@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.32.1-next.54 → 0.33.1-feature.vcdm2.4

package/dist/types/siop-service/index.d.ts

@@ -7,13 +7,14 @@ import { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding';
 import { IAgentContext, IDIDManager, IIdentifier, IResolver } from '@veramo/core';
 import { IDidAuthSiopOpAuthenticator } from '../IDidAuthSiopOpAuthenticator';
 import { Siopv2MachineContext, Siopv2MachineInterpreter, Siopv2MachineState } from '../machine';
-import { Hasher } from '@sphereon/ssi-types';
+import { DcqlQuery } from 'dcql';
+import { HasherSync } from '@sphereon/ssi-types';
 export type DidAuthSiopOpAuthenticatorOptions = {
     presentationSignCallback?: PresentationSignCallback;
     customApprovals?: Record<string, (verifiedAuthorizationRequest: VerifiedAuthorizationRequest, sessionId: string) => Promise<void>>;
     onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>;
     onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>;
-    hasher?: Hasher;
+    hasher?: HasherSync;
 };
 export type GetMachineArgs = {
     url: string | URL;
@@ -59,6 +60,7 @@ export type Siopv2AuthorizationRequestData = {
     uri?: URL;
     clientId?: string;
     presentationDefinitions?: PresentationDefinitionWithLocation[];
+    dcqlQuery?: DcqlQuery;
 };
 export type SelectableCredentialsMap = Map<string, Array<SelectableCredential>>;
 export type SelectableCredential = {

package/dist/types/siop-service/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAAE,4BAA4B,EAC5D,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAA;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC9F,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AACvE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAE5C,MAAM,MAAM,iCAAiC,GAAG;IAC9C,wBAAwB,CAAC,EAAE,wBAAwB,CAAA;IACnD,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,4BAA4B,EAAE,4BAA4B,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;IAClI,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE,4BAA4B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChF,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACtE,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;IACjB,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,aAAa,EAAE,wBAAwB,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAClI,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAC9C,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,QAAQ,CAAC,CAAA;AAC1E,MAAM,MAAM,kBAAkB,GAAG;IAAE,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnG,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,oBAAoB,EAAE,KAAK,GAAG,0BAA0B,CAAC,CAAA;AAEhG,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,GAAG,0BAA0B,CAAC,CAAA;AAChG,MAAM,MAAM,gBAAgB,GAAG;IAC7B,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAClD,wBAAwB,CAAC,EAAE,8BAA8B,CAAC;IAC1D,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;IACnD,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG,IAAI,CAAC,oBAAoB,EAAE,0BAA0B,CAAC,CAAA;AAEjG,oBAAY,iBAAiB;IAC3B,wBAAwB,6BAA6B;IACrD,kBAAkB,uBAAuB;CAC1C;AAED,oBAAY,iBAAiB;IAC3B,OAAO,OAAO;IACd,KAAK,OAAO;CACb;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,aAAa,EAAE,MAAM,CAAA;IACrB,2BAA2B,EAAE,6BAA6B,CAAA;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB,CAAC,EAAE,kCAAkC,EAAE,CAAA;CAC/D,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,uBAAuB,CAAA;IACnC,kBAAkB,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACpD,WAAW,CAAC,EAAE,KAAK,CAAA;IACnB,YAAY,CAAC,EAAE,KAAK,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,WAAW,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,eAAe,GAAG,2BAA2B,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAqB,GAAG,gBAAgB,GAAG,iBAAiB,CACvI,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC7B,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAA;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC9F,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AACvE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAEhD,MAAM,MAAM,iCAAiC,GAAG;IAC9C,wBAAwB,CAAC,EAAE,wBAAwB,CAAA;IACnD,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,4BAA4B,EAAE,4BAA4B,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;IAClI,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE,4BAA4B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChF,mBAAmB,CAAC,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACtE,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;IACjB,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,uBAAuB,CAAC,EAAE,CAAC,aAAa,EAAE,wBAAwB,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAClI,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAC9C,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,QAAQ,CAAC,CAAA;AAC1E,MAAM,MAAM,kBAAkB,GAAG;IAAE,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnG,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,oBAAoB,EAAE,KAAK,GAAG,0BAA0B,CAAC,CAAA;AAEhG,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,GAAG,0BAA0B,CAAC,CAAA;AAChG,MAAM,MAAM,gBAAgB,GAAG;IAC7B,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;IACjD,wBAAwB,CAAC,EAAE,8BAA8B,CAAA;IACzD,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;IACnD,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG,IAAI,CAAC,oBAAoB,EAAE,0BAA0B,CAAC,CAAA;AAEjG,oBAAY,iBAAiB;IAC3B,wBAAwB,6BAA6B;IACrD,kBAAkB,uBAAuB;CAC1C;AAED,oBAAY,iBAAiB;IAC3B,OAAO,OAAO;IACd,KAAK,OAAO;CACb;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,8BAA8B,GAAG;IAC3C,aAAa,EAAE,MAAM,CAAA;IACrB,2BAA2B,EAAE,6BAA6B,CAAA;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB,CAAC,EAAE,kCAAkC,EAAE,CAAA;IAC9D,SAAS,CAAC,EAAE,SAAS,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,wBAAwB,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,uBAAuB,CAAA;IACnC,kBAAkB,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACpD,WAAW,CAAC,EAAE,KAAK,CAAA;IACnB,YAAY,CAAC,EAAE,KAAK,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,QAAQ,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,WAAW,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,eAAe,GAAG,2BAA2B,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAqB,GAAG,gBAAgB,GAAG,iBAAiB,CACvI,CAAA"}

