@vidos-id/openid4vc-issuer 0.0.0-test1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +148 -0
  2. package/dist/index.d.mts +593 -0
  3. package/dist/index.mjs +670 -0
  4. package/package.json +46 -0
package/dist/index.d.mts ADDED
@@ -0,0 +1,593 @@
1
+ import { JWK } from "jose";
2
+ import { z } from "zod";
3
+
4
+ //#region src/crypto.d.ts
5
+ declare const generateIssuerTrustMaterial: (input?: {
6
+ kid?: string;
7
+ subject?: string;
8
+ daysValid?: number;
9
+ alg?: "ES256" | "ES384" | "EdDSA";
10
+ }) => Promise<{
11
+ alg: "ES256" | "ES384" | "EdDSA";
12
+ kid: string;
13
+ privateJwk: JWK;
14
+ publicJwk: JWK;
15
+ privateKeyPem: string;
16
+ publicKeyPem: string;
17
+ certificatePem: string;
18
+ certificateFingerprintSha256: string;
19
+ jwks: {
20
+ keys: [JWK];
21
+ };
22
+ trustArtifact: {
23
+ kid: string;
24
+ alg: "ES256" | "ES384" | "EdDSA";
25
+ jwks: {
26
+ keys: [JWK];
27
+ };
28
+ publicKeyPem: string;
29
+ certificatePem: string;
30
+ certificateFingerprintSha256: string;
31
+ };
32
+ }>;
33
+ //#endregion
34
+ //#region src/errors.d.ts
35
+ declare class IssuerError extends Error {
36
+ readonly code: "invalid_request" | "invalid_grant" | "invalid_token" | "invalid_proof" | "unsupported_credential_configuration" | "unsupported_tx_code";
37
+ constructor(code: "invalid_request" | "invalid_grant" | "invalid_token" | "invalid_proof" | "unsupported_credential_configuration" | "unsupported_tx_code", message: string);
38
+ }
39
+ //#endregion
40
+ //#region src/schemas.d.ts
41
+ declare const jwkSchema: z.ZodObject<{
42
+ kty: z.ZodString;
43
+ kid: z.ZodOptional<z.ZodString>;
44
+ alg: z.ZodOptional<z.ZodString>;
45
+ crv: z.ZodOptional<z.ZodString>;
46
+ x: z.ZodOptional<z.ZodString>;
47
+ y: z.ZodOptional<z.ZodString>;
48
+ d: z.ZodOptional<z.ZodString>;
49
+ n: z.ZodOptional<z.ZodString>;
50
+ e: z.ZodOptional<z.ZodString>;
51
+ use: z.ZodOptional<z.ZodString>;
52
+ key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
53
+ x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
54
+ }, z.core.$catchall<z.ZodUnknown>>;
55
+ declare const claimSetSchema: z.ZodRecord<z.ZodString, z.ZodUnknown>;
56
+ declare const credentialConfigurationSchema: z.ZodObject<{
57
+ format: z.ZodLiteral<"dc+sd-jwt">;
58
+ vct: z.ZodString;
59
+ scope: z.ZodOptional<z.ZodString>;
60
+ claims: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
61
+ proof_signing_alg_values_supported: z.ZodDefault<z.ZodArray<z.ZodString>>;
62
+ }, z.core.$strip>;
63
+ declare const signingAlgSchema: z.ZodEnum<{
64
+ ES256: "ES256";
65
+ ES384: "ES384";
66
+ EdDSA: "EdDSA";
67
+ }>;
68
+ type SigningAlg = z.infer<typeof signingAlgSchema>;
69
+ declare const statusListBitsSchema: z.ZodUnion<readonly [z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>;
70
+ declare const tokenStatusValueSchema: z.ZodNumber;
71
+ declare const credentialStatusListReferenceSchema: z.ZodObject<{
72
+ idx: z.ZodNumber;
73
+ uri: z.ZodString;
74
+ }, z.core.$strip>;
75
+ declare const credentialStatusSchema: z.ZodObject<{
76
+ status_list: z.ZodObject<{
