleBranding,
   getCredentialBranding: () => getCredentialBranding,
   getCredentialConfigsBasedOnFormatPref: () => getCredentialConfigsBasedOnFormatPref,
@@ -140,9 +141,10 @@ var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext6 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk_ext7 = require("@sphereon/ssi-sdk-ext.key-utils");
 var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store-types");
 var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_utils2 = require("@veramo/utils");
+var import_cross_fetch = __toESM(require("cross-fetch"), 1);
 var import_did_jwt = require("did-jwt");
 var import_uuid2 = require("uuid");
 
@@ -155,18 +157,18 @@ var import_i18n_js = __toESM(require("i18n-js"), 1);
 var import_lodash = __toESM(require("lodash.memoize"), 1);
 
 // src/types/IOID4VCIHolder.ts
-var OID4VCIHolderEvent = /* @__PURE__ */ function(OID4VCIHolderEvent2) {
+var OID4VCIHolderEvent = /* @__PURE__ */ (function(OID4VCIHolderEvent2) {
   OID4VCIHolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
   OID4VCIHolderEvent2["CREDENTIAL_STORED"] = "credential_stored";
   OID4VCIHolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
   return OID4VCIHolderEvent2;
-}({});
-var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
+})({});
+var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
   SupportedLanguage2["ENGLISH"] = "en";
   SupportedLanguage2["DUTCH"] = "nl";
   return SupportedLanguage2;
-}({});
-var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
+})({});
+var OID4VCIMachineStates = /* @__PURE__ */ (function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["start"] = "start";
   OID4VCIMachineStates2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
   OID4VCIMachineStates2["getContact"] = "getContact";
@@ -182,6 +184,7 @@ var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["selectCredentials"] = "selectCredentials";
   OID4VCIMachineStates2["transitionFromSelectingCredentials"] = "transitionFromSelectingCredentials";
   OID4VCIMachineStates2["verifyPin"] = "verifyPin";
+  OID4VCIMachineStates2["prepareAuthorizationRequest"] = "prepareAuthorizationRequest";
   OID4VCIMachineStates2["initiateAuthorizationRequest"] = "initiateAuthorizationRequest";
   OID4VCIMachineStates2["waitForAuthorizationResponse"] = "waitForAuthorizationResponse";
   OID4VCIMachineStates2["getCredentials"] = "getCredentials";
@@ -197,18 +200,18 @@ var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["error"] = "error";
   OID4VCIMachineStates2["done"] = "done";
   return OID4VCIMachineStates2;
-}({});
-var OID4VCIMachineAddContactStates = /* @__PURE__ */ function(OID4VCIMachineAddContactStates2) {
+})({});
+var OID4VCIMachineAddContactStates = /* @__PURE__ */ (function(OID4VCIMachineAddContactStates2) {
   OID4VCIMachineAddContactStates2["idle"] = "idle";
   OID4VCIMachineAddContactStates2["next"] = "next";
   return OID4VCIMachineAddContactStates2;
-}({});
-var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ function(OID4VCIMachineVerifyPinStates2) {
+})({});
+var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ (function(OID4VCIMachineVerifyPinStates2) {
   OID4VCIMachineVerifyPinStates2["idle"] = "idle";
   OID4VCIMachineVerifyPinStates2["next"] = "next";
   return OID4VCIMachineVerifyPinStates2;
-}({});
-var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
+})({});
+var OID4VCIMachineEvents = /* @__PURE__ */ (function(OID4VCIMachineEvents2) {
   OID4VCIMachineEvents2["NEXT"] = "NEXT";
   OID4VCIMachineEvents2["PREVIOUS"] = "PREVIOUS";
   OID4VCIMachineEvents2["DECLINE"] = "DECLINE";
@@ -221,8 +224,8 @@ var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
   OID4VCIMachineEvents2["INVOKED_AUTHORIZATION_CODE_REQUEST"] = "INVOKED_AUTHORIZATION_CODE_REQUEST";
   OID4VCIMachineEvents2["PROVIDE_AUTHORIZATION_CODE_RESPONSE"] = "PROVIDE_AUTHORIZATION_CODE_RESPONSE";
   return OID4VCIMachineEvents2;
-}({});
-var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
+})({});
+var OID4VCIMachineGuards = /* @__PURE__ */ (function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["hasContactGuard"] = "oid4vciHasContactGuard";
   OID4VCIMachineGuards2["hasNoContactGuard"] = "oid4vciHasNoContactGuard";
   OID4VCIMachineGuards2["credentialsToSelectRequiredGuard"] = "oid4vciCredentialsToSelectRequiredGuard";
@@ -239,13 +242,14 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["contactHasLowTrustGuard"] = "oid4vciContactHasLowTrustGuard";
   OID4VCIMachineGuards2["isFirstPartyApplication"] = "oid4vciIsFirstPartyApplication";
   return OID4VCIMachineGuards2;
-}({});
-var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
+})({});
+var OID4VCIMachineServices = /* @__PURE__ */ (function(OID4VCIMachineServices2) {
   OID4VCIMachineServices2["start"] = "start";
   OID4VCIMachineServices2["getContact"] = "getContact";
   OID4VCIMachineServices2["getFederationTrust"] = "getFederationTrust";
   OID4VCIMachineServices2["addContactIdentity"] = "addContactIdentity";
   OID4VCIMachineServices2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
+  OID4VCIMachineServices2["prepareAuthorizationRequest"] = "prepareAuthorizationRequest";
   OID4VCIMachineServices2["getIssuerBranding"] = "getIssuerBranding";
   OID4VCIMachineServices2["storeIssuerBranding"] = "storeIssuerBranding";
   OID4VCIMachineServices2["getCredentials"] = "getCredentials";
@@ -255,17 +259,17 @@ var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
   OID4VCIMachineServices2["storeCredentials"] = "storeCredentials";
   OID4VCIMachineServices2["startFirstPartApplicationFlow"] = "startFirstPartApplicationFlow";
   return OID4VCIMachineServices2;
-}({});
-var RequestType = /* @__PURE__ */ function(RequestType2) {
+})({});