package/dist/types/siop-service/index.js

@@ -1,14 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SupportedLanguage = exports.Siopv2HolderEvent = void 0;
-var Siopv2HolderEvent;
+export var Siopv2HolderEvent;
 (function (Siopv2HolderEvent) {
     Siopv2HolderEvent["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
     Siopv2HolderEvent["IDENTIFIER_CREATED"] = "identifier_created";
-})(Siopv2HolderEvent || (exports.Siopv2HolderEvent = Siopv2HolderEvent = {}));
-var SupportedLanguage;
+})(Siopv2HolderEvent || (Siopv2HolderEvent = {}));
+export var SupportedLanguage;
 (function (SupportedLanguage) {
     SupportedLanguage["ENGLISH"] = "en";
     SupportedLanguage["DUTCH"] = "nl";
-})(SupportedLanguage || (exports.SupportedLanguage = SupportedLanguage = {}));
+})(SupportedLanguage || (SupportedLanguage = {}));
 //# sourceMappingURL=index.js.map

package/dist/types/siop-service/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":";;;AA8CA,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,0EAAqD,CAAA;IACrD,8DAAyC,CAAA;AAC3C,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B;AAED,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,mCAAc,CAAA;IACd,iCAAY,CAAA;AACd,CAAC,EAHW,iBAAiB,iCAAjB,iBAAiB,QAG5B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/siop-service/index.ts"],"names":[],"mappings":"AAgDA,MAAM,CAAN,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,0EAAqD,CAAA;IACrD,8DAAyC,CAAA;AAC3C,CAAC,EAHW,iBAAiB,KAAjB,iBAAiB,QAG5B;AAED,MAAM,CAAN,IAAY,iBAGX;AAHD,WAAY,iBAAiB;IAC3B,mCAAc,CAAA;IACd,iCAAY,CAAA;AACd,CAAC,EAHW,iBAAiB,KAAjB,iBAAiB,QAG5B"}

package/dist/utils/CredentialUtils.d.ts

@@ -0,0 +1,23 @@
+import { ICredential, OriginalVerifiableCredential } from '@sphereon/ssi-types';
+import { VerifiableCredential } from '@veramo/core';
+import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store';
+/**
+ * Return the type(s) of a VC minus the VerifiableCredential type which should always be present
+ * @param credential The input credential
+ */
+export declare const getCredentialTypeAsString: (credential: ICredential | VerifiableCredential) => string;
+/**
+ * Returns a Unique Verifiable Credential (with hash) as stored in Veramo, based upon matching the id of the input VC or the proof value of the input VC
+ * @param uniqueVCs The Unique VCs to search in
+ * @param searchVC The VC to search for in the unique VCs array
+ */
+export declare const getMatchingUniqueDigitalCredential: (uniqueVCs: UniqueDigitalCredential[], searchVC: OriginalVerifiableCredential) => UniqueDigitalCredential | undefined;
+type InputCredential = UniqueDigitalCredential | VerifiableCredential | ICredential | OriginalVerifiableCredential;
+/**
+ * Get an original verifiable credential. Maps to wrapped Verifiable Credential first, to get an original JWT as Veramo stores these with a special proof value
+ * @param credential The input VC
+ */
+export declare const getOriginalVerifiableCredential: (credential: InputCredential) => OriginalVerifiableCredential;
+export declare const isUniqueDigitalCredential: (credential: InputCredential) => credential is UniqueDigitalCredential;
+export {};
+//# sourceMappingURL=CredentialUtils.d.ts.map

package/dist/utils/CredentialUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialUtils.d.ts","sourceRoot":"","sources":["../../src/utils/CredentialUtils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgC,WAAW,EAAyB,4BAA4B,EAAE,MAAM,qBAAqB,CAAA;AACpI,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAE5E;;;GAGG;AACH,eAAO,MAAM,yBAAyB,eAAgB,WAAW,GAAG,oBAAoB,KAAG,MAO1F,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,cAClC,uBAAuB,EAAE,YAC1B,4BAA4B,KACrC,uBAAuB,GAAG,SAe5B,CAAA;AAED,KAAK,eAAe,GAAG,uBAAuB,GAAG,oBAAoB,GAAG,WAAW,GAAG,4BAA4B,CAAA;AAElH;;;GAGG;AAEH,eAAO,MAAM,+BAA+B,eAAgB,eAAe,KAAG,4BAS7E,CAAA;AAUD,eAAO,MAAM,yBAAyB,eAAgB,eAAe,KAAG,UAAU,IAAI,uBAErF,CAAA"}

package/dist/utils/CredentialUtils.js

@@ -0,0 +1,55 @@
+import { CredentialMapper } from '@sphereon/ssi-types';
+/**
+ * Return the type(s) of a VC minus the VerifiableCredential type which should always be present
+ * @param credential The input credential
+ */
+export const getCredentialTypeAsString = (credential) => {
+    if (!credential.type) {
+        return 'Verifiable Credential';
+    }
+    else if (typeof credential.type === 'string') {
+        return credential.type;
+    }
+    return credential.type.filter((type) => type !== 'VerifiableCredential').join(', ');
+};
+/**
+ * Returns a Unique Verifiable Credential (with hash) as stored in Veramo, based upon matching the id of the input VC or the proof value of the input VC
+ * @param uniqueVCs The Unique VCs to search in
+ * @param searchVC The VC to search for in the unique VCs array
+ */
+export const getMatchingUniqueDigitalCredential = (uniqueVCs, searchVC) => {
+    // Since an ID is optional in a VC according to VCDM, and we really need the matches, we have a fallback match on something which is guaranteed to be unique for any VC (the proof(s))
+    return uniqueVCs.find((uniqueVC) => (typeof searchVC !== 'string' &&
+        (uniqueVC.id === searchVC.id ||
+            uniqueVC.originalVerifiableCredential.proof === searchVC.proof)) ||
+        (typeof searchVC === 'string' && uniqueVC.uniformVerifiableCredential?.proof?.jwt === searchVC) ||
+        // We are ignoring the signature of the sd-jwt as PEX signs the vc again and it will not match anymore with the jwt in the proof of the stored jsonld vc
+        (typeof searchVC === 'string' &&
+            CredentialMapper.isSdJwtEncoded(searchVC) &&
+            uniqueVC.uniformVerifiableCredential?.proof &&
+            'jwt' in uniqueVC.uniformVerifiableCredential.proof &&
+            uniqueVC.uniformVerifiableCredential.proof.jwt?.split('.')?.slice(0, 2)?.join('.') === searchVC.split('.')?.slice(0, 2)?.join('.')));
+};
+/**
+ * Get an original verifiable credential. Maps to wrapped Verifiable Credential first, to get an original JWT as Veramo stores these with a special proof value
+ * @param credential The input VC
+ */
+export const getOriginalVerifiableCredential = (credential) => {
+    if (isUniqueDigitalCredential(credential)) {
+        if (!credential.originalVerifiableCredential) {
+            throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential');
+        }
+        return getCredentialFromProofOrWrapped(credential.originalVerifiableCredential);
+    }
+    return getCredentialFromProofOrWrapped(credential);
+};
+const getCredentialFromProofOrWrapped = (cred, hasher) => {
+    if (typeof cred === 'object' && 'proof' in cred && 'jwt' in cred.proof && CredentialMapper.isSdJwtEncoded(cred.proof.jwt)) {
+        return cred.proof.jwt;
+    }
+    return CredentialMapper.toWrappedVerifiableCredential(cred, { hasher }).original;
+};
+export const isUniqueDigitalCredential = (credential) => {
+    return credential.digitalCredential !== undefined;
+};
+//# sourceMappingURL=CredentialUtils.js.map

package/dist/utils/CredentialUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialUtils.js","sourceRoot":"","sources":["../../src/utils/CredentialUtils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAgF,MAAM,qBAAqB,CAAA;AAIpI;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,UAA8C,EAAU,EAAE;IAClG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,uBAAuB,CAAA;IAChC,CAAC;SAAM,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,OAAO,UAAU,CAAC,IAAI,CAAA;IACxB,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAY,EAAW,EAAE,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtG,CAAC,CAAA;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAChD,SAAoC,EACpC,QAAsC,EACD,EAAE;IACvC,sLAAsL;IACtL,OAAO,SAAS,CAAC,IAAI,CACnB,CAAC,QAAiC,EAAE,EAAE,CACpC,CAAC,OAAO,QAAQ,KAAK,QAAQ;QAC3B,CAAC,QAAQ,CAAC,EAAE,KAA6B,QAAS,CAAC,EAAE;YAClD,QAAQ,CAAC,4BAAqD,CAAC,KAAK,KAA6B,QAAS,CAAC,KAAK,CAAC,CAAC;QACvH,CAAC,OAAO,QAAQ,KAAK,QAAQ,IAAK,QAAQ,CAAC,2BAAoD,EAAE,KAAK,EAAE,GAAG,KAAK,QAAQ,CAAC;QACzH,wJAAwJ;QACxJ,CAAC,OAAO,QAAQ,KAAK,QAAQ;YAC3B,gBAAgB,CAAC,cAAc,CAAC,QAAQ,CAAC;YACzC,QAAQ,CAAC,2BAA2B,EAAE,KAAK;YAC3C,KAAK,IAAI,QAAQ,CAAC,2BAA2B,CAAC,KAAK;YACnD,QAAQ,CAAC,2BAA2B,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CACxI,CAAA;AACH,CAAC,CAAA;AAID;;;GAGG;AAEH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,UAA2B,EAAgC,EAAE;IAC3G,IAAI,yBAAyB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,4BAA4B,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;QAC3F,CAAC;QACD,OAAO,+BAA+B,CAAC,UAAU,CAAC,4BAA4B,CAAC,CAAA;IACjF,CAAC;IAED,OAAO,+BAA+B,CAAC,UAAU,CAAC,CAAA;AACpD,CAAC,CAAA;AAED,MAAM,+BAA+B,GAAG,CAAC,IAAS,EAAE,MAAmB,EAAgC,EAAE;IACvG,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1H,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAA;IACvB,CAAC;IAED,OAAO,gBAAgB,CAAC,6BAA6B,CAAC,IAAoC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAA;AAClH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,UAA2B,EAAyC,EAAE;IAC9G,OAAQ,UAAsC,CAAC,iBAAiB,KAAK,SAAS,CAAA;AAChF,CAAC,CAAA"}

package/dist/utils/dcql.d.ts

@@ -0,0 +1,5 @@
+import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store';
+import { DcqlCredential } from 'dcql';
+import { HasherSync, OriginalVerifiableCredential } from '@sphereon/ssi-types';
+export declare function convertToDcqlCredentials(credential: UniqueDigitalCredential | OriginalVerifiableCredential, hasher?: HasherSync): DcqlCredential;
+//# sourceMappingURL=dcql.d.ts.map

package/dist/utils/dcql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dcql.d.ts","sourceRoot":"","sources":["../../src/utils/dcql.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAA;AAC5E,OAAO,EAAE,cAAc,EAA8C,MAAM,MAAM,CAAA;AACjF,OAAO,EAAoB,UAAU,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAA;AAGhG,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,uBAAuB,GAAG,4BAA4B,EAAE,MAAM,CAAC,EAAE,UAAU,GAAG,cAAc,CA8BhJ"}

package/dist/utils/dcql.js

@@ -0,0 +1,34 @@
+import { CredentialMapper } from '@sphereon/ssi-types';
+import { isUniqueDigitalCredential } from './CredentialUtils';
+export function convertToDcqlCredentials(credential, hasher) {
+    let payload;
+    if (isUniqueDigitalCredential(credential)) {
+        if (!credential.originalVerifiableCredential) {
+            throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential');
+        }
+        payload = CredentialMapper.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher);
+    }
+    else {
+        payload = CredentialMapper.decodeVerifiableCredential(credential, hasher);
+    }
+    if (!payload) {
+        throw new Error('No payload found');
+    }
+    if ('decodedPayload' in payload && payload.decodedPayload) {
+        payload = payload.decodedPayload;
+    }
+    if ('vct' in payload) {
+        return { vct: payload.vct, claims: payload, credential_format: 'vc+sd-jwt' }; // TODO dc+sd-jwt support?
+    }
+    else if ('docType' in payload && 'namespaces' in payload) {
+        // mdoc
+        return { docType: payload.docType, namespaces: payload.namespaces, claims: payload };
+    }
+    else {
+        return {
+            claims: payload,
+            credential_format: 'jwt_vc_json', // TODO jwt_vc_json-ld support
+        };
+    }
+}
+//# sourceMappingURL=dcql.js.map

package/dist/utils/dcql.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dcql.js","sourceRoot":"","sources":["../../src/utils/dcql.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAA4C,MAAM,qBAAqB,CAAA;AAChG,OAAO,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAA;AAE7D,MAAM,UAAU,wBAAwB,CAAC,UAAkE,EAAE,MAAmB;IAC9H,IAAI,OAAO,CAAA;IACX,IAAI,yBAAyB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,4BAA4B,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;QAC3F,CAAC;QACD,OAAO,GAAG,gBAAgB,CAAC,0BAA0B,CAAC,UAAU,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAA;IACxG,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,gBAAgB,CAAC,0BAA0B,CAAC,UAA0C,EAAE,MAAM,CAAC,CAAA;IAC3G,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IAED,IAAI,gBAAgB,IAAI,OAAO,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC1D,OAAO,GAAG,OAAO,CAAC,cAAc,CAAA;IAClC,CAAC;IAED,IAAI,KAAK,IAAI,OAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAkC,CAAA,CAAC,0BAA0B;IACzI,CAAC;SAAM,IAAI,SAAS,IAAI,OAAQ,IAAI,YAAY,IAAI,OAAO,EAAE,CAAC;QAC5D,OAAO;QACP,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IACtF,CAAC;SAAM,CAAC;QACN,OAAO;YACL,MAAM,EAAE,OAAO;YACf,iBAAiB,EAAE,aAAa,EAAE,8BAA8B;SAC1C,CAAA;IAC1B,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth",
-  "version": "0.32.1-next.54+3b988a2b",
+  "version": "0.33.1-feature.vcdm2.4+9f634bdb",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -14,30 +14,31 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.16.1-next.339",
-    "@sphereon/did-auth-siop-adapter": "0.16.1-next.339",
-    "@sphereon/oid4vc-common": "0.16.1-next.339",
+    "@sphereon/did-auth-siop": "0.17.0",
+    "@sphereon/did-auth-siop-adapter": "0.17.0",
+    "@sphereon/oid4vc-common": "0.17.0",
     "@sphereon/pex": "5.0.0-unstable.28",
     "@sphereon/pex-models": "^2.3.2",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.27.0",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.27.0",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.27.0",
-    "@sphereon/ssi-sdk.contact-manager": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.core": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.credential-store": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.credential-validation": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.data-store": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.issuance-branding": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.pd-manager": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.presentation-exchange": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.sd-jwt": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.32.1-next.54+3b988a2b",
-    "@sphereon/ssi-types": "0.32.1-next.54+3b988a2b",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.28.0",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.0",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.28.0",
+    "@sphereon/ssi-sdk.contact-manager": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.core": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.credential-store": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.credential-validation": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.data-store": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.issuance-branding": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.pd-manager": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.presentation-exchange": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.sd-jwt": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.33.1-feature.vcdm2.4+9f634bdb",
+    "@sphereon/ssi-types": "0.33.1-feature.vcdm2.4+9f634bdb",
     "@sphereon/wellknown-dids-client": "^0.1.3",
     "@veramo/core": "4.2.0",
     "@veramo/credential-w3c": "4.2.0",
     "cross-fetch": "^3.1.8",
+    "dcql": "0.2.19",
     "did-jwt-vc": "3.1.3",
     "i18n-js": "^3.9.2",
     "lodash.memoize": "^4.1.2",
@@ -46,19 +47,21 @@
   },
   "devDependencies": {
     "@sphereon/did-uni-client": "^0.6.3",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.27.0",
-    "@sphereon/ssi-sdk.agent-config": "0.32.1-next.54+3b988a2b",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.0",
+    "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.vcdm2.4+9f634bdb",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
     "@types/sha.js": "^2.4.4",
     "@types/uuid": "^9.0.8",
+    "@veramo/data-store": "4.2.0",
     "@veramo/did-provider-key": "4.2.0",
     "@veramo/did-resolver": "4.2.0",
     "@veramo/remote-client": "4.2.0",
     "@veramo/remote-server": "4.2.0",
     "@veramo/utils": "4.2.0",
     "did-resolver": "^4.1.0",
-    "nock": "^13.5.4"
+    "nock": "^13.5.4",
+    "typeorm": "^0.3.21"
   },
   "files": [
     "dist/**/*",
@@ -88,5 +91,5 @@
     "Authenticator"
   ],
   "nx": {},
-  "gitHead": "3b988a2bb62a7c4534a2670ea3a0985fd93d00f2"
+  "gitHead": "9f634bdb714061141e277508c124b08d626f6036"
 }

package/src/agent/DidAuthSiopOpAuthenticator.ts

@@ -2,19 +2,22 @@ import { decodeUriAsJson, PresentationSignCallback, SupportedVersion, VerifiedAu
 import {
   ConnectionType,
   CorrelationIdentifierType,
+  CredentialDocumentFormat,
   CredentialRole,
+  DocumentType,
   Identity,
   IdentityOrigin,
   NonPersistedIdentity,
   Party,
 } from '@sphereon/ssi-sdk.data-store'
-import { Hasher, Loggers } from '@sphereon/ssi-types'
+import { HasherSync, Loggers, SdJwtDecodedVerifiableCredential } from '@sphereon/ssi-types'
 import { IAgentPlugin } from '@veramo/core'
 import { v4 as uuidv4 } from 'uuid'
 import {
   DidAuthSiopOpAuthenticatorOptions,
   GetSelectableCredentialsArgs,
   IOpSessionArgs,
+  Json,
   LOGGER_NAMESPACE,
   RequiredContext,
   schema,
@@ -30,16 +33,19 @@ import { computeEntryHash } from '@veramo/utils'
 import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
 import { EventEmitter } from 'events'
 import {
-  AddIdentityArgs,
-  CreateConfigArgs,
-  CreateConfigResult,
-  GetSiopRequestArgs,
   IDidAuthSiopOpAuthenticator,
   IGetSiopSessionArgs,
   IRegisterCustomApprovalForSiopArgs,
   IRemoveCustomApprovalForSiopArgs,
   IRemoveSiopSessionArgs,
   IRequiredContext,
+} from '../types'
+
+import {
+  AddIdentityArgs,
+  CreateConfigArgs,
+  CreateConfigResult,
+  GetSiopRequestArgs,
   OnContactIdentityCreatedArgs,
   OnIdentifierCreatedArgs,
   RetrieveContactArgs,
@@ -47,8 +53,9 @@ import {
   Siopv2AuthorizationRequestData,
   Siopv2HolderEvent,
   Siopv2Machine as Siopv2MachineId,
-  Siopv2MachineInstanceOpts
+  Siopv2MachineInstanceOpts,
 } from '../types'
+import { DcqlCredential, DcqlPresentation, DcqlQuery, DcqlSdJwtVcCredential } from 'dcql'
 
 const logger = Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE)
 
@@ -84,22 +91,16 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     siopGetSelectableCredentials: this.siopGetSelectableCredentials.bind(this),
   }
 
-  private readonly hasher?: Hasher
   private readonly sessions: Map<string, OpSession>
   private readonly customApprovals: Record<string, (verifiedAuthorizationRequest: VerifiedAuthorizationRequest, sessionId: string) => Promise<void>>
   private readonly presentationSignCallback?: PresentationSignCallback
   private readonly onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>
   private readonly onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>
   private readonly eventEmitter?: EventEmitter
+  private readonly hasher?: HasherSync
 
   constructor(options?: DidAuthSiopOpAuthenticatorOptions) {
-    const {
-      onContactIdentityCreated,
-      onIdentifierCreated,
-      hasher,
-      customApprovals = {},
-      presentationSignCallback
-    } = { ...options }
+    const { onContactIdentityCreated, onIdentifierCreated, hasher, customApprovals = {}, presentationSignCallback } = { ...options }
 
     this.hasher = hasher
     this.onContactIdentityCreated = onContactIdentityCreated
@@ -214,9 +215,14 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
     }
     const { sessionId, redirectUrl } = didAuthConfig
 
-    const session: OpSession = await agent
-      .siopGetOPSession({ sessionId })
-      .catch(async () => await agent.siopRegisterOPSession({ requestJwtOrUri: redirectUrl, sessionId, op: { eventEmitter: this.eventEmitter, hasher: this.hasher } }))
+    const session: OpSession = await agent.siopGetOPSession({ sessionId }).catch(
+      async () =>
+        await agent.siopRegisterOPSession({
+          requestJwtOrUri: redirectUrl,
+          sessionId,
+          op: { eventEmitter: this.eventEmitter, hasher: this.hasher },
+        }),
+    )
 
     logger.debug(`session: ${JSON.stringify(session.id, null, 2)}`)
     const verifiedAuthorizationRequest = await session.getAuthorizationRequest()
@@ -245,6 +251,7 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
           verifiedAuthorizationRequest.presentationDefinitions.length > 0)
           ? verifiedAuthorizationRequest.presentationDefinitions
           : undefined,
+      dcqlQuery: verifiedAuthorizationRequest.dcqlQuery,
     }
   }
 
@@ -345,32 +352,75 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
 
     const pex = new PEX({ hasher: this.hasher })
     const verifiableCredentialsWithDefinition: Array<VerifiableCredentialsWithDefinition> = []
-
-    authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
-      const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(
-        presentationDefinition.definition,
-        selectedCredentials.map((udc) => udc.originalVerifiableCredential!),
-      )
-      if (areRequiredCredentialsPresent !== Status.ERROR && verifiableCredentials) {
-        const uniqueDigitalCredentials: UniqueDigitalCredential[] = verifiableCredentials.map((vc) => {
-          // @ts-ignore FIXME Funke
-          const hash = computeEntryHash(vc)
-          const udc = selectedCredentials.find((udc) => udc.hash == hash)
-
-          if (!udc) {
-            throw Error('UniqueDigitalCredential could not be found')
+    const dcqlCredentialsWithCredentials: Map<DcqlCredential, UniqueDigitalCredential> = new Map()
+
+    if (Array.isArray(authorizationRequestData.presentationDefinitions) && authorizationRequestData?.presentationDefinitions.length > 0) {
+      try {
+        authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
+          const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(
+            presentationDefinition.definition,
+            selectedCredentials.map((udc) => udc.originalVerifiableCredential!),
+          )
+
+          if (areRequiredCredentialsPresent !== Status.ERROR && verifiableCredentials) {
+            let uniqueDigitalCredentials: UniqueDigitalCredential[] = []
+            uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
+              // @ts-ignore FIXME Funke
+              const hash = typeof vc === 'string' ? computeEntryHash(vc.split('~'[0])) : computeEntryHash(vc)
+              const udc = selectedCredentials.find((udc) => udc.hash == hash || udc.originalVerifiableCredential == vc)
+
+              if (!udc) {
+                throw Error(
+                  `UniqueDigitalCredential could not be found in store. Either the credential is not present in the store or the hash is not correct.`,
+                )
+              }
+              return udc
+            })
+            verifiableCredentialsWithDefinition.push({
+              definition: presentationDefinition,
+              credentials: uniqueDigitalCredentials,
+            })
           }
-          return udc
-        })
-        verifiableCredentialsWithDefinition.push({
-          definition: presentationDefinition,
-          credentials: uniqueDigitalCredentials,
         })
+      } catch (e) {
+        return Promise.reject(e)
       }
-    })
 