77
+ idx: z.ZodNumber;
78
+ uri: z.ZodString;
79
+ }, z.core.$strip>;
80
+ }, z.core.$strip>;
81
+ declare const statusListRecordSchema: z.ZodObject<{
82
+ uri: z.ZodString;
83
+ bits: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
84
+ statuses: z.ZodDefault<z.ZodArray<z.ZodNumber>>;
85
+ ttl: z.ZodOptional<z.ZodNumber>;
86
+ expiresAt: z.ZodOptional<z.ZodNumber>;
87
+ aggregation_uri: z.ZodOptional<z.ZodString>;
88
+ }, z.core.$strip>;
89
+ declare const createStatusListInputSchema: z.ZodObject<{
90
+ uri: z.ZodString;
91
+ bits: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<1>, z.ZodLiteral<2>, z.ZodLiteral<4>, z.ZodLiteral<8>]>>;
92
+ ttl: z.ZodOptional<z.ZodNumber>;
93
+ expiresAt: z.ZodOptional<z.ZodNumber>;
94
+ aggregation_uri: z.ZodOptional<z.ZodString>;
95
+ }, z.core.$strip>;
96
+ declare const issuerConfigSchema: z.ZodObject<{
97
+ issuer: z.ZodString;
98
+ credentialConfigurationsSupported: z.ZodRecord<z.ZodString, z.ZodObject<{
99
+ format: z.ZodLiteral<"dc+sd-jwt">;
100
+ vct: z.ZodString;
101
+ scope: z.ZodOptional<z.ZodString>;
102
+ claims: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
103
+ proof_signing_alg_values_supported: z.ZodDefault<z.ZodArray<z.ZodString>>;
104
+ }, z.core.$strip>>;
105
+ signingKey: z.ZodObject<{
106
+ alg: z.ZodDefault<z.ZodEnum<{
107
+ ES256: "ES256";
108
+ ES384: "ES384";
109
+ EdDSA: "EdDSA";
110
+ }>>;
111
+ privateJwk: z.ZodObject<{
112
+ kty: z.ZodString;
113
+ kid: z.ZodOptional<z.ZodString>;
114
+ alg: z.ZodOptional<z.ZodString>;
115
+ crv: z.ZodOptional<z.ZodString>;
116
+ x: z.ZodOptional<z.ZodString>;
117
+ y: z.ZodOptional<z.ZodString>;
118
+ d: z.ZodOptional<z.ZodString>;
119
+ n: z.ZodOptional<z.ZodString>;
120
+ e: z.ZodOptional<z.ZodString>;
121
+ use: z.ZodOptional<z.ZodString>;
122
+ key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
123
+ x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
124
+ }, z.core.$catchall<z.ZodUnknown>>;
125
+ publicJwk: z.ZodObject<{
126
+ kty: z.ZodString;
127
+ kid: z.ZodOptional<z.ZodString>;
128
+ alg: z.ZodOptional<z.ZodString>;
129
+ crv: z.ZodOptional<z.ZodString>;
130
+ x: z.ZodOptional<z.ZodString>;
131
+ y: z.ZodOptional<z.ZodString>;
132
+ d: z.ZodOptional<z.ZodString>;
133
+ n: z.ZodOptional<z.ZodString>;
134
+ e: z.ZodOptional<z.ZodString>;
135
+ use: z.ZodOptional<z.ZodString>;
136
+ key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
137
+ x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
138
+ }, z.core.$catchall<z.ZodUnknown>>;
139
+ }, z.core.$strip>;
140
+ endpoints: z.ZodOptional<z.ZodObject<{
141
+ token: z.ZodOptional<z.ZodString>;
142
+ credential: z.ZodOptional<z.ZodString>;
143
+ nonce: z.ZodOptional<z.ZodString>;
144
+ }, z.core.$strip>>;
145
+ nonceTtlSeconds: z.ZodDefault<z.ZodNumber>;
146
+ grantTtlSeconds: z.ZodDefault<z.ZodNumber>;
147
+ tokenTtlSeconds: z.ZodDefault<z.ZodNumber>;
148
+ }, z.core.$strip>;
149
+ declare const createPreAuthorizedGrantInputSchema: z.ZodObject<{
150
+ credential_configuration_id: z.ZodString;
151
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
152
+ expires_in: z.ZodOptional<z.ZodNumber>;
153
+ }, z.core.$strip>;
154
+ declare const createCredentialOfferInputSchema: z.ZodObject<{
155
+ credential_configuration_id: z.ZodString;
156
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
157
+ expires_in: z.ZodOptional<z.ZodNumber>;
158
+ }, z.core.$strip>;
159
+ declare const preAuthorizedGrantTypeSchema: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:pre-authorized_code">;
160
+ declare const credentialOfferSchema: z.ZodObject<{
161
+ credential_issuer: z.ZodString;
162
+ credential_configuration_ids: z.ZodArray<z.ZodString>;
163
+ grants: z.ZodObject<{
164
+ "urn:ietf:params:oauth:grant-type:pre-authorized_code": z.ZodObject<{
165
+ "pre-authorized_code": z.ZodString;
166
+ tx_code: z.ZodOptional<z.ZodNever>;
167
+ }, z.core.$strip>;
168
+ }, z.core.$strip>;
169
+ }, z.core.$strip>;
170
+ declare const credentialOfferUriSchema: z.ZodString;
171
+ declare const issuerMetadataCredentialConfigurationSchema: z.ZodObject<{
172
+ format: z.ZodLiteral<"dc+sd-jwt">;
173
+ vct: z.ZodString;
174
+ scope: z.ZodString;
175
+ proof_types_supported: z.ZodObject<{
176
+ jwt: z.ZodObject<{
177
+ proof_signing_alg_values_supported: z.ZodArray<z.ZodString>;
178
+ }, z.core.$strip>;
179
+ }, z.core.$strip>;
180
+ cryptographic_binding_methods_supported: z.ZodArray<z.ZodLiteral<"jwk">>;
181
+ credential_signing_alg_values_supported: z.ZodArray<z.ZodString>;
182
+ }, z.core.$strip>;
183
+ declare const issuerMetadataSchema: z.ZodObject<{
184
+ credential_issuer: z.ZodString;
185
+ token_endpoint: z.ZodString;
186
+ credential_endpoint: z.ZodString;
187
+ nonce_endpoint: z.ZodOptional<z.ZodString>;
188
+ jwks: z.ZodObject<{
189
+ keys: z.ZodArray<z.ZodObject<{
190
+ kty: z.ZodString;
191
+ kid: z.ZodOptional<z.ZodString>;
192
+ alg: z.ZodOptional<z.ZodString>;
193
+ crv: z.ZodOptional<z.ZodString>;
194
+ x: z.ZodOptional<z.ZodString>;
195
+ y: z.ZodOptional<z.ZodString>;
196
+ d: z.ZodOptional<z.ZodString>;
197
+ n: z.ZodOptional<z.ZodString>;
198
+ e: z.ZodOptional<z.ZodString>;
199
+ use: z.ZodOptional<z.ZodString>;
200
+ key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
201
+ x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
202
+ }, z.core.$catchall<z.ZodUnknown>>>;
203
+ }, z.core.$strip>;
204
+ credential_configurations_supported: z.ZodRecord<z.ZodString, z.ZodObject<{
205
+ format: z.ZodLiteral<"dc+sd-jwt">;
206
+ vct: z.ZodString;
207
+ scope: z.ZodString;
208
+ proof_types_supported: z.ZodObject<{
209
+ jwt: z.ZodObject<{
210
+ proof_signing_alg_values_supported: z.ZodArray<z.ZodString>;
211
+ }, z.core.$strip>;
212
+ }, z.core.$strip>;
213
+ cryptographic_binding_methods_supported: z.ZodArray<z.ZodLiteral<"jwk">>;
214
+ credential_signing_alg_values_supported: z.ZodArray<z.ZodString>;
215
+ }, z.core.$strip>>;
216
+ }, z.core.$strip>;
217
+ declare const preAuthorizedGrantRecordSchema: z.ZodObject<{
218
+ preAuthorizedCode: z.ZodString;
219
+ credentialConfigurationId: z.ZodString;
220
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
221
+ expiresAt: z.ZodNumber;
222
+ used: z.ZodBoolean;
223
+ }, z.core.$strip>;
224
+ declare const tokenRequestSchema: z.ZodObject<{
225
+ grant_type: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:pre-authorized_code">;
226
+ "pre-authorized_code": z.ZodString;
227
+ tx_code: z.ZodOptional<z.ZodString>;
228
+ }, z.core.$strip>;
229
+ declare const tokenResponseSchema: z.ZodObject<{
230
+ access_token: z.ZodString;
231
+ token_type: z.ZodLiteral<"Bearer">;
232
+ expires_in: z.ZodNumber;
233
+ credential_configuration_id: z.ZodString;
234
+ c_nonce: z.ZodOptional<z.ZodString>;
235
+ c_nonce_expires_in: z.ZodOptional<z.ZodNumber>;
236
+ }, z.core.$strip>;
237
+ declare const exchangePreAuthorizedCodeInputSchema: z.ZodObject<{
238
+ tokenRequest: z.ZodObject<{
239
+ grant_type: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:pre-authorized_code">;
240
+ "pre-authorized_code": z.ZodString;
241
+ tx_code: z.ZodOptional<z.ZodString>;
242
+ }, z.core.$strip>;
243
+ preAuthorizedGrant: z.ZodObject<{
244
+ preAuthorizedCode: z.ZodString;
245
+ credentialConfigurationId: z.ZodString;
246
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
247
+ expiresAt: z.ZodNumber;
248
+ used: z.ZodBoolean;
249
+ }, z.core.$strip>;
250
+ }, z.core.$strip>;
251
+ declare const accessTokenRecordSchema: z.ZodObject<{
252
+ accessToken: z.ZodString;
253
+ credentialConfigurationId: z.ZodString;
254
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
255
+ expiresAt: z.ZodNumber;
256
+ used: z.ZodBoolean;
257
+ }, z.core.$strip>;
258
+ declare const issueCredentialInputSchema: z.ZodObject<{
259
+ accessToken: z.ZodObject<{
260
+ accessToken: z.ZodString;
261
+ credentialConfigurationId: z.ZodString;
262
+ claims: z.ZodRecord<z.ZodString, z.ZodUnknown>;
263
+ expiresAt: z.ZodNumber;
264
+ used: z.ZodBoolean;
265
+ }, z.core.$strip>;
266
+ credential_configuration_id: z.ZodString;
267
+ holderPublicJwk: z.ZodOptional<z.ZodObject<{
268
+ kty: z.ZodString;
269
+ kid: z.ZodOptional<z.ZodString>;
270
+ alg: z.ZodOptional<z.ZodString>;
271
+ crv: z.ZodOptional<z.ZodString>;
272
+ x: z.ZodOptional<z.ZodString>;
273
+ y: z.ZodOptional<z.ZodString>;
274
+ d: z.ZodOptional<z.ZodString>;
275
+ n: z.ZodOptional<z.ZodString>;
276
+ e: z.ZodOptional<z.ZodString>;
277
+ use: z.ZodOptional<z.ZodString>;
278
+ key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
279
+ x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
280
+ }, z.core.$catchall<z.ZodUnknown>>>;
281
+ status: z.ZodOptional<z.ZodObject<{
282
+ status_list: z.ZodObject<{
283
+ idx: z.ZodNumber;
284
+ uri: z.ZodString;
285
+ }, z.core.$strip>;
286
+ }, z.core.$strip>>;
287
+ }, z.core.$strip>;
288
+ declare const nonceRecordSchema: z.ZodObject<{
289
+ c_nonce: z.ZodString;
290
+ expiresAt: z.ZodNumber;
291
+ used: z.ZodBoolean;
292
+ }, z.core.$strip>;
293
+ declare const nonceResponseSchema: z.ZodObject<{
294
+ c_nonce: z.ZodString;
295
+ c_nonce_expires_in: z.ZodNumber;
296
+ }, z.core.$strip>;
297
+ declare const credentialRequestProofSchema: z.ZodObject<{
298
+ proof_type: z.ZodLiteral<"jwt">;
299
+ jwt: z.ZodString;
300
+ }, z.core.$strip>;
301
+ declare const credentialRequestSchema: z.ZodObject<{
302
+ format: z.ZodOptional<z.ZodLiteral<"dc+sd-jwt">>;
303
+ credential_configuration_id: z.ZodString;
304
+ proofs: z.ZodObject<{
305
+ jwt: z.ZodArray<z.ZodObject<{
306
+ proof_type: z.ZodLiteral<"jwt">;
307
+ jwt: z.ZodString;
308
+ }, z.core.$strip>>;
309
+ }, z.core.$strip>;
310
+ }, z.core.$strip>;
311
+ declare const credentialResponseSchema: z.ZodObject<{
312
+ format: z.ZodLiteral<"dc+sd-jwt">;
313
+ credential: z.ZodString;
314
+ c_nonce: z.ZodOptional<z.ZodString>;
315
+ c_nonce_expires_in: z.ZodOptional<z.ZodNumber>;
316
+ }, z.core.$strip>;
317
+ declare const validateProofJwtInputSchema: z.ZodObject<{
318
+ jwt: z.ZodString;
319
+ nonce: z.ZodObject<{
320
+ c_nonce: z.ZodString;
321
+ expiresAt: z.ZodNumber;
322
+ used: z.ZodBoolean;
323
+ }, z.core.$strip>;
324
+ }, z.core.$strip>;
325
+ type Jwk = z.infer<typeof jwkSchema>;
326
+ type ClaimSet = z.infer<typeof claimSetSchema>;
327
+ type CreateStatusListInput = z.input<typeof createStatusListInputSchema>;
328
+ type CredentialConfiguration = z.input<typeof credentialConfigurationSchema>;
329
+ type CredentialStatus = z.infer<typeof credentialStatusSchema>;
330
+ type CredentialStatusListReference = z.infer<typeof credentialStatusListReferenceSchema>;
331
+ type IssuerConfigInput = z.input<typeof issuerConfigSchema>;
332
+ type CreatePreAuthorizedGrantInput = z.input<typeof createPreAuthorizedGrantInputSchema>;
333
+ type CreateCredentialOfferInput = z.input<typeof createCredentialOfferInputSchema>;
334
+ type CredentialOffer = z.infer<typeof credentialOfferSchema>;
335
+ type CredentialOfferUri = z.infer<typeof credentialOfferUriSchema>;
336
+ type IssuerMetadataCredentialConfiguration = z.infer<typeof issuerMetadataCredentialConfigurationSchema>;
337
+ type IssuerMetadataPayload = z.infer<typeof issuerMetadataSchema>;
338
+ type PreAuthorizedGrantRecord = z.infer<typeof preAuthorizedGrantRecordSchema>;
339
+ type TokenRequest = z.input<typeof tokenRequestSchema>;
340
+ type TokenResponse = z.infer<typeof tokenResponseSchema>;
341
+ type ExchangePreAuthorizedCodeInput = z.input<typeof exchangePreAuthorizedCodeInputSchema>;
342
+ type AccessTokenRecord = z.infer<typeof accessTokenRecordSchema>;
343
+ type IssueCredentialInput = z.input<typeof issueCredentialInputSchema>;
344
+ type NonceRecord = z.infer<typeof nonceRecordSchema>;
345
+ type NonceResponse = z.infer<typeof nonceResponseSchema>;
346
+ type StatusListBits = z.infer<typeof statusListBitsSchema>;
347
+ type StatusListRecord = z.infer<typeof statusListRecordSchema>;
348
+ type CredentialRequest = z.infer<typeof credentialRequestSchema>;
349
+ type CredentialResponse = z.infer<typeof credentialResponseSchema>;
350
+ type TokenStatusValue = z.infer<typeof tokenStatusValueSchema>;
351
+ type ValidateProofJwtInput = z.input<typeof validateProofJwtInputSchema>;
352
+ //#endregion
353
+ //#region src/issuer.d.ts
354
+ type ValidatedProof = {
355
+ nonce: string;
356
+ holderPublicJwk: JWK;
357
+ holderKeyThumbprint: string;
358
+ payload: Record<string, unknown>;
359
+ protectedHeader: Record<string, unknown>;
360
+ updatedNonce: NonceRecord;
361
+ };
362
+ declare class DemoIssuer {
363
+ private readonly config;
364
+ private readonly now;
365
+ private readonly idGenerator;
366
+ private readonly issuerPrivateKeyPromise;
367
+ private readonly issuerPublicKeyPromise;
368
+ private readonly sdJwtVc;
369
+ constructor(config: IssuerConfigInput, options?: {
370
+ now?: () => number;
371
+ idGenerator?: () => string;
372
+ });
373
+ getJwks(): {
374
+ keys: {
375
+ [x: string]: unknown;
376
+ kty: string;
377
+ kid?: string | undefined;
378
+ alg?: string | undefined;
379
+ crv?: string | undefined;
380
+ x?: string | undefined;
381
+ y?: string | undefined;
382
+ d?: string | undefined;
383
+ n?: string | undefined;
384
+ e?: string | undefined;
385
+ use?: string | undefined;
386
+ key_ops?: string[] | undefined;
387
+ x5c?: string[] | undefined;
388
+ }[];
389
+ };
390
+ getMetadata(): {
391
+ credential_issuer: string;
392
+ token_endpoint: string;
393
+ credential_endpoint: string;
394
+ jwks: {
395
+ keys: {
396
+ [x: string]: unknown;
397
+ kty: string;
398
+ kid?: string | undefined;
399
+ alg?: string | undefined;
400
+ crv?: string | undefined;
401
+ x?: string | undefined;
402
+ y?: string | undefined;
403
+ d?: string | undefined;
404
+ n?: string | undefined;
405
+ e?: string | undefined;
406
+ use?: string | undefined;
407
+ key_ops?: string[] | undefined;
408
+ x5c?: string[] | undefined;
409
+ }[];
410
+ };
411
+ credential_configurations_supported: Record<string, {
412
+ format: "dc+sd-jwt";
413
+ vct: string;
414
+ scope: string;
415
+ proof_types_supported: {
416
+ jwt: {
417
+ proof_signing_alg_values_supported: string[];
418
+ };
419
+ };
420
+ cryptographic_binding_methods_supported: "jwk"[];
421
+ credential_signing_alg_values_supported: string[];
422
+ }>;
423
+ nonce_endpoint?: string | undefined;
424
+ };
425
+ createStatusList(input: CreateStatusListInput): {
426
+ uri: string;
427
+ bits: 1 | 2 | 4 | 8;
428
+ statuses: number[];
429
+ ttl?: number | undefined;
430
+ expiresAt?: number | undefined;
431
+ aggregation_uri?: string | undefined;
432
+ };
433
+ allocateCredentialStatus(input: {
434
+ statusList: StatusListRecord;
435
+ status?: number;
436
+ }): {
437
+ credentialStatus: CredentialStatus;
438
+ updatedStatusList: StatusListRecord;
439
+ };
440
+ updateCredentialStatus(input: {
441
+ statusList: StatusListRecord;
442
+ idx: number;
443
+ status: number;
444
+ }): {
445
+ uri: string;
446
+ bits: 1 | 2 | 4 | 8;
447
+ statuses: number[];
448
+ ttl?: number | undefined;
449
+ expiresAt?: number | undefined;
450
+ aggregation_uri?: string | undefined;
451
+ };
452
+ createStatusListToken(statusList: StatusListRecord): Promise<string>;
453
+ createPreAuthorizedGrant(input: CreatePreAuthorizedGrantInput): {
454
+ preAuthorizedCode: string;
455
+ expiresAt: number;
456
+ credential_configuration_id: string;
457