+var RequestType = /* @__PURE__ */ (function(RequestType2) {
   RequestType2["OPENID_INITIATE_ISSUANCE"] = "openid-initiate-issuance";
   RequestType2["OPENID_CREDENTIAL_OFFER"] = "openid-credential-offer";
   RequestType2["URL"] = "URL";
   return RequestType2;
-}({});
-var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
+})({});
+var IdentifierAliasEnum = /* @__PURE__ */ (function(IdentifierAliasEnum2) {
   IdentifierAliasEnum2["PRIMARY"] = "primary";
   return IdentifierAliasEnum2;
-}({});
+})({});
 
 // src/localization/Localization.ts
 var Localization = class Localization2 {
@@ -307,7 +311,7 @@ var Localization = class Localization2 {
 var translate = Localization.translate;
 
 // src/types/FirstPartyMachine.ts
-var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStateTypes2) {
+var FirstPartyMachineStateTypes = /* @__PURE__ */ (function(FirstPartyMachineStateTypes2) {
   FirstPartyMachineStateTypes2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
   FirstPartyMachineStateTypes2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
   FirstPartyMachineStateTypes2["selectCredentials"] = "selectCredentials";
@@ -318,21 +322,21 @@ var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStat
   FirstPartyMachineStateTypes2["aborted"] = "aborted";
   FirstPartyMachineStateTypes2["declined"] = "declined";
   return FirstPartyMachineStateTypes2;
-}({});
-var FirstPartyMachineServices = /* @__PURE__ */ function(FirstPartyMachineServices2) {
+})({});
+var FirstPartyMachineServices = /* @__PURE__ */ (function(FirstPartyMachineServices2) {
   FirstPartyMachineServices2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
   FirstPartyMachineServices2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
   FirstPartyMachineServices2["createConfig"] = "createConfig";
   FirstPartyMachineServices2["getSiopRequest"] = "getSiopRequest";
   return FirstPartyMachineServices2;
-}({});
-var FirstPartyMachineEvents = /* @__PURE__ */ function(FirstPartyMachineEvents2) {
+})({});
+var FirstPartyMachineEvents = /* @__PURE__ */ (function(FirstPartyMachineEvents2) {
   FirstPartyMachineEvents2["NEXT"] = "NEXT";
   FirstPartyMachineEvents2["PREVIOUS"] = "PREVIOUS";
   FirstPartyMachineEvents2["DECLINE"] = "DECLINE";
   FirstPartyMachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
   return FirstPartyMachineEvents2;
-}({});
+})({});
 
 // src/machines/oid4vciMachine.ts
 var oid4vciHasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
@@ -387,9 +391,7 @@ var oid4vciRequireAuthorizationGuard = /* @__PURE__ */ __name((ctx, _event) => {
   if (!openID4VCIClientState) {
     throw Error("Missing openID4VCI client state in context");
   }
-  if (!openID4VCIClientState.authorizationURL) {
-    return false;
-  } else if (openID4VCIClientState.authorizationRequestOpts) {
+  if (openID4VCIClientState.authorizationURL && openID4VCIClientState.authorizationRequestOpts) {
     return !ctx.openID4VCIClientState?.authorizationCodeResponse;
   } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(import_oid4vci_common.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
     return !ctx.openID4VCIClientState?.authorizationCodeResponse;
@@ -440,7 +442,6 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
           onDone: {
             target: OID4VCIMachineStates.createCredentialsToSelectFrom,
             actions: (0, import_xstate.assign)({
-              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data.authorizationCodeURL, "authorizationCodeURL"),
               credentialBranding: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialBranding ?? {}, "credentialBranding"),
               credentialsSupported: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialsSupported, "credentialsSupported"),
               serverMetadata: /* @__PURE__ */ __name((_ctx, _event) => _event.data.serverMetadata, "serverMetadata"),
@@ -677,6 +678,10 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
             target: OID4VCIMachineStates.startFirstPartApplicationFlow,
             cond: OID4VCIMachineGuards.isFirstPartyApplication
           },
+          {
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
+            cond: OID4VCIMachineGuards.requireAuthorizationGuard
+          },
           {
             target: OID4VCIMachineStates.initiateAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard
@@ -752,12 +757,16 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
             target: OID4VCIMachineStates.startFirstPartApplicationFlow,
             cond: OID4VCIMachineGuards.isFirstPartyApplication
           },
+          {
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
+            cond: OID4VCIMachineGuards.requireAuthorizationGuard
+          },
           {
             target: OID4VCIMachineStates.verifyPin,
             cond: OID4VCIMachineGuards.requirePinGuard
           },
           {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard
           },
           {
@@ -765,6 +774,28 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
           }
         ]
       },
+      [OID4VCIMachineStates.prepareAuthorizationRequest]: {
+        id: OID4VCIMachineStates.prepareAuthorizationRequest,
+        invoke: {
+          src: OID4VCIMachineServices.prepareAuthorizationRequest,
+          onDone: {
+            target: OID4VCIMachineStates.initiateAuthorizationRequest,
+            actions: (0, import_xstate.assign)({
+              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data.authorizationCodeURL, "authorizationCodeURL")
+            })
+          },
+          onError: {
+            target: OID4VCIMachineStates.handleError,
+            actions: (0, import_xstate.assign)({
+              error: /* @__PURE__ */ __name((_ctx, _event) => ({
+                title: translate("oid4vci_machine_prepare_authorization_error_title"),
+                message: _event.data.message,
+                stack: _event.data.stack
+              }), "error")
+            })
+          }
+        }
+      },
       [OID4VCIMachineStates.initiateAuthorizationRequest]: {
         id: OID4VCIMachineStates.initiateAuthorizationRequest,
         on: {
@@ -1062,271 +1093,10 @@ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-resolver-jwk");
 var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.key-utils");
+var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
 var import_ssi_types = require("@sphereon/ssi-types");
 var import_utils = require("@veramo/utils");
 
-// src/mappers/OIDC4VCIBrandingMapper.ts
-var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, issuerCredentialSubject } = args;
-  return oid4vciCombineDisplayLocalesFrom({
-    ...issuerCredentialSubject && {
-      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
-        issuerCredentialSubject
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "oid4vciGetCredentialBrandingFrom");
-var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.locale || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "oid4vciCredentialDisplayLocalesFrom");
-var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerCredentialSubject } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
-    Object.entries(claim).forEach(([key, value]) => {
-      if (key === "mandatory" || key === "value_type") {
-        return;
-      }
-      if (key === "display" && Array.isArray(value)) {
-        value.forEach(({ name, locale = "" }) => {
-          if (!name) {
-            return;
-          }
-          if (!localeClaims.has(locale)) {
-            localeClaims.set(locale, []);
-          }
-          localeClaims.get(locale).push({
-            key: parentKey,
-            name
-          });
-        });
-      } else if (typeof value === "object" && value !== null) {
-        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
-      }
-    });
-  }, "processClaimObject");
-  processClaimObject(issuerCredentialSubject);
-  return localeClaims;
-}, "oid4vciIssuerCredentialSubjectLocalesFrom");
-var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.locale && {
-      locale: credentialDisplay.locale
-    },
-    ...credentialDisplay.logo && {
-      logo: {
-        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
-          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
-        },
-        ...credentialDisplay.logo.alt_text && {
-          alt: credentialDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.text_color && {
-      text: {
-        color: credentialDisplay.text_color
-      }
-    },
-    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
-      background: {
-        ...credentialDisplay.background_image && {
-          image: {
-            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
-              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
-            },
-            ...credentialDisplay.background_image.alt_text && {
-              alt: credentialDisplay.background_image?.alt_text
-            }
-          }
-        },
-        ...credentialDisplay.background_color && {
-          color: credentialDisplay.background_color
-        }
-      }
-    }
-  };
-}, "oid4vciCredentialLocaleBrandingFrom");
-var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...issuerCredentialSubjectLocales.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = issuerCredentialSubjectLocales.get(locale);
-    return {
-      ...display && await oid4vciCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "oid4vciCombineDisplayLocalesFrom");
-var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay, claimsMetadata } = args;
-  return sdJwtCombineDisplayLocalesFrom({
-    ...claimsMetadata && {
-      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
-        claimsMetadata
-      })
-    },
-    ...credentialDisplay && {
-      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
-        credentialDisplay
-      })
-    }
-  });
-}, "sdJwtGetCredentialBrandingFrom");
-var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return credentialDisplay.reduce((localeDisplays, display) => {
-    const localeKey = display.lang || "";
-    localeDisplays.set(localeKey, display);
-    return localeDisplays;
-  }, /* @__PURE__ */ new Map());
-}, "sdJwtCredentialDisplayLocalesFrom");
-var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { claimsMetadata } = args;
-  const localeClaims = /* @__PURE__ */ new Map();
-  claimsMetadata.forEach((claim) => {
-    claim.display?.forEach((display) => {
-      const { lang = "", label } = display;
-      const key = claim.path.map((value) => String(value)).join(".");
-      if (!localeClaims.has(lang)) {
-        localeClaims.set(lang, []);
-      }
-      localeClaims.get(lang).push({
-        key,
-        name: label
-      });
-    });
-  });
-  return localeClaims;
-}, "sdJwtCredentialClaimLocalesFrom");
-var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplay } = args;
-  return {
-    ...credentialDisplay.name && {
-      alias: credentialDisplay.name
-    },
-    ...credentialDisplay.lang && {
-      locale: credentialDisplay.lang
-    },
-    ...credentialDisplay.rendering?.simple?.logo && {
-      logo: {
-        ...credentialDisplay.rendering.simple.logo.uri && {
-          uri: credentialDisplay.rendering.simple.logo.uri
-        },
-        ...credentialDisplay.rendering.simple.logo.alt_text && {
-          alt: credentialDisplay.rendering.simple.logo.alt_text
-        }
-      }
-    },
-    ...credentialDisplay.description && {
-      description: credentialDisplay.description
-    },
-    ...credentialDisplay.rendering?.simple?.text_color && {
-      text: {
-        color: credentialDisplay.rendering.simple.text_color
-      }
-    },
-    ...credentialDisplay.rendering?.simple?.background_color && {
-      background: {
-        color: credentialDisplay.rendering.simple.background_color
-      }
-    }
-  };
-}, "sdJwtCredentialLocaleBrandingFrom");
-var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
-  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
-  const locales = Array.from(/* @__PURE__ */ new Set([
-    ...claimsMetadata.keys(),
-    ...credentialDisplayLocales.keys()
-  ]));
-  return Promise.all(locales.map(async (locale) => {
-    const display = credentialDisplayLocales.get(locale);
-    const claims = claimsMetadata.get(locale);
-    return {
-      ...display && await sdJwtCredentialLocaleBrandingFrom({
-        credentialDisplay: display
-      }),
-      ...locale.length > 0 && {
-        locale
-      },
-      claims
-    };
-  }));
-}, "sdJwtCombineDisplayLocalesFrom");
-var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
-  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
-  return {
-    ...dynamicRegistrationClientMetadata?.client_name && {
-      alias: dynamicRegistrationClientMetadata.client_name
-    },
-    ...issuerDisplay.name && {
-      alias: issuerDisplay.name
-    },
-    ...issuerDisplay.locale && {
-      locale: issuerDisplay.locale
-    },
-    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
-      logo: {
-        ...dynamicRegistrationClientMetadata?.logo_uri && {
-          uri: dynamicRegistrationClientMetadata?.logo_uri
-        },
-        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
-          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
-        },
-        ...issuerDisplay.logo?.alt_text && {
-          alt: issuerDisplay.logo?.alt_text
-        }
-      }
-    },
-    ...issuerDisplay.description && {
-      description: issuerDisplay.description
-    },
-    ...issuerDisplay.text_color && {
-      text: {
-        color: issuerDisplay.text_color
-      }
-    },
-    ...dynamicRegistrationClientMetadata?.client_uri && {
-      clientUri: dynamicRegistrationClientMetadata.client_uri
-    },
-    ...dynamicRegistrationClientMetadata?.tos_uri && {
-      tosUri: dynamicRegistrationClientMetadata.tos_uri
-    },
-    ...dynamicRegistrationClientMetadata?.policy_uri && {
-      policyUri: dynamicRegistrationClientMetadata.policy_uri
-    },
-    ...dynamicRegistrationClientMetadata?.contacts && {
-      contacts: dynamicRegistrationClientMetadata.contacts
-    }
-  };
-}, "issuerLocaleBrandingFrom");
-
 // src/machines/firstPartyMachine.ts
 var import_xstate2 = require("xstate");
 var import_oid4vci_common2 = require("@sphereon/oid4vci-common");
@@ -1563,57 +1333,318 @@ var FirstPartyMachine = class _FirstPartyMachine {
         _FirstPartyMachine.stopInstance();
       }
     }
-    _FirstPartyMachine._instance = void 0;
-  }
-  static stopInstance() {
-    if (!_FirstPartyMachine.hasInstance()) {
-      return;
-    }
-    _FirstPartyMachine.instance.stop();
-    _FirstPartyMachine._instance = void 0;
-  }
-  static newInstance(opts) {
-    const { agentContext } = opts;
-    const services = {
-      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
-      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
-      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
-      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
-    };
-    const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
-      services: {
-        ...services,
-        ...opts?.services
+    _FirstPartyMachine._instance = void 0;
+  }
+  static stopInstance() {
+    if (!_FirstPartyMachine.hasInstance()) {
+      return;
+    }
+    _FirstPartyMachine.instance.stop();
+    _FirstPartyMachine._instance = void 0;
+  }
+  static newInstance(opts) {
+    const { agentContext } = opts;
+    const services = {
+      [FirstPartyMachineServices.sendAuthorizationChallengeRequest]: sendAuthorizationChallengeRequest,
+      [FirstPartyMachineServices.createConfig]: (args) => createConfig(args, agentContext),
+      [FirstPartyMachineServices.getSiopRequest]: (args) => getSiopRequest(args, agentContext),
+      [FirstPartyMachineServices.sendAuthorizationResponse]: (args) => sendAuthorizationResponse(args, agentContext)
+    };
+    const newInst = (0, import_xstate2.interpret)(createFirstPartyActivationMachine(opts).withConfig({
+      services: {
+        ...services,
+        ...opts?.services
+      },
+      guards: {
+        ...opts?.guards
+      }
+    }));
+    if (typeof opts?.subscription === "function") {
+      newInst.onTransition(opts.subscription);
+    }
+    if (opts?.requireCustomNavigationHook !== true) {
+      newInst.onTransition((snapshot) => {
+        if (opts?.stateNavigationListener) {
+          void opts.stateNavigationListener(newInst, snapshot);
+        }
+      });
+    }
+    return newInst;
+  }
+  static getInstance(opts) {
+    if (!_FirstPartyMachine._instance) {
+      if (opts?.requireExisting === true) {
+        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+      }
+      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    }
+    return _FirstPartyMachine._instance;
+  }
+};
+
+// src/mappers/OIDC4VCIBrandingMapper.ts
+var oid4vciGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, issuerCredentialSubject } = args;
+  return oid4vciCombineDisplayLocalesFrom({
+    ...issuerCredentialSubject && {
+      issuerCredentialSubjectLocales: await oid4vciIssuerCredentialSubjectLocalesFrom({
+        issuerCredentialSubject