-    if (verifiableCredentialsWithDefinition.length === 0) {
-      return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'))
+      if (verifiableCredentialsWithDefinition.length === 0) {
+        return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'))
+      }
+    } else if (authorizationRequestData.dcqlQuery) {
+      //TODO Only SD-JWT and MSO MDOC are supported at the moment
+      if (this.hasMDocCredentials(selectedCredentials) || this.hasSdJwtCredentials(selectedCredentials)) {
+        try {
+          selectedCredentials.forEach((vc) => {
+            if (this.isSdJwtCredential(vc)) {
+              const payload = (vc.originalVerifiableCredential as SdJwtDecodedVerifiableCredential).decodedPayload
+              const result: DcqlSdJwtVcCredential = {
+                claims: payload as { [x: string]: Json },
+                vct: payload.vct,
+                credential_format: 'vc+sd-jwt',
+              }
+              dcqlCredentialsWithCredentials.set(result, vc)
+              //FIXME MDoc namespaces are incompatible: array of strings vs complex object - https://sphereon.atlassian.net/browse/SPRIND-143
+            } else {
+              throw Error(`Invalid credential format: ${vc.digitalCredential.documentFormat}`)
+            }
+          })
+        } catch (e) {
+          return Promise.reject(e)
+        }
+
+        const dcqlPresentationRecord: DcqlPresentation.Output = {}
+        const queryResult = DcqlQuery.query(authorizationRequestData.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()))
+        for (const [key, value] of Object.entries(queryResult.credential_matches)) {
+          if (value.success) {
+            dcqlPresentationRecord[key] = this.retrieveEncodedCredential(dcqlCredentialsWithCredentials.get(value.output)!) as
+              | string
+              | { [x: string]: Json }
+          }
+        }
+      }
     }
 
     const response = await siopSendAuthorizationResponse(
@@ -380,7 +430,7 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
         ...(args.idOpts && { idOpts: args.idOpts }),
         ...(authorizationRequestData.presentationDefinitions !== undefined && { verifiableCredentialsWithDefinition }),
         isFirstParty,
-        hasher: this.hasher
+        hasher: this.hasher,
       },
       context,
     )
@@ -395,11 +445,41 @@ export class DidAuthSiopOpAuthenticator implements IAgentPlugin {
 
     return {
       body: responseBody,
-      url: response.url,
-      queryParams: decodeUriAsJson(response.url),
+      url: response?.url,
+      queryParams: decodeUriAsJson(response?.url),
     }
   }
 
+  private hasMDocCredentials = (credentials: UniqueDigitalCredential[]): boolean => {
+    return credentials.some(this.isMDocCredential)
+  }
+
+  private isMDocCredential = (credential: UniqueDigitalCredential) => {
+    return (
+      credential.digitalCredential.documentFormat === CredentialDocumentFormat.MSO_MDOC &&
+      credential.digitalCredential.documentType === DocumentType.VC
+    )
+  }
+
+  private hasSdJwtCredentials = (credentials: UniqueDigitalCredential[]): boolean => {
+    return credentials.some(this.isSdJwtCredential)
+  }
+
+  private isSdJwtCredential = (credential: UniqueDigitalCredential) => {
+    return (
+      credential.digitalCredential.documentFormat === CredentialDocumentFormat.SD_JWT && credential.digitalCredential.documentType === DocumentType.VC
+    )
+  }
+
+  private retrieveEncodedCredential = (credential: UniqueDigitalCredential) => {
+    return credential.originalVerifiableCredential !== undefined &&
+      credential.originalVerifiableCredential !== null &&
+      (credential?.originalVerifiableCredential as SdJwtDecodedVerifiableCredential)?.compactSdJwtVc !== undefined &&
+      (credential?.originalVerifiableCredential as SdJwtDecodedVerifiableCredential)?.compactSdJwtVc !== null
+      ? (credential.originalVerifiableCredential as SdJwtDecodedVerifiableCredential).compactSdJwtVc
+      : credential.originalVerifiableCredential
+  }
+
   private async siopGetSelectableCredentials(args: GetSelectableCredentialsArgs, context: RequiredContext): Promise<SelectableCredentialsMap> {
     const { authorizationRequestData } = args