@sphereon/ssi-sdk.oid4vci-holder 0.34.1-next.299 → 0.34.1-next.322

package/dist/index.cjs

@@ -142,7 +142,6 @@ var import_ssi_sdk_ext6 = require("@sphereon/ssi-sdk-ext.identifier-resolution")
 var import_ssi_sdk_ext7 = require("@sphereon/ssi-sdk-ext.key-utils");
 var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
 var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store-types");
-var import_ssi_sdk4 = require("@sphereon/ssi-sdk.data-store-types");
 var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_utils2 = require("@veramo/utils");
 var import_cross_fetch = __toESM(require("cross-fetch"), 1);
@@ -185,6 +184,7 @@ var OID4VCIMachineStates = /* @__PURE__ */ (function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["selectCredentials"] = "selectCredentials";
   OID4VCIMachineStates2["transitionFromSelectingCredentials"] = "transitionFromSelectingCredentials";
   OID4VCIMachineStates2["verifyPin"] = "verifyPin";
+  OID4VCIMachineStates2["prepareAuthorizationRequest"] = "prepareAuthorizationRequest";
   OID4VCIMachineStates2["initiateAuthorizationRequest"] = "initiateAuthorizationRequest";
   OID4VCIMachineStates2["waitForAuthorizationResponse"] = "waitForAuthorizationResponse";
   OID4VCIMachineStates2["getCredentials"] = "getCredentials";
@@ -249,6 +249,7 @@ var OID4VCIMachineServices = /* @__PURE__ */ (function(OID4VCIMachineServices2)
   OID4VCIMachineServices2["getFederationTrust"] = "getFederationTrust";
   OID4VCIMachineServices2["addContactIdentity"] = "addContactIdentity";
   OID4VCIMachineServices2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
+  OID4VCIMachineServices2["prepareAuthorizationRequest"] = "prepareAuthorizationRequest";
   OID4VCIMachineServices2["getIssuerBranding"] = "getIssuerBranding";
   OID4VCIMachineServices2["storeIssuerBranding"] = "storeIssuerBranding";
   OID4VCIMachineServices2["getCredentials"] = "getCredentials";
@@ -390,9 +391,7 @@ var oid4vciRequireAuthorizationGuard = /* @__PURE__ */ __name((ctx, _event) => {
   if (!openID4VCIClientState) {
     throw Error("Missing openID4VCI client state in context");
   }
-  if (!openID4VCIClientState.authorizationURL) {
-    return false;
-  } else if (openID4VCIClientState.authorizationRequestOpts) {
+  if (openID4VCIClientState.authorizationURL && openID4VCIClientState.authorizationRequestOpts) {
     return !ctx.openID4VCIClientState?.authorizationCodeResponse;
   } else if (openID4VCIClientState.credentialOffer?.supportedFlows?.includes(import_oid4vci_common.AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
     return !ctx.openID4VCIClientState?.authorizationCodeResponse;
@@ -443,7 +442,6 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
           onDone: {
             target: OID4VCIMachineStates.createCredentialsToSelectFrom,
             actions: (0, import_xstate.assign)({
-              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data.authorizationCodeURL, "authorizationCodeURL"),
               credentialBranding: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialBranding ?? {}, "credentialBranding"),
               credentialsSupported: /* @__PURE__ */ __name((_ctx, _event) => _event.data.credentialsSupported, "credentialsSupported"),
               serverMetadata: /* @__PURE__ */ __name((_ctx, _event) => _event.data.serverMetadata, "serverMetadata"),
@@ -680,6 +678,10 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
             target: OID4VCIMachineStates.startFirstPartApplicationFlow,
             cond: OID4VCIMachineGuards.isFirstPartyApplication
           },
+          {
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
+            cond: OID4VCIMachineGuards.requireAuthorizationGuard
+          },
           {
             target: OID4VCIMachineStates.initiateAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard
@@ -755,12 +757,16 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
             target: OID4VCIMachineStates.startFirstPartApplicationFlow,
             cond: OID4VCIMachineGuards.isFirstPartyApplication
           },
+          {
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
+            cond: OID4VCIMachineGuards.requireAuthorizationGuard
+          },
           {
             target: OID4VCIMachineStates.verifyPin,
             cond: OID4VCIMachineGuards.requirePinGuard
           },
           {
-            target: OID4VCIMachineStates.initiateAuthorizationRequest,
+            target: OID4VCIMachineStates.prepareAuthorizationRequest,
             cond: OID4VCIMachineGuards.requireAuthorizationGuard