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await oid4vciCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
+    }
+  });
+}, "oid4vciGetCredentialBrandingFrom");
+var oid4vciCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return credentialDisplay.reduce((localeDisplays, display) => {
+    const localeKey = display.locale || "";
+    localeDisplays.set(localeKey, display);
+    return localeDisplays;
+  }, /* @__PURE__ */ new Map());
+}, "oid4vciCredentialDisplayLocalesFrom");
+var oid4vciIssuerCredentialSubjectLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerCredentialSubject } = args;
+  const localeClaims = /* @__PURE__ */ new Map();
+  const processClaimObject = /* @__PURE__ */ __name((claim, parentKey = "") => {
+    Object.entries(claim).forEach(([key, value]) => {
+      if (key === "mandatory" || key === "value_type") {
+        return;
+      }
+      if (key === "display" && Array.isArray(value)) {
+        value.forEach(({ name, locale = "" }) => {
+          if (!name) {
+            return;
+          }
+          if (!localeClaims.has(locale)) {
+            localeClaims.set(locale, []);
+          }
+          localeClaims.get(locale).push({
+            key: parentKey,
+            name
+          });
+        });
+      } else if (typeof value === "object" && value !== null) {
+        processClaimObject(value, parentKey ? `${parentKey}.${key}` : key);
+      }
+    });
+  }, "processClaimObject");
+  processClaimObject(issuerCredentialSubject);
+  return localeClaims;
+}, "oid4vciIssuerCredentialSubjectLocalesFrom");
+var oid4vciCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return {
+    ...credentialDisplay.name && {
+      alias: credentialDisplay.name
+    },
+    ...credentialDisplay.locale && {
+      locale: credentialDisplay.locale
+    },
+    ...credentialDisplay.logo && {
+      logo: {
+        ...(credentialDisplay.logo.url || credentialDisplay.logo.uri) && {
+          uri: credentialDisplay.logo?.url ?? credentialDisplay.logo.uri
+        },
+        ...credentialDisplay.logo.alt_text && {
+          alt: credentialDisplay.logo?.alt_text
+        }
+      }
+    },
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.text_color && {
+      text: {
+        color: credentialDisplay.text_color
+      }
+    },
+    ...(credentialDisplay.background_image || credentialDisplay.background_color) && {
+      background: {
+        ...credentialDisplay.background_image && {
+          image: {
+            ...(credentialDisplay.background_image.url || credentialDisplay.background_image.uri) && {
+              uri: credentialDisplay.background_image?.url ?? credentialDisplay.background_image.uri
+            },
+            ...credentialDisplay.background_image.alt_text && {
+              alt: credentialDisplay.background_image?.alt_text
+            }
+          }
+        },
+        ...credentialDisplay.background_color && {
+          color: credentialDisplay.background_color
+        }
+      }
+    }
+  };
+}, "oid4vciCredentialLocaleBrandingFrom");
+var oid4vciCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), issuerCredentialSubjectLocales = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...issuerCredentialSubjectLocales.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = issuerCredentialSubjectLocales.get(locale);
+    return {
+      ...display && await oid4vciCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
       },
-      guards: {
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      newInst.onTransition(opts.subscription);
+      claims
+    };
+  }));
+}, "oid4vciCombineDisplayLocalesFrom");
+var sdJwtGetCredentialBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay, claimsMetadata } = args;
+  return sdJwtCombineDisplayLocalesFrom({
+    ...claimsMetadata && {
+      claimsMetadata: await sdJwtCredentialClaimLocalesFrom({
+        claimsMetadata
+      })
+    },
+    ...credentialDisplay && {
+      credentialDisplayLocales: await sdJwtCredentialDisplayLocalesFrom({
+        credentialDisplay
+      })
     }
-    if (opts?.requireCustomNavigationHook !== true) {
-      newInst.onTransition((snapshot) => {
-        if (opts?.stateNavigationListener) {
-          void opts.stateNavigationListener(newInst, snapshot);
-        }
+  });
+}, "sdJwtGetCredentialBrandingFrom");
+var sdJwtCredentialDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return credentialDisplay.reduce((localeDisplays, display) => {
+    const localeKey = display.lang || "";
+    localeDisplays.set(localeKey, display);
+    return localeDisplays;
+  }, /* @__PURE__ */ new Map());
+}, "sdJwtCredentialDisplayLocalesFrom");
+var sdJwtCredentialClaimLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { claimsMetadata } = args;
+  const localeClaims = /* @__PURE__ */ new Map();
+  claimsMetadata.forEach((claim) => {
+    claim.display?.forEach((display) => {
+      const { lang = "", label } = display;
+      const key = claim.path.map((value) => String(value)).join(".");
+      if (!localeClaims.has(lang)) {
+        localeClaims.set(lang, []);
+      }
+      localeClaims.get(lang).push({
+        key,
+        name: label
       });
+    });
+  });
+  return localeClaims;
+}, "sdJwtCredentialClaimLocalesFrom");
+var sdJwtCredentialLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplay } = args;
+  return {
+    ...credentialDisplay.name && {
+      alias: credentialDisplay.name
+    },
+    ...credentialDisplay.lang && {
+      locale: credentialDisplay.lang
+    },
+    ...credentialDisplay.rendering?.simple?.logo && {
+      logo: {
+        ...credentialDisplay.rendering.simple.logo.uri && {
+          uri: credentialDisplay.rendering.simple.logo.uri
+        },
