@sphereon/oid4vci-client

import { CredentialFormat, ISimpleLogger } from '@sphereon/ssi-types'; import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common'; import * as _sphereon_oid4vci_common from '@sphereon/oid4vci-common'; import { AccessTokenRequestOpts, OpenIDResponse, AccessTokenResponse, DPoPResponseParams, AccessTokenRequest, TxCodeAndPinRequired, EndpointMetadata, AuthorizationServerOpts, IssuerOpts, RequestObjectOpts, PKCEOpts, EndpointMetadataResultV1_0_13, AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl, CredentialConfigurationSupportedV1_0_13, OpenId4VCIVersion, AuthorizationChallengeRequestOpts, AuthorizationChallengeCodeResponse, CommonAuthorizationChallengeRequest, EndpointMetadataResultV1_0_11, CredentialsSupportedLegacy, Jwt, ProofOfPossessionCallbacks, PoPMode, ProofOfPossession, Alg, Typ, OID4VCICredentialFormat, CredentialResponse, UniformCredentialRequest, ExperimentalSubjectIssuance, UniformCredentialOfferRequest, CredentialIssuerMetadata, CredentialIssuerMetadataV1_0_13, CredentialRequestWithoutProofV1_0_13, CredentialRequestV1_0_13, CredentialOfferRequestWithBaseUrlV1_0_11, NotificationRequest, NotificationResponseResult, WellKnownEndpoints, CredentialOfferPayload, CredentialIssuerMetadataV1_0_11, IssuerMetadataV1_0_08, AuthorizationServerMetadata, CredentialOfferPayloadV1_0_13, IssuerMetadataV1_0_13, AuthorizationResponse, CredentialConfigurationSupported, AuthzFlowType } from '@sphereon/oid4vci-common'; declare class AccessTokenClient { acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, createDPoPOpts, }: { accessTokenRequest: AccessTokenRequest; pinMetadata?: TxCodeAndPinRequired; metadata?: EndpointMetadata; asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; createAccessTokenRequest(opts: Omit<AccessTokenRequestOpts, 'createDPoPOpts'>): Promise<AccessTokenRequest>; private assertPreAuthorizedGrantType; private assertAuthorizationGrantType; private getPinMetadata; private assertAlphanumericPin; private assertNonEmptyPreAuthorizedCode; private assertNonEmptyCodeVerifier; private assertNonEmptyCode; private validate; private sendAuthCode; static determineTokenURL({ asOpts, issuerOpts, metadata, }: { asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; metadata?: EndpointMetadata; }): string; private static creatTokenURLFromURL; private throwNotSupportedFlow; } declare class AccessTokenClientV1_0_11 { acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; acquireAccessTokenUsingRequest({ accessTokenRequest, isPinRequired, metadata, asOpts, createDPoPOpts, issuerOpts, }: { accessTokenRequest: AccessTokenRequest; isPinRequired?: boolean; metadata?: EndpointMetadata; asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; createAccessTokenRequest(opts: Omit<AccessTokenRequestOpts, 'createDPoPOpts'>): Promise<AccessTokenRequest>; private assertPreAuthorizedGrantType; private assertAuthorizationGrantType; private isPinRequiredValue; private assertNumericPin; private assertNonEmptyPreAuthorizedCode; private assertNonEmptyCodeVerifier; private assertNonEmptyCode; private validate; private sendAuthCode; static determineTokenURL({ asOpts, issuerOpts, metadata, }: { asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; metadata?: EndpointMetadata; }): string; private static creatTokenURLFromURL; private throwNotSupportedFlow; } declare function createSignedAuthRequestWhenNeeded(requestObject: Record<string, any>, opts: RequestObjectOpts & { aud?: string; }): Promise<void>; declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: { pkce: PKCEOpts; endpointMetadata: EndpointMetadataResultV1_0_13; authorizationRequest: AuthorizationRequestOpts; credentialOffer?: CredentialOfferRequestWithBaseUrl; credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_13>; clientId?: string; version?: OpenId4VCIVersion; }) => Promise<string>; declare const acquireAuthorizationChallengeAuthCode: (opts: AuthorizationChallengeRequestOpts) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare const acquireAuthorizationChallengeAuthCodeUsingRequest: (opts: { authorizationChallengeRequest: CommonAuthorizationChallengeRequest; metadata?: EndpointMetadata; issuerOpts?: IssuerOpts; }) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare const createAuthorizationChallengeRequest: (opts: AuthorizationChallengeRequestOpts) => Promise<CommonAuthorizationChallengeRequest>; declare const sendAuthorizationChallengeRequest: (authorizationChallengeCodeUrl: string, authorizationChallengeRequest: CommonAuthorizationChallengeRequest, opts?: { headers?: Record<string, string>; }) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare const createAuthorizationRequestUrlV1_0_11: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialsSupported, }: { pkce: PKCEOpts; endpointMetadata: EndpointMetadataResultV1_0_11; authorizationRequest: AuthorizationRequestOpts; credentialOffer?: CredentialOfferRequestWithBaseUrl; credentialsSupported?: CredentialsSupportedLegacy[]; }) => Promise<string>; declare class ProofOfPossessionBuilder<DIDDoc = never> { private readonly proof?; private readonly callbacks?; private readonly version; private readonly mode; private kid?; private jwk?; private aud?; private clientId?; private issuer?; private jwt?; private alg?; private jti?; private cNonce?; private typ?; private constructor(); static manual({ jwt, callbacks, version, mode, }: { jwt?: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromJwt({ jwt, callbacks, version, mode, }: { jwt: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromAccessTokenResponse({ accessTokenResponse, callbacks, version, mode, }: { accessTokenResponse: AccessTokenResponse; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromProof(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder; withAud(aud: string | string[]): this; withClientId(clientId: string): this; withKid(kid: string): this; withJWK(jwk: JWK): this; withIssuer(issuer: string): this; withAlg(alg: Alg | string): this; withJti(jti: string): this; withTyp(typ: Typ): this; withAccessTokenNonce(cNonce: string): this; withAccessTokenResponse(accessToken: AccessTokenResponse): this; withEndpointMetadata(endpointMetadata: EndpointMetadata): this; withJwt(jwt: Jwt): this; build(): Promise<ProofOfPossession>; } interface CredentialRequestOptsV1_0_11 { deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; credentialEndpoint: string; deferredCredentialEndpoint?: string; credentialTypes: string[]; format?: CredentialFormat | OID4VCICredentialFormat; proof: ProofOfPossession; token: string; version: OpenId4VCIVersion; } declare class CredentialRequestClientV1_0_11 { private readonly _credentialRequestOpts; private _isDeferred; get credentialRequestOpts(): CredentialRequestOptsV1_0_11; isDeferred(): boolean; getCredentialEndpoint(): string; getDeferredCredentialEndpoint(): string | undefined; constructor(builder: CredentialRequestClientBuilderV1_0_11); acquireCredentialsUsingProof(opts: { proofInput: ProofOfPossessionBuilder | ProofOfPossession; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingRequest(uniformRequest: UniformCredentialRequest, createDPoPOpts?: CreateDPoPClientOpts): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireDeferredCredential(response: Pick<CredentialResponse, 'transaction_id' | 'acceptance_token' | 'c_nonce'>, opts?: { bearerToken?: string; }): Promise<OpenIDResponse<CredentialResponse> & { access_token: string; }>; createCredentialRequest(opts: { proofInput: ProofOfPossessionBuilder | ProofOfPossession; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; version: OpenId4VCIVersion; }): Promise<UniformCredentialRequest>; private version; private isV11OrHigher; } declare class CredentialRequestClientBuilderV1_0_11 { credentialEndpoint?: string; deferredCredentialEndpoint?: string; deferredCredentialAwait: boolean; deferredCredentialIntervalInMS: number; credentialTypes: string[]; format?: CredentialFormat | OID4VCICredentialFormat; token?: string; version?: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadata; version?: OpenId4VCIVersion; credentialTypes: string | string[]; }): CredentialRequestClientBuilderV1_0_11; static fromURI({ uri, metadata }: { uri: string; metadata?: EndpointMetadata; }): Promise<CredentialRequestClientBuilderV1_0_11>; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadata; }): CredentialRequestClientBuilderV1_0_11; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadata; }): CredentialRequestClientBuilderV1_0_11; withIssuerState(issuerState?: string): this; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this; withCredentialEndpoint(credentialEndpoint: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialType(credentialTypes: string | string[]): this; withFormat(format: CredentialFormat | OID4VCICredentialFormat): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClientV1_0_11; } declare class CredentialRequestClientBuilderV1_0_13 { credentialEndpoint?: string; deferredCredentialEndpoint?: string; deferredCredentialAwait: boolean; deferredCredentialIntervalInMS: number; credentialIdentifier?: string; credentialTypes?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; token?: string; version?: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadata; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilderV1_0_13; static fromURI({ uri, metadata }: { uri: string; metadata?: EndpointMetadata; }): Promise<CredentialRequestClientBuilderV1_0_13>; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadata; }): CredentialRequestClientBuilderV1_0_13; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadata; }): CredentialRequestClientBuilderV1_0_13; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_13): this; withCredentialEndpoint(credentialEndpoint: string): this; withIssuerState(issuerState?: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_13): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withCredentialType(credentialTypes: string | string[]): this; withFormat(format: CredentialFormat | OID4VCICredentialFormat): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } interface CredentialRequestOpts { deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; credentialEndpoint: string; notificationEndpoint?: string; deferredCredentialEndpoint?: string; credentialTypes?: string[]; credentialIdentifier?: string; format?: CredentialFormat | OID4VCICredentialFormat; proof: ProofOfPossession; token: string; version: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; } type CreateCredentialRequestOpts = { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; version: OpenId4VCIVersion; }; declare function buildProof(proofInput: ProofOfPossessionBuilder | ProofOfPossession, opts: { version: OpenId4VCIVersion; cNonce?: string; }): Promise<ProofOfPossession>; declare class CredentialRequestClient { private readonly _credentialRequestOpts; private _isDeferred; get credentialRequestOpts(): CredentialRequestOpts; isDeferred(): boolean; getCredentialEndpoint(): string; getDeferredCredentialEndpoint(): string | undefined; constructor(builder: CredentialRequestClientBuilderV1_0_13 | CredentialRequestClientBuilderV1_0_11); /** * Typically you should not use this method, as it omits a proof from the request. * There are certain issuers that in specific circumstances can do without this proof, because they have other means of user binding * like using DPoP together with an authorization code flow. These are however rare, so you should be using the acquireCredentialsUsingProof normally * @param opts */ acquireCredentialsWithoutProof(opts: { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingProof(opts: { proofInput: ProofOfPossessionBuilder | ProofOfPossession; credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingRequestWithoutProof(uniformRequest: UniformCredentialRequest, createDPoPOpts?: CreateDPoPClientOpts): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingRequest(uniformRequest: UniformCredentialRequest, createDPoPOpts?: CreateDPoPClientOpts): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; private acquireCredentialsUsingRequestImpl; acquireDeferredCredential(response: Pick<CredentialResponse, 'transaction_id' | 'acceptance_token' | 'c_nonce'>, opts?: { bearerToken?: string; }): Promise<OpenIDResponse<CredentialResponse> & { access_token: string; }>; createCredentialRequestWithoutProof(opts: CreateCredentialRequestOpts): Promise<CredentialRequestWithoutProofV1_0_13>; createCredentialRequest(opts: CreateCredentialRequestOpts & { proofInput: ProofOfPossessionBuilder | ProofOfPossession; }): Promise<CredentialRequestV1_0_13>; private createCredentialRequestImpl; private version; } declare class CredentialOfferClient { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise<CredentialOfferRequestWithBaseUrl>; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialOfferClientV1_0_11 { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise<CredentialOfferRequestWithBaseUrlV1_0_11>; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialOfferClientV1_0_13 { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise<CredentialOfferRequestWithBaseUrl>; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialRequestClientBuilder { private _builder; private constructor(); static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadata; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilder; static fromURI({ uri, metadata }: { uri: string; metadata?: EndpointMetadata; }): Promise<CredentialRequestClientBuilder>; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadata; }): CredentialRequestClientBuilder; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadata; }): CredentialRequestClientBuilder; getVersion(): OpenId4VCIVersion | undefined; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata | CredentialIssuerMetadataV1_0_13): this; withCredentialEndpoint(credentialEndpoint: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata | CredentialIssuerMetadataV1_0_13): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withIssuerState(issuerState?: string): this; withCredentialType(credentialTypes: string | string[]): this; withFormat(format: CredentialFormat | OID4VCICredentialFormat): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClientV1_0_11 | CredentialRequestClient; } declare const generateMissingPKCEOpts: (pkce: PKCEOpts) => PKCEOpts; declare function sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; /** * Allows to retrieve information from a well-known location * * @param host The host * @param endpointType The endpoint type, currently supports OID4VCI, OIDC and OAuth2 endpoint types * @param opts Options, like for instance whether an error should be thrown in case the endpoint doesn't exist */ declare const retrieveWellknown: <T>(host: string, endpointType: WellKnownEndpoints, opts?: { errorOnNotFound?: boolean; }) => Promise<OpenIDResponse<T>>; declare const createJwtBearerClientAssertion: (request: Partial<AccessTokenRequest>, opts: AccessTokenRequestOpts & { version?: OpenId4VCIVersion; }) => Promise<void>; declare function isUriEncoded(str: string): boolean; declare function handleCredentialOfferUri(uri: string): Promise<{ credential_offer: unknown; }>; declare function constructBaseResponse(request: UniformCredentialOfferRequest, scheme: string, baseUrl: string): { txCode?: _sphereon_oid4vci_common.TxCode | undefined; preAuthorizedCode?: string | undefined; issuerState?: string | undefined; original_credential_offer: _sphereon_oid4vci_common.CredentialOfferPayload; version: _sphereon_oid4vci_common.OpenId4VCIVersion; supportedFlows: _sphereon_oid4vci_common.AuthzFlowType[]; credential_offer: _sphereon_oid4vci_common.UniformCredentialOfferPayload; credential_offer_uri?: string; clientId?: string | undefined; scheme: string; baseUrl: string; }; declare class MetadataClient { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11>; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11>; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean; }): Promise<EndpointMetadataResultV1_0_13 | EndpointMetadataResultV1_0_11>; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise<OpenIDResponse<CredentialIssuerMetadataV1_0_11 | CredentialIssuerMetadataV1_0_13 | (IssuerMetadataV1_0_08 & Partial<AuthorizationServerMetadata>)> | undefined>; } declare class MetadataClientV1_0_13 { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_13>; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayloadV1_0_13): Promise<EndpointMetadataResultV1_0_13>; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean; }): Promise<EndpointMetadataResultV1_0_13>; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise<OpenIDResponse<IssuerMetadataV1_0_13> | undefined>; } declare class MetadataClientV1_0_11 { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_11>; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResultV1_0_11>; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean; }): Promise<EndpointMetadataResultV1_0_11>; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise<OpenIDResponse<CredentialIssuerMetadataV1_0_11> | undefined>; } interface OpenID4VCIClientStateV1_0_11 { credentialIssuer: string; credentialOffer?: CredentialOfferRequestWithBaseUrl; clientId?: string; kid?: string; jwk?: JWK; alg?: Alg | string; endpointMetadata?: EndpointMetadataResultV1_0_11; accessTokenResponse?: AccessTokenResponse; dpopResponseParams?: DPoPResponseParams; authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse; pkce: PKCEOpts; accessToken?: string; authorizationURL?: string; } declare class OpenID4VCIClientV1_0_11 { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<OpenID4VCIClientV1_0_11>; static fromState({ state }: { state: OpenID4VCIClientStateV1_0_11 | string; }): Promise<OpenID4VCIClientV1_0_11>; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; }): Promise<OpenID4VCIClientV1_0_11>; /** * Allows you to create an Authorization Request URL when using an Authorization Code flow. This URL needs to be accessed using the front channel (browser) * * The Identity provider would present a login screen typically; after you authenticated, it would redirect to the provided redirectUri; which can be same device or cross-device * @param opts */ createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<string>; retrieveServerMetadata(): Promise<EndpointMetadataResultV1_0_11>; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise<AuthorizationChallengeCodeResponse>; acquireAccessToken(opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record<string, any>; }): Promise<AccessTokenResponse & { params?: DPoPResponseParams; }>; acquireCredentials({ credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialTypes: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format?: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponse>; exportState(): Promise<string>; getCredentialsSupportedV11(restrictToInitiationTypes: boolean, format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record<string, CredentialConfigurationSupported>; getCredentialsSupported(format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): CredentialConfigurationSupported[]; getCredentialOfferTypes(): string[][]; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResultV1_0_11; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string; /** * Too bad we need a method like this, but EBSI is not exposing metadata */ isEBSI(): boolean | undefined; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; } interface OpenID4VCIClientStateV1_0_13 { credentialIssuer: string; credentialOffer?: CredentialOfferRequestWithBaseUrl; clientId?: string; kid?: string; jwk?: JWK; alg?: Alg | string; endpointMetadata?: EndpointMetadataResultV1_0_13; accessTokenResponse?: AccessTokenResponse; dpopResponseParams?: DPoPResponseParams; authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse; pkce: PKCEOpts; accessToken?: string; authorizationURL?: string; sendIssuerStateIfNoNonce?: boolean; } declare class OpenID4VCIClientV1_0_13 { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<OpenID4VCIClientV1_0_13>; static fromState({ state }: { state: OpenID4VCIClientStateV1_0_13 | string; }): Promise<OpenID4VCIClientV1_0_13>; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; }): Promise<OpenID4VCIClientV1_0_13>; /** * Allows you to create an Authorization Request URL when using an Authorization Code flow. This URL needs to be accessed using the front channel (browser) * * The Identity provider would present a login screen typically; after you authenticated, it would redirect to the provided redirectUri; which can be same device or cross-device * @param opts */ createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<string>; retrieveServerMetadata(): Promise<EndpointMetadataResultV1_0_13>; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise<AuthorizationChallengeCodeResponse>; acquireAccessToken(opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record<string, any>; }): Promise<AccessTokenResponse & { params?: DPoPResponseParams; }>; acquireCredentialsWithoutProof(args: { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; experimentalHolderIssuanceSupported?: boolean; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponse & { access_token: string; }>; acquireCredentials(args: { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format?: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; experimentalHolderIssuanceSupported?: boolean; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponse & { access_token: string; }>; private acquireCredentialsImpl; exportState(): Promise<string>; getCredentialsSupported(format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record<string, CredentialConfigurationSupportedV1_0_13>; sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; hasAuthorizationURL(): boolean; get authorizationURL(): string | undefined; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResultV1_0_13; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string; /** * Too bad we need a method like this, but EBSI is not exposing metadata */ isEBSI(): boolean; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; } type OpenID4VCIClientState = OpenID4VCIClientStateV1_0_11 | OpenID4VCIClientStateV1_0_13; type EndpointMetadataResult = EndpointMetadataResultV1_0_11 | EndpointMetadataResultV1_0_13; declare class OpenID4VCIClient { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; endpointMetadata?: EndpointMetadataResult; }): Promise<OpenID4VCIClient>; static fromState({ state }: { state: OpenID4VCIClientState | string; }): Promise<OpenID4VCIClient>; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, endpointMetadata, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; endpointMetadata?: EndpointMetadataResult; }): Promise<OpenID4VCIClient>; /** * Allows you to create an Authorization Request URL when using an Authorization Code flow. This URL needs to be accessed using the front channel (browser) * * The Identity provider would present a login screen typically; after you authenticated, it would redirect to the provided redirectUri; which can be same device or cross-device * @param opts */ createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<string>; retrieveServerMetadata(): Promise<EndpointMetadataResult>; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise<AuthorizationChallengeCodeResponse>; acquireAccessToken(opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record<string, any>; }): Promise<AccessTokenResponse & { params?: DPoPResponseParams; }>; acquireCredentials({ credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialTypes: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format?: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; experimentalHolderIssuanceSupported?: boolean; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponse & { params?: DPoPResponseParams; access_token: string; }>; exportState(): Promise<string>; getCredentialsSupported(restrictToInitiationTypes?: boolean, format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record<string, CredentialConfigurationSupportedV1_0_13> | Array<CredentialConfigurationSupported>; sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; getCredentialOfferTypes(): string[][] | undefined; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResult; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; getAuthorizationChallengeEndpoint(): string | undefined; hasAuthorizationChallengeEndpoint(): boolean; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string; /** * Too bad we need a method like this, but EBSI is not exposing metadata */ isEBSI(): any; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; } declare const LOG: ISimpleLogger<string>; export { AccessTokenClient, AccessTokenClientV1_0_11, type CreateCredentialRequestOpts, CredentialOfferClient, CredentialOfferClientV1_0_11, CredentialOfferClientV1_0_13, CredentialRequestClient, CredentialRequestClientBuilder, CredentialRequestClientBuilderