npm - @sphereon/ssi-sdk.oid4vci-holder - Versions diffs - 0.34.1-next.7 → 0.34.1-next.85 - Mend

@sphereon/ssi-sdk.oid4vci-holder 0.34.1-next.7 → 0.34.1-next.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.cjs +78 -55
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +7 -5
package/dist/index.d.ts +7 -5
package/dist/index.js +57 -34
package/dist/index.js.map +1 -1
package/package.json +25 -24
package/src/agent/OID4VCIHolder.ts +35 -21
package/src/services/OID4VCIHolderService.ts +28 -6
package/src/types/FirstPartyMachine.ts +3 -2
package/src/types/IOID4VCIHolder.ts +3 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
+import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponseV1_0_15, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
 import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
@@ -15,7 +15,8 @@ import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.crede
 import { IDidAuthSiopOpAuthenticator, CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth';
 import { IVerifiableCredential, W3CVerifiableCredential, WrappedVerifiableCredential, WrappedVerifiablePresentation, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, HasherSync, SdJwtTypeDisplayMetadata, SdJwtClaimMetadata, OriginalVerifiableCredential } from '@sphereon/ssi-types';
 import { Interpreter, State, StatesConfig, StateMachine, BaseActionObject, ServiceMap, ResolveTypegenMeta, TypegenDisabled } from 'xstate';
-import { RPRegistrationMetadataPayload, PresentationDefinitionWithLocation } from '@sphereon/did-auth-siop';
+import { RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop';
+import { DcqlQuery } from 'dcql';
 import { LinkHandlerAdapter, DefaultLinkPriorities } from '@sphereon/ssi-sdk.core';
 import { IMachineStatePersistence, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence';
@@ -113,7 +114,7 @@ type SiopV2AuthorizationRequestData = {
     clientIdScheme?: string;
     clientId?: string;
     entityId?: string;
-    presentationDefinitions?: PresentationDefinitionWithLocation[];
+    dcqlQuery: DcqlQuery;
 };
 type FirstPartyMachineNavigationArgs = {
     firstPartyMachine: FirstPartyMachineInterpreter;
@@ -356,6 +357,7 @@ declare enum OID4VCIMachineGuards {
     requirePinGuard = "oid4vciRequirePinGuard",
     requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
     noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
+    hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
     hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
     hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
     verificationCodeGuard = "oid4vciVerificationCodeGuard",
@@ -482,7 +484,7 @@ type CredentialToAccept = {
     id?: string;
     types: string[];
     issuanceOpt: IssuanceOpts;
-    credentialResponse: CredentialResponse;
+    credentialResponse: CredentialResponseV1_0_15 | CredentialResponse;
 };
 type GetCredentialConfigsSupportedArgs = {
     client: OpenID4VCIClient;
@@ -667,7 +669,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
  * {@inheritDoc IOID4VCIHolder}
  */
 declare const oid4vciHolderContextMethods: Array<string>;
-declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
+declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => Promise<string>;
 declare class OID4VCIHolder implements IAgentPlugin {
     private readonly hasher?;
     readonly eventTypes: Array<OID4VCIHolderEvent>;

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
+import { AuthorizationChallengeCodeResponse, EndpointMetadataResult, CredentialOfferRequestWithBaseUrl, AuthzFlowType, AuthorizationRequestOpts, AuthorizationServerClientOpts, CredentialConfigurationSupported, ExperimentalSubjectIssuance, CredentialResponseV1_0_15, CredentialResponse, AuthorizationResponse, CredentialsSupportedDisplay, IssuerCredentialSubject, MetadataDisplay, NotificationRequest, Jwt } from '@sphereon/oid4vci-common';
 import { IIdentifierResolution, ManagedIdentifierMethod, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { IIdentifier, IPluginMethodMap, IAgentContext, ICredentialVerifier, ICredentialIssuer, IDIDManager, IResolver, IKeyManager, TKeyType, VerificationPolicies, TAgent, IAgentPlugin } from '@veramo/core';
@@ -15,7 +15,8 @@ import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.crede
 import { IDidAuthSiopOpAuthenticator, CreateConfigResult } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth';
 import { IVerifiableCredential, W3CVerifiableCredential, WrappedVerifiableCredential, WrappedVerifiablePresentation, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, HasherSync, SdJwtTypeDisplayMetadata, SdJwtClaimMetadata, OriginalVerifiableCredential } from '@sphereon/ssi-types';