+        ...credentialDisplay.rendering.simple.logo.alt_text && {
+          alt: credentialDisplay.rendering.simple.logo.alt_text
+        }
+      }
+    },
+    ...credentialDisplay.description && {
+      description: credentialDisplay.description
+    },
+    ...credentialDisplay.rendering?.simple?.text_color && {
+      text: {
+        color: credentialDisplay.rendering.simple.text_color
+      }
+    },
+    ...credentialDisplay.rendering?.simple?.background_color && {
+      background: {
+        color: credentialDisplay.rendering.simple.background_color
+      }
     }
-    return newInst;
-  }
-  static getInstance(opts) {
-    if (!_FirstPartyMachine._instance) {
-      if (opts?.requireExisting === true) {
-        throw Error(`Existing FirstPartyMachine instance requested, but none was created at this point!`);
+  };
+}, "sdJwtCredentialLocaleBrandingFrom");
+var sdJwtCombineDisplayLocalesFrom = /* @__PURE__ */ __name(async (args) => {
+  const { credentialDisplayLocales = /* @__PURE__ */ new Map(), claimsMetadata = /* @__PURE__ */ new Map() } = args;
+  const locales = Array.from(/* @__PURE__ */ new Set([
+    ...claimsMetadata.keys(),
+    ...credentialDisplayLocales.keys()
+  ]));
+  return Promise.all(locales.map(async (locale) => {
+    const display = credentialDisplayLocales.get(locale);
+    const claims = claimsMetadata.get(locale);
+    return {
+      ...display && await sdJwtCredentialLocaleBrandingFrom({
+        credentialDisplay: display
+      }),
+      ...locale.length > 0 && {
+        locale
+      },
+      claims
+    };
+  }));
+}, "sdJwtCombineDisplayLocalesFrom");
+var issuerLocaleBrandingFrom = /* @__PURE__ */ __name(async (args) => {
+  const { issuerDisplay, dynamicRegistrationClientMetadata } = args;
+  return {
+    ...dynamicRegistrationClientMetadata?.client_name && {
+      alias: dynamicRegistrationClientMetadata.client_name
+    },
+    ...issuerDisplay.name && {
+      alias: issuerDisplay.name
+    },
+    ...issuerDisplay.locale && {
+      locale: issuerDisplay.locale
+    },
+    ...(issuerDisplay.logo || dynamicRegistrationClientMetadata?.logo_uri) && {
+      logo: {
+        ...dynamicRegistrationClientMetadata?.logo_uri && {
+          uri: dynamicRegistrationClientMetadata?.logo_uri
+        },
+        ...(issuerDisplay.logo?.url || issuerDisplay.logo?.uri) && {
+          uri: issuerDisplay.logo?.url ?? issuerDisplay.logo?.uri
+        },
+        ...issuerDisplay.logo?.alt_text && {
+          alt: issuerDisplay.logo?.alt_text
+        }
       }
-      _FirstPartyMachine._instance = _FirstPartyMachine.newInstance(opts);
+    },
+    ...issuerDisplay.description && {
+      description: issuerDisplay.description
+    },
+    ...issuerDisplay.text_color && {
+      text: {
+        color: issuerDisplay.text_color
+      }
+    },
+    ...dynamicRegistrationClientMetadata?.client_uri && {
+      clientUri: dynamicRegistrationClientMetadata.client_uri
+    },
+    ...dynamicRegistrationClientMetadata?.tos_uri && {
+      tosUri: dynamicRegistrationClientMetadata.tos_uri
+    },
+    ...dynamicRegistrationClientMetadata?.policy_uri && {
+      policyUri: dynamicRegistrationClientMetadata.policy_uri
+    },
+    ...dynamicRegistrationClientMetadata?.contacts && {
+      contacts: dynamicRegistrationClientMetadata.contacts
     }
-    return _FirstPartyMachine._instance;
-  }
-};
+  };
+}, "issuerLocaleBrandingFrom");
 
 // src/services/OID4VCIHolderService.ts
-var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
 var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
   const { credentialsSupported, context } = args;
   const credentialBranding = {};
@@ -1685,16 +1716,7 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credentialResponse = mappedCredential.credentialToAccept.credentialResponse;
-  let credential;
-  if ("credential" in credentialResponse) {
-    credential = credentialResponse.credential;
-  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-    credential = credentialResponse.credentials[0].credential;
-  }
-  if (!credential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse);
   const wrappedVC = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
     hasher: hasher ?? import_ssi_sdk.defaultHasher
   });
@@ -1746,22 +1768,13 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 }, "verifyCredentialToAccept");
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
-  const credentialResponse = credentialToAccept.credentialResponse;
-  let verifiableCredential;
-  if ("credential" in credentialResponse) {
-    verifiableCredential = credentialResponse.credential;
-  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-    verifiableCredential = credentialResponse.credentials[0].credential;
-  }
-  if (!verifiableCredential) {
-    return Promise.reject(Error("No credential found in credential response"));
-  }
+  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse);
   const wrappedVerifiableCredential = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(verifiableCredential, {
     hasher
   });
   let uniformVerifiableCredential;
   if (import_ssi_types.CredentialMapper.isSdJwtDecodedCredential(wrappedVerifiableCredential.credential)) {
-    uniformVerifiableCredential = await (0, import_ssi_types.sdJwtDecodedCredentialToUniformCredential)(wrappedVerifiableCredential.credential);
+    uniformVerifiableCredential = (0, import_ssi_types.sdJwtDecodedCredentialToUniformCredential)(wrappedVerifiableCredential.credential);
   } else if (import_ssi_types.CredentialMapper.isSdJwtEncoded(wrappedVerifiableCredential.credential)) {
     if (!hasher) {
       return Promise.reject("a hasher is required for encoded SD-JWT credentials");