+ preAuthorizedGrant: {
458
+ preAuthorizedCode: string;
459
+ credentialConfigurationId: string;
460
+ claims: Record<string, unknown>;
461
+ expiresAt: number;
462
+ used: false;
463
+ };
464
+ };
465
+ createCredentialOffer(input: CreateCredentialOfferInput): {
466
+ preAuthorizedGrant: {
467
+ preAuthorizedCode: string;
468
+ credentialConfigurationId: string;
469
+ claims: Record<string, unknown>;
470
+ expiresAt: number;
471
+ used: false;
472
+ };
473
+ credential_issuer: string;
474
+ credential_configuration_ids: string[];
475
+ grants: {
476
+ "urn:ietf:params:oauth:grant-type:pre-authorized_code": {
477
+ "pre-authorized_code": string;
478
+ tx_code?: undefined;
479
+ };
480
+ };
481
+ };
482
+ createCredentialOfferUri(input: CreateCredentialOfferInput): string;
483
+ createCredentialOfferReferenceUri(credentialOfferUrl: string): string;
484
+ exchangePreAuthorizedCode(input: ExchangePreAuthorizedCodeInput): {
485
+ access_token: string;
486
+ token_type: string;
487
+ expires_in: number;
488
+ credential_configuration_id: string;
489
+ accessTokenRecord: {
490
+ accessToken: string;
491
+ credentialConfigurationId: string;
492
+ claims: Record<string, unknown>;
493
+ expiresAt: number;
494
+ used: false;
495
+ };
496
+ updatedPreAuthorizedGrant: {
497
+ used: true;
498
+ preAuthorizedCode: string;
499
+ credentialConfigurationId: string;
500
+ claims: Record<string, unknown>;
501
+ expiresAt: number;
502
+ };
503
+ };
504
+ createNonce(): {
505
+ c_nonce: string;
506
+ c_nonce_expires_in: number;
507
+ nonce: {
508
+ c_nonce: string;
509
+ expiresAt: number;
510
+ used: false;
511
+ };
512
+ };
513
+ validateProofJwt(input: ValidateProofJwtInput): Promise<{
514
+ nonce: string;
515
+ holderPublicJwk: JWK;
516
+ holderKeyThumbprint: string;
517
+ payload: Record<string, unknown>;
518
+ protectedHeader: Record<string, unknown>;
519
+ updatedNonce: {
520
+ used: true;
521
+ c_nonce: string;
522
+ expiresAt: number;
523
+ };
524
+ }>;
525
+ issueCredential(input: IssueCredentialInput & {
526
+ proof?: ValidatedProof;
527
+ }): Promise<{
528
+ format: "dc+sd-jwt";
529
+ nonce: {
530
+ c_nonce: string;
531
+ expiresAt: number;
532
+ used: false;
533
+ };
534
+ updatedAccessToken: {
535
+ used: true;
536
+ accessToken: string;
537
+ credentialConfigurationId: string;
538
+ claims: Record<string, unknown>;
539
+ expiresAt: number;
540
+ };
541
+ credential: string;
542
+ c_nonce?: string | undefined;
543
+ c_nonce_expires_in?: number | undefined;
544
+ }>;
545
+ parseIssuedCredential(encoded: string): Promise<{
546
+ jwt: string;
547
+ header: Record<string, unknown> | undefined;
548
+ payload: Record<string, unknown> | undefined;
549
+ claims: Record<string, unknown>;
550
+ }>;
551
+ }
552
+ declare const createIssuer: (config: IssuerConfigInput, options?: {
553
+ now?: () => number;
554
+ idGenerator?: () => string;
555
+ }) => DemoIssuer;
556
+ //#endregion
557
+ //#region src/openid4vci.d.ts
558
+ declare function createIssuerMetadata(config: IssuerConfigInput): IssuerMetadataPayload;
559