           },
           {
@@ -768,6 +774,28 @@ var createOID4VCIMachine = /* @__PURE__ */ __name((opts) => {
           }
         ]
       },
+      [OID4VCIMachineStates.prepareAuthorizationRequest]: {
+        id: OID4VCIMachineStates.prepareAuthorizationRequest,
+        invoke: {
+          src: OID4VCIMachineServices.prepareAuthorizationRequest,
+          onDone: {
+            target: OID4VCIMachineStates.initiateAuthorizationRequest,
+            actions: (0, import_xstate.assign)({
+              authorizationCodeURL: /* @__PURE__ */ __name((_ctx, _event) => _event.data.authorizationCodeURL, "authorizationCodeURL")
+            })
+          },
+          onError: {
+            target: OID4VCIMachineStates.handleError,
+            actions: (0, import_xstate.assign)({
+              error: /* @__PURE__ */ __name((_ctx, _event) => ({
+                title: translate("oid4vci_machine_prepare_authorization_error_title"),
+                message: _event.data.message,
+                stack: _event.data.stack
+              }), "error")
+            })
+          }
+        }
+      },
       [OID4VCIMachineStates.initiateAuthorizationRequest]: {
         id: OID4VCIMachineStates.initiateAuthorizationRequest,
         on: {
@@ -1746,7 +1774,7 @@ var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   });
   let uniformVerifiableCredential;
   if (import_ssi_types.CredentialMapper.isSdJwtDecodedCredential(wrappedVerifiableCredential.credential)) {
-    uniformVerifiableCredential = await (0, import_ssi_types.sdJwtDecodedCredentialToUniformCredential)(wrappedVerifiableCredential.credential);
+    uniformVerifiableCredential = (0, import_ssi_types.sdJwtDecodedCredentialToUniformCredential)(wrappedVerifiableCredential.credential);
   } else if (import_ssi_types.CredentialMapper.isSdJwtEncoded(wrappedVerifiableCredential.credential)) {
     if (!hasher) {
       return Promise.reject("a hasher is required for encoded SD-JWT credentials");
@@ -1892,7 +1920,7 @@ var getCredentialConfigsSupportedBySingleTypeOrId = /* @__PURE__ */ __name(async
   }
   __name(createIdFromTypes, "createIdFromTypes");
   if (configurationId) {
-    const allSupported2 = client.getCredentialsSupported(format);
+    const allSupported2 = client.getCredentialsSupported(void 0, format);
     return Object.fromEntries(Object.entries(allSupported2).filter(([id, supported]) => id === configurationId || supported.id === configurationId || createIdFromTypes(supported) === configurationId));
   }
   if (!client.credentialOffer) {
@@ -2203,6 +2231,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     oid4vciHolderStart: this.oid4vciHolderStart.bind(this),
     oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),
     oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),
+    oid4vciHolderPrepareAuthorizationRequest: this.oid4vciHolderPrepareAuthorizationRequest.bind(this),
     oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),
     oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),
     oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),
@@ -2307,6 +2336,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
         stateNavigationListener: opts.firstPartyStateNavigationListener
       }, context),
       [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
+      [OID4VCIMachineServices.prepareAuthorizationRequest]: (args) => this.oid4vciHolderPrepareAuthorizationRequest(args, context),
       [OID4VCIMachineServices.getContact]: (args) => this.oid4vciHolderGetContact(args, context),
       [OID4VCIMachineServices.getCredentials]: (args) => this.oid4vciHolderGetCredentials({
         accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts,
@@ -2355,7 +2385,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
       ...this.defaultAuthorizationRequestOpts,
       ...args.authorizationRequestOpts
     };
-    authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails ? (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails).filter((detail) => typeof detail === "string" || this.vcFormatPreferences.includes(detail.format)) : void 0;
+    authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails ? (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails) : void 0;
     if (!authorizationRequestOpts.redirectUri) {
       authorizationRequestOpts.redirectUri = _OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI;
     }
@@ -2370,7 +2400,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     let oid4vciClient;
     let offer;
     if (requestData.existingClientState) {
-      oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+      oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromState({
         state: requestData.existingClientState
       });
       offer = oid4vciClient.credentialOffer;
@@ -2387,19 +2417,19 @@ var OID4VCIHolder = class _OID4VCIHolder {
       }
       if (!offer) {
         logger.log(`Issuer url received (no credential offer): ${uri}`);
-        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromCredentialIssuer({
+        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromCredentialIssuer({
           credentialIssuer: uri,
           authorizationRequest: authorizationRequestOpts,
           clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
+          createAuthorizationRequestURL: false
         });
       } else {
         logger.log(`Credential offer received: ${uri}`);
-        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClient.fromURI({
+        oid4vciClient = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromURI({
           uri,
           authorizationRequest: authorizationRequestOpts,
           clientId: authorizationRequestOpts.clientId,
-          createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true
+          createAuthorizationRequestURL: false
         });
       }
     }
@@ -2407,7 +2437,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (offer) {
       configurationIds = offer.original_credential_offer.credential_configuration_ids;
     } else {
-      configurationIds = (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails).filter((authDetails) => typeof authDetails !== "string").map((authReqOpts) => authReqOpts.credential_configuration_id).filter((id) => !!id);
+      configurationIds = (0, import_utils2.asArray)(authorizationRequestOpts.authorizationDetails).map((authReqOpts) => authReqOpts.credential_configuration_id).filter((id) => !!id);
     }
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
       client: oid4vciClient,
@@ -2419,19 +2449,44 @@ var OID4VCIHolder = class _OID4VCIHolder {
       credentialsSupported,
       context
     });
-    const authorizationCodeURL = oid4vciClient.authorizationURL;
-    if (authorizationCodeURL) {
-      logger.log(`authorization code URL ${authorizationCodeURL}`);
-    }
     const oid4vciClientState = JSON.parse(await oid4vciClient.exportState());
     return {
-      authorizationCodeURL,
       credentialBranding,
       credentialsSupported,
       serverMetadata,
       oid4vciClientState
     };
   }
+  async oid4vciHolderPrepareAuthorizationRequest(args, context) {
+    const { openID4VCIClientState, contact } = args;
+    if (!openID4VCIClientState) {
+      return Promise.reject(Error("Missing openID4VCI client state in context"));
+    }
+    const clientId = contact?.identities.map((identity) => {
+      const connectionConfig = identity.connection?.config;
+      if (connectionConfig && "clientId" in connectionConfig) {
+        return connectionConfig.clientId;
+      }
+      return void 0;
+    }).find((clientId2) => clientId2);
+    if (!clientId) {
+      return Promise.reject(Error(`Missing client id in contact's connectionConfig`));
+    }
+    const client = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+      state: openID4VCIClientState
+    });
+    const authorizationCodeURL = await client.createAuthorizationRequestUrl({
+      authorizationRequest: {
+        clientId
+      }
+    });
+    if (authorizationCodeURL) {
+      logger.log(`authorization code URL ${authorizationCodeURL}`);
+    }
+    return {
+      authorizationCodeURL
+    };
+  }
   async oid4vciHolderCreateCredentialsToSelectFrom(args, context) {
     const { credentialBranding, locale, selectedCredentials, credentialsSupported } = args;
     logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(", ")}`);
@@ -2503,7 +2558,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (!openID4VCIClientState) {
       return Promise.reject(Error("Missing openID4VCI client state in context"));
     }
-    const client = await import_oid4vci_client3.OpenID4VCIClient.fromState({
+    const client = await import_oid4vci_client3.OpenID4VCIClientV1_0_15.fromState({
       state: openID4VCIClientState
     });
     const credentialsSupported = await getCredentialConfigsSupportedMerged({
@@ -2631,16 +2686,16 @@ var OID4VCIHolder = class _OID4VCIHolder {
       return Promise.reject(Error("Missing credential offers in context"));
     }
     let correlationId = credentialsToAccept[0].correlationId;
-    let identifierType = import_ssi_sdk4.CorrelationIdentifierType.DID;
+    let identifierType = import_ssi_sdk3.CorrelationIdentifierType.DID;
     if (!correlationId.toLowerCase().startsWith("did:")) {
-      identifierType = import_ssi_sdk4.CorrelationIdentifierType.URL;
+      identifierType = import_ssi_sdk3.CorrelationIdentifierType.URL;
       if (correlationId.startsWith("http")) {
         correlationId = new URL(correlationId).hostname;
       }
     }
     const identity = {
       alias: credentialsToAccept[0].correlationId,
-      origin: import_ssi_sdk4.IdentityOrigin.EXTERNAL,
+      origin: import_ssi_sdk3.IdentityOrigin.EXTERNAL,
       roles: [
         import_ssi_types2.CredentialRole.ISSUER
       ],
@@ -2648,9 +2703,9 @@ var OID4VCIHolder = class _OID4VCIHolder {
         type: identifierType,
         correlationId
       },
-      ...identifierType === import_ssi_sdk4.CorrelationIdentifierType.URL && {
+      ...identifierType === import_ssi_sdk3.CorrelationIdentifierType.URL && {
         connection: {
-          type: import_ssi_sdk4.ConnectionType.OPENID_CONNECT,
+          type: import_ssi_sdk3.ConnectionType.OPENID_CONNECT,
           config: {
             clientId: "138d7bf8-c930-4c6e-b928-97d3a4928b01",
             clientSecret: "03b3955f-d020-4f2a-8a27-4e452d4e27a0",
@@ -2910,7 +2965,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
           kmsKeyRef,
           identifierMethod: method,
           credentialRole: import_ssi_types2.CredentialRole.HOLDER,
-          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk4.CredentialCorrelationType.DID : import_ssi_sdk4.CredentialCorrelationType.URL,
+          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk3.CredentialCorrelationType.DID : import_ssi_sdk3.CredentialCorrelationType.URL,
           issuerCorrelationId: issuer,
           subjectCorrelationType,
           subjectCorrelationId
@@ -2978,12 +3033,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "did":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierDidResult)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             identifier.did
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             typeof identifier.identifier === "string" ? identifier.identifier : identifier.identifier.did
           ];
         }
@@ -2991,12 +3046,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "kid":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierKidResult)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.kid
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.identifier
           ];
         }
@@ -3004,19 +3059,19 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "x5c":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierX5cResult)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.x5c.join("\r\n")
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierX5cOpts)(identifier)) {
           return [
-            import_ssi_sdk4.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.identifier.join("\r\n")
           ];
         }
         break;
     }
     return [
-      import_ssi_sdk4.CredentialCorrelationType.URL,
+      import_ssi_sdk3.CredentialCorrelationType.URL,
       issuer
     ];
   }
@@ -3075,9 +3130,9 @@ var OID4VCICallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
 // src/link-handler/index.ts
 var import_oid4vci_client4 = require("@sphereon/oid4vci-client");
 var import_oid4vci_common5 = require("@sphereon/oid4vci-common");
-var import_ssi_sdk5 = require("@sphereon/ssi-sdk.core");
-var import_ssi_sdk6 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
-var OID4VCIHolderLinkHandler = class extends import_ssi_sdk5.LinkHandlerAdapter {
+var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk5 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
+var OID4VCIHolderLinkHandler = class extends import_ssi_sdk4.LinkHandlerAdapter {
   static {
     __name(this, "OID4VCIHolderLinkHandler");
   }
@@ -3137,7 +3192,7 @@ var OID4VCIHolderLinkHandler = class extends import_ssi_sdk5.LinkHandlerAdapter
     const interpreter = oid4vciMachine.interpreter;
     if (!opts?.machineState && this.context.agent.availableMethods().includes("machineStatesFindActive")) {
       const stateType = hasCode ? "existing" : "new";
-      await (0, import_ssi_sdk6.interpreterStartOrResume)({
+      await (0, import_ssi_sdk5.interpreterStartOrResume)({
         stateType,
         interpreter,
         context: this.context,