@@ -1775,6 +1788,7 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     uniformVerifiableCredential = wrappedVerifiableCredential.credential;
   }
   const correlationId = typeof uniformVerifiableCredential.issuer === "string" ? uniformVerifiableCredential.issuer : import_ssi_types.CredentialMapper.isSdJwtDecodedCredential(uniformVerifiableCredential) ? uniformVerifiableCredential.decodedPayload.iss : uniformVerifiableCredential.issuer.id;
+  const credentialResponse = credentialToAccept.credentialResponse;
   return {
     correlationId,
     credentialToAccept,
@@ -1786,6 +1800,18 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
     }
   };
 }, "mapCredentialToAccept");
+var extractCredentialFromResponse = /* @__PURE__ */ __name((credentialResponse) => {
+  let credential;
+  if ("credential" in credentialResponse) {
+    credential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    credential = credentialResponse.credentials[0].credential;
+  }
+  if (!credential) {
+    throw new Error("No credential found in credential response");
+  }
+  return credential;
+}, "extractCredentialFromResponse");
 var getIdentifierOpts = /* @__PURE__ */ __name(async (args) => {
   const { issuanceOpt, context } = args;
   const { identifier: identifierArg } = issuanceOpt;
@@ -1894,24 +1920,19 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
   }
   __name(createIdFromTypes, "createIdFromTypes");
   if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(false);
+    const allSupported2 = client.getCredentialsSupported(void 0, format);
     return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
   }
-  if (!types && !client.credentialOffer) {
-    return Promise.reject(Error("openID4VCIClient has no credentialOffer and no types where provided"));
+  if (!client.credentialOffer) {
+    return Promise.reject(Error("openID4VCIClient has no credentialOffer"));
   }
-  if (!Array.isArray(format) && client.credentialOffer) {
-    if (client.version() > import_oid4vci_common3.OpenId4VCIVersion.VER_1_0_09 && typeof client.credentialOffer.credential_offer === "object" && "credentials" in client.credentialOffer.credential_offer) {
-      format = client.credentialOffer.credential_offer.credentials.filter((cred) => typeof cred !== "string").map((cred) => cred.format);
-      if (format?.length === 0) {
-        format = void 0;
-      }
-    }
+  if (!types) {
+    return Promise.reject(Error("openID4VCIClient has no types"));
   }
   const offerSupported = (0, import_oid4vci_common3.getSupportedCredentials)({
-    types: types ? [
+    types: [
       types
-    ] : client.getCredentialOfferTypes(),
+    ],
     format,
     version: client.version(),
     issuerMetadata: client.endpointMetadata.credentialIssuerMetadata
@@ -2086,7 +2107,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
-    case "vc+sd-jwt":
+    //case 'vc+sd-jwt': // TODO see SSISDK-52 concerning vc+sd-jwt
     case "dc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
@@ -2155,7 +2176,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 }, "startFirstPartApplicationMachine");
 
 // src/agent/OID4VCIHolder.ts
-var import_polyfill = require("cross-fetch/polyfill");
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2211,6 +2231,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     oid4vciHolderStart: this.oid4vciHolderStart.bind(this),
     oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),
     oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),
+    oid4vciHolderPrepareAuthorizationRequest: this.oid4vciHolderPrepareAuthorizationRequest.bind(this),
     oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),
     oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),
     oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),
@@ -2315,6 +2336,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
         stateNavigationListener: opts.firstPartyStateNavigationListener
       }, context),
       [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
+      [OID4VCIMachineServices.prepareAuthorizationRequest]: (args) => this.oid4vciHolderPrepareAuthorizationRequest(args, context),
       [OID4VCIMachineServices.getContact]: (args) => this.oid4vciHolderGetContact(args, context),
       [OID4VCIMachineServices.getCredentials]: (args) => this.oid4vciHolderGetCredentials({
         accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts,
@@ -2376,10 +2398,9 @@ var OID4VCIHolder = class _OID4VCIHolder {
       formats = Array.from(new Set(authFormats));
     }
     let oid4vciClient;
-    let types = void 0;
     let offer;
     if (requestData.existingClientState) {
-      oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+      oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromState({
         state: requestData.existingClientState
       });
       offer = oid4vciClient.credentialOffer;
@@ -2396,50 +2417,76 @@ var OID4VCIHolder = class _OID4VCIHolder {
       }
       if (!offer) {
         logger.log(`Issuer url received (no credential offer): ${uri}`);
-        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromCredentialIssuer({
+        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromCredentialIssuer({
           credentialIssuer: uri,
           authorizationRequest: authorizationRequestOpts,
           clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
+          createAuthorizationRequestURL: false
         });
       } else {
         logger.log(`Credential offer received: ${uri}`);
-        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromURI({
+        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromURI({
           uri,
           authorizationRequest: authorizationRequestOpts,
           clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
+          createAuthorizationRequestURL: false
         });
       }
     }
+    let configurationIds = [];
     if (offer) {
-      types = (0, import_oid4vci_common4.getTypesFromCredentialOffer)(offer.original_credential_offer);
+      configurationIds = offer.original_credential_offer.credential_configuration_ids;
     } else {
-      types = (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails).map((authReqOpts) => (0, import_oid4vci_common4.getTypesFromAuthorizationDetails)(authReqOpts) ?? []).filter((inner) => inner.length > 0);
+      configurationIds = (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails).filter((authDetails) => typeof authDetails !== "string").map((authReqOpts) => authReqOpts.credential_configuration_id).filter((id) => !!id);
     }
-    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
       client: oid4vciClient,
       vcFormatPreferences: formats,
-      types
+      configurationIds
     });
+    const serverMetadata = await oid4vciClient.retrieveServerMetadata();
     const credentialBranding = await getCredentialBranding({
       credentialsSupported,
       context
     });
-    const authorizationCodeURL = oid4vciClient.authorizationURL;
-    if (authorizationCodeURL) {
-      logger.log(`authorization code URL ${authorizationCodeURL}`);
-    }
     const oid4vciClientState = JSON.parse(await oid4vciClient.exportState());
     return {
-      authorizationCodeURL,
       credentialBranding,
       credentialsSupported,
       serverMetadata,
       oid4vciClientState
     };
   }
+  async oid4vciHolderPrepareAuthorizationRequest(args, context) {
+    const { openID4VCIClientState, contact } = args;
+    if (!openID4VCIClientState) {
+      return Promise.reject(Error("Missing openID4VCI client state in context"));
+    }
+    const clientId = contact?.identities.map((identity) => {
+      const connectionConfig = identity.connection?.config;
+      if (connectionConfig && "clientId" in connectionConfig) {
+        return connectionConfig.clientId;
+      }
+      return void 0;
+    }).find((clientId2) => clientId2);
+    if (!clientId) {
+      return Promise.reject(Error(`Missing client id in contact's connectionConfig`));
+    }
+    const client = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+      state: openID4VCIClientState
+    });
+    const authorizationCodeURL = await client.createAuthorizationRequestUrl({
+      authorizationRequest: {
+        clientId
+      }
+    });
+    if (authorizationCodeURL) {
+      logger.log(`authorization code URL ${authorizationCodeURL}`);
+    }
+    return {
+      authorizationCodeURL
+    };
+  }
   async oid4vciHolderCreateCredentialsToSelectFrom(args, context) {
     const { credentialBranding, locale, selectedCredentials, credentialsSupported } = args;
     logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(", ")}`);
@@ -2511,7 +2558,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (!openID4VCIClientState) {
       return Promise.reject(Error("Missing openID4VCI client state in context"));
     }
-    const client = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+    const client = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromState({
       state: openID4VCIClientState
     });
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
@@ -2650,7 +2697,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       alias: credentialsToAccept[0].correlationId,
       origin: import_ssi_sdk3.IdentityOrigin.EXTERNAL,
       roles: [
-        import_ssi_sdk3.CredentialRole.ISSUER
+        import_ssi_types2.CredentialRole.ISSUER
       ],
       identifier: {
         type: identifierType,
@@ -2685,7 +2732,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   }
   async oid4vciHolderGetIssuerBranding(args, context) {
     const { serverMetadata, contact } = args;
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_types2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     if (issuerCorrelationId) {
       const branding = await context.agent.ibGetIssuerBranding({
         filter: [
@@ -2715,7 +2762,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (!contact) {
       return Promise.reject(Error("Missing contact in context"));
     }
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_types2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     const branding = await context.agent.ibGetIssuerBranding({
       filter: [
         {
@@ -2811,16 +2858,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse;
-        let issuerVC;
-        if ("credential" in credentialResponse) {
-          issuerVC = credentialResponse.credential;
-        } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
-          issuerVC = credentialResponse.credentials[0].credential;
-        }
-        if (!issuerVC) {
-          return Promise.reject(Error("No credential found in credential response"));
-        }
+        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse);
         const wrappedIssuerVC = import_ssi_types2.CredentialMapper.toWrappedVerifiableCredential(issuerVC, {
           hasher: this.hasher ?? import_ssi_sdk2.defaultHasher
         });
@@ -2926,7 +2964,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
           rawDocument: (0, import_ssi_sdk3.ensureRawDocument)(persistCredential),
           kmsKeyRef,
           identifierMethod: method,
-          credentialRole: import_ssi_sdk3.CredentialRole.HOLDER,
+          credentialRole: import_ssi_types2.CredentialRole.HOLDER,
           issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk3.CredentialCorrelationType.DID : import_ssi_sdk3.CredentialCorrelationType.URL,
           issuerCorrelationId: issuer,
           subjectCorrelationType,