 import { Interpreter, State, StatesConfig, StateMachine, BaseActionObject, ServiceMap, ResolveTypegenMeta, TypegenDisabled } from 'xstate';
-import { RPRegistrationMetadataPayload, PresentationDefinitionWithLocation } from '@sphereon/did-auth-siop';
+import { RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop';
+import { DcqlQuery } from 'dcql';
 import { LinkHandlerAdapter, DefaultLinkPriorities } from '@sphereon/ssi-sdk.core';
 import { IMachineStatePersistence, SerializableState } from '@sphereon/ssi-sdk.xstate-machine-persistence';
@@ -113,7 +114,7 @@ type SiopV2AuthorizationRequestData = {
     clientIdScheme?: string;
     clientId?: string;
     entityId?: string;
-    presentationDefinitions?: PresentationDefinitionWithLocation[];
+    dcqlQuery: DcqlQuery;
 };
 type FirstPartyMachineNavigationArgs = {
     firstPartyMachine: FirstPartyMachineInterpreter;
@@ -356,6 +357,7 @@ declare enum OID4VCIMachineGuards {
     requirePinGuard = "oid4vciRequirePinGuard",
     requireAuthorizationGuard = "oid4vciRequireAuthorizationGuard",
     noAuthorizationGuard = "oid4vciNoAuthorizationGuard",
+    hasNonceEndpointGuard = "oid4vciHasNonceEndpointGuard ",
     hasAuthorizationResponse = "oid4vciHasAuthorizationResponse",
     hasNoContactIdentityGuard = "oid4vciHasNoContactIdentityGuard",
     verificationCodeGuard = "oid4vciVerificationCodeGuard",
@@ -482,7 +484,7 @@ type CredentialToAccept = {
     id?: string;
     types: string[];
     issuanceOpt: IssuanceOpts;
-    credentialResponse: CredentialResponse;
+    credentialResponse: CredentialResponseV1_0_15 | CredentialResponse;
 };
 type GetCredentialConfigsSupportedArgs = {
     client: OpenID4VCIClient;
@@ -667,7 +669,7 @@ type RequiredContext = IAgentContext<IIssuanceBranding & IContactManager & ICred
  * {@inheritDoc IOID4VCIHolder}
  */
 declare const oid4vciHolderContextMethods: Array<string>;
-declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string) => Promise<string>;
+declare function signCallback(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager & IDIDManager & IResolver & IIdentifierResolution & IJwtService>, nonce?: string): (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => Promise<string>;
 declare class OID4VCIHolder implements IAgentPlugin {
     private readonly hasher?;
     readonly eventTypes: Array<OID4VCIHolderEvent>;

package/dist/index.js CHANGED Viewed

@@ -60,6 +60,7 @@ import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCreden
 import { SupportedDidMethodEnum as SupportedDidMethodEnum2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult as isManagedIdentifierDidResult2, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult as isManagedIdentifierResult2, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
+import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
 import { CredentialMapper as CredentialMapper2, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, Loggers, parseDid } from "@sphereon/ssi-types";
 import { asArray as asArray2, computeEntryHash } from "@veramo/utils";
@@ -75,18 +76,18 @@ import i18n from "i18n-js";
 import memoize from "lodash.memoize";
 // src/types/IOID4VCIHolder.ts
-var OID4VCIHolderEvent = /* @__PURE__ */ function(OID4VCIHolderEvent2) {
+var OID4VCIHolderEvent = /* @__PURE__ */ (function(OID4VCIHolderEvent2) {
   OID4VCIHolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
   OID4VCIHolderEvent2["CREDENTIAL_STORED"] = "credential_stored";
   OID4VCIHolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
   return OID4VCIHolderEvent2;
-}({});
-var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
+})({});
+var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
   SupportedLanguage2["ENGLISH"] = "en";
   SupportedLanguage2["DUTCH"] = "nl";
   return SupportedLanguage2;
-}({});
-var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
+})({});
+var OID4VCIMachineStates = /* @__PURE__ */ (function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["start"] = "start";
   OID4VCIMachineStates2["createCredentialsToSelectFrom"] = "createCredentialsToSelectFrom";
   OID4VCIMachineStates2["getContact"] = "getContact";
@@ -117,18 +118,18 @@ var OID4VCIMachineStates = /* @__PURE__ */ function(OID4VCIMachineStates2) {
   OID4VCIMachineStates2["error"] = "error";
   OID4VCIMachineStates2["done"] = "done";
   return OID4VCIMachineStates2;
-}({});
-var OID4VCIMachineAddContactStates = /* @__PURE__ */ function(OID4VCIMachineAddContactStates2) {