+ declare function serializeCredentialOfferUri(offer: CredentialOffer): CredentialOfferUri;
560
+ declare function serializeCredentialOfferReferenceUri(credentialOfferUrl: string): CredentialOfferUri;
561
+ declare function getCredentialIssuerMetadataUrl(credentialIssuer: string): string;
562
+ //#endregion
563
+ //#region src/status-list.d.ts
564
+ declare function createStatusList(input: CreateStatusListInput): StatusListRecord;
565
+ declare function allocateCredentialStatus(input: {
566
+ statusList: StatusListRecord;
567
+ status?: TokenStatusValue;
568
+ }): {
569
+ credentialStatus: CredentialStatus;
570
+ updatedStatusList: StatusListRecord;
571
+ };
572
+ declare function updateCredentialStatus(input: {
573
+ statusList: StatusListRecord;
574
+ idx: number;
575
+ status: TokenStatusValue;
576
+ }): StatusListRecord;
577
+ declare function encodeStatusList(statusList: StatusListRecord): {
578
+ bits: StatusListBits;
579
+ lst: string;
580
+ aggregation_uri?: string;
581
+ };
582
+ declare function createStatusListJwt(input: {
583
+ issuer: string;
584
+ signingKey: {
585
+ alg: string;
586
+ privateKey: CryptoKey;
587
+ publicJwk: JWK;
588
+ };
589
+ statusList: StatusListRecord;
590
+ now: () => number;
591
+ }): Promise<string>;
592
+ //#endregion
593
+ export { type AccessTokenRecord, type ClaimSet, type CreateCredentialOfferInput, type CreatePreAuthorizedGrantInput, type CreateStatusListInput, type CredentialConfiguration, type CredentialOffer, type CredentialOfferUri, type CredentialRequest, type CredentialResponse, type CredentialStatus, type CredentialStatusListReference, DemoIssuer, type ExchangePreAuthorizedCodeInput, type IssueCredentialInput, type IssuerConfigInput, IssuerError, type IssuerMetadataCredentialConfiguration, type IssuerMetadataPayload, type Jwk, type NonceRecord, type NonceResponse, type PreAuthorizedGrantRecord, type SigningAlg, type StatusListBits, type StatusListRecord, type TokenRequest, type TokenResponse, type TokenStatusValue, type ValidateProofJwtInput, accessTokenRecordSchema, allocateCredentialStatus, claimSetSchema, createCredentialOfferInputSchema, createIssuer, createIssuerMetadata, createPreAuthorizedGrantInputSchema, createStatusList, createStatusListInputSchema, createStatusListJwt, credentialConfigurationSchema, credentialOfferSchema, credentialOfferUriSchema, credentialRequestProofSchema, credentialRequestSchema, credentialResponseSchema, credentialStatusListReferenceSchema, credentialStatusSchema, encodeStatusList, exchangePreAuthorizedCodeInputSchema, generateIssuerTrustMaterial, getCredentialIssuerMetadataUrl, issueCredentialInputSchema, issuerConfigSchema, issuerMetadataCredentialConfigurationSchema, issuerMetadataSchema, jwkSchema, nonceRecordSchema, nonceResponseSchema, preAuthorizedGrantRecordSchema, preAuthorizedGrantTypeSchema, serializeCredentialOfferReferenceUri, serializeCredentialOfferUri, signingAlgSchema, statusListBitsSchema, statusListRecordSchema, tokenRequestSchema, tokenResponseSchema, tokenStatusValueSchema, updateCredentialStatus, validateProofJwtInputSchema };