+})({});
+var OID4VCIMachineAddContactStates = /* @__PURE__ */ (function(OID4VCIMachineAddContactStates2) {
   OID4VCIMachineAddContactStates2["idle"] = "idle";
   OID4VCIMachineAddContactStates2["next"] = "next";
   return OID4VCIMachineAddContactStates2;
-}({});
-var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ function(OID4VCIMachineVerifyPinStates2) {
+})({});
+var OID4VCIMachineVerifyPinStates = /* @__PURE__ */ (function(OID4VCIMachineVerifyPinStates2) {
   OID4VCIMachineVerifyPinStates2["idle"] = "idle";
   OID4VCIMachineVerifyPinStates2["next"] = "next";
   return OID4VCIMachineVerifyPinStates2;
-}({});
-var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
+})({});
+var OID4VCIMachineEvents = /* @__PURE__ */ (function(OID4VCIMachineEvents2) {
   OID4VCIMachineEvents2["NEXT"] = "NEXT";
   OID4VCIMachineEvents2["PREVIOUS"] = "PREVIOUS";
   OID4VCIMachineEvents2["DECLINE"] = "DECLINE";
@@ -141,14 +142,15 @@ var OID4VCIMachineEvents = /* @__PURE__ */ function(OID4VCIMachineEvents2) {
   OID4VCIMachineEvents2["INVOKED_AUTHORIZATION_CODE_REQUEST"] = "INVOKED_AUTHORIZATION_CODE_REQUEST";
   OID4VCIMachineEvents2["PROVIDE_AUTHORIZATION_CODE_RESPONSE"] = "PROVIDE_AUTHORIZATION_CODE_RESPONSE";
   return OID4VCIMachineEvents2;
-}({});
-var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
+})({});
+var OID4VCIMachineGuards = /* @__PURE__ */ (function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["hasContactGuard"] = "oid4vciHasContactGuard";
   OID4VCIMachineGuards2["hasNoContactGuard"] = "oid4vciHasNoContactGuard";
   OID4VCIMachineGuards2["credentialsToSelectRequiredGuard"] = "oid4vciCredentialsToSelectRequiredGuard";
   OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
   OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
   OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
+  OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
   OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
   OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
   OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -158,8 +160,8 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["contactHasLowTrustGuard"] = "oid4vciContactHasLowTrustGuard";
   OID4VCIMachineGuards2["isFirstPartyApplication"] = "oid4vciIsFirstPartyApplication";
   return OID4VCIMachineGuards2;
-}({});
-var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
+})({});
+var OID4VCIMachineServices = /* @__PURE__ */ (function(OID4VCIMachineServices2) {
   OID4VCIMachineServices2["start"] = "start";
   OID4VCIMachineServices2["getContact"] = "getContact";
   OID4VCIMachineServices2["getFederationTrust"] = "getFederationTrust";
@@ -174,17 +176,17 @@ var OID4VCIMachineServices = /* @__PURE__ */ function(OID4VCIMachineServices2) {
   OID4VCIMachineServices2["storeCredentials"] = "storeCredentials";
   OID4VCIMachineServices2["startFirstPartApplicationFlow"] = "startFirstPartApplicationFlow";
   return OID4VCIMachineServices2;
-}({});
-var RequestType = /* @__PURE__ */ function(RequestType2) {
+})({});
+var RequestType = /* @__PURE__ */ (function(RequestType2) {
   RequestType2["OPENID_INITIATE_ISSUANCE"] = "openid-initiate-issuance";
   RequestType2["OPENID_CREDENTIAL_OFFER"] = "openid-credential-offer";
   RequestType2["URL"] = "URL";
   return RequestType2;
-}({});
-var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
+})({});
+var IdentifierAliasEnum = /* @__PURE__ */ (function(IdentifierAliasEnum2) {
   IdentifierAliasEnum2["PRIMARY"] = "primary";
   return IdentifierAliasEnum2;
-}({});
+})({});
 // src/localization/Localization.ts
 var Localization = class Localization2 {
@@ -226,7 +228,7 @@ var Localization = class Localization2 {
 var translate = Localization.translate;
 // src/types/FirstPartyMachine.ts
-var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStateTypes2) {
+var FirstPartyMachineStateTypes = /* @__PURE__ */ (function(FirstPartyMachineStateTypes2) {
   FirstPartyMachineStateTypes2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
   FirstPartyMachineStateTypes2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
   FirstPartyMachineStateTypes2["selectCredentials"] = "selectCredentials";
@@ -237,21 +239,21 @@ var FirstPartyMachineStateTypes = /* @__PURE__ */ function(FirstPartyMachineStat
   FirstPartyMachineStateTypes2["aborted"] = "aborted";
   FirstPartyMachineStateTypes2["declined"] = "declined";
   return FirstPartyMachineStateTypes2;
-}({});
-var FirstPartyMachineServices = /* @__PURE__ */ function(FirstPartyMachineServices2) {
+})({});
+var FirstPartyMachineServices = /* @__PURE__ */ (function(FirstPartyMachineServices2) {
   FirstPartyMachineServices2["sendAuthorizationChallengeRequest"] = "sendAuthorizationChallengeRequest";
   FirstPartyMachineServices2["sendAuthorizationResponse"] = "sendAuthorizationResponse";
   FirstPartyMachineServices2["createConfig"] = "createConfig";
   FirstPartyMachineServices2["getSiopRequest"] = "getSiopRequest";
   return FirstPartyMachineServices2;
-}({});
-var FirstPartyMachineEvents = /* @__PURE__ */ function(FirstPartyMachineEvents2) {
+})({});
+var FirstPartyMachineEvents = /* @__PURE__ */ (function(FirstPartyMachineEvents2) {
   FirstPartyMachineEvents2["NEXT"] = "NEXT";
   FirstPartyMachineEvents2["PREVIOUS"] = "PREVIOUS";
   FirstPartyMachineEvents2["DECLINE"] = "DECLINE";
   FirstPartyMachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
   return FirstPartyMachineEvents2;
-}({});
+})({});
 // src/machines/oid4vciMachine.ts
 var oid4vciHasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
@@ -1538,7 +1540,7 @@ var getCredentialBranding = /* @__PURE__ */ __name(async (args) => {
   const credentialBranding = {};
   await Promise.all(Object.entries(credentialsSupported).map(async ([configId, credentialsConfigSupported]) => {
     let sdJwtTypeMetadata;
-    if (credentialsConfigSupported.format === "vc+sd-jwt") {
+    if (credentialsConfigSupported.format === "dc+sd-jwt") {
       const vct = credentialsConfigSupported.vct;
       if (vct.startsWith("http")) {
         try {
@@ -1604,7 +1606,13 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
+  const credentialResponse = mappedCredential.credentialToAccept.credentialResponse;
+  let credential;
+  if ("credential" in credentialResponse) {
+    credential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    credential = credentialResponse.credentials[0].credential;
+  }
   if (!credential) {
     return Promise.reject(Error("No credential found in credential response"));
   }
@@ -1660,7 +1668,12 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
   const credentialResponse = credentialToAccept.credentialResponse;
-  const verifiableCredential = credentialResponse.credential;
+  let verifiableCredential;
+  if ("credential" in credentialResponse) {
+    verifiableCredential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    verifiableCredential = credentialResponse.credentials[0].credential;
+  }
   if (!verifiableCredential) {
     return Promise.reject(Error("No credential found in credential response"));
   }
@@ -1994,7 +2007,8 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
-    case "vc+sd-jwt":
+    case "dc+sd-jwt":
+    case "dc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
       if (supportedPreferences.length > 0) {
@@ -2063,7 +2077,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 // src/agent/OID4VCIHolder.ts
 import "cross-fetch/polyfill";
-import { defaultHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2079,7 +2092,7 @@ var oid4vciHolderContextMethods = [
 ];
 var logger = Loggers.DEFAULT.get("sphereon:oid4vci:holder");
 function signCallback(identifier, context, nonce) {
-  return async (jwt, kid) => {
+  return async (jwt, kid, noIssPayloadUpdate) => {
     let resolution = await context.agent.identifierManagedGet(identifier);
     const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
     if (!resolution.issuer && !jwt.payload.iss) {
@@ -2097,7 +2110,7 @@ function signCallback(identifier, context, nonce) {
     return (await context.agent.jwtCreateJwsCompactSignature({
       issuer: {
         ...resolution,
-        noIssPayloadUpdate: false
+        noIssPayloadUpdate: noIssPayloadUpdate ?? false
       },
       protectedHeader: header,
       payload
@@ -2132,6 +2145,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this)
   };
   vcFormatPreferences = [
+    "dc+sd-jwt",
     "vc+sd-jwt",
     "mso_mdoc",
     "jwt_vc_json",
@@ -2718,7 +2732,16 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
+        const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse;
+        let issuerVC;
+        if ("credential" in credentialResponse) {
+          issuerVC = credentialResponse.credential;
+        } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+          issuerVC = credentialResponse.credentials[0].credential;
+        }
+        if (!issuerVC) {
+          return Promise.reject(Error("No credential found in credential response"));
+        }
         const wrappedIssuerVC = CredentialMapper2.toWrappedVerifiableCredential(issuerVC, {
           hasher: this.hasher ?? defaultHasher2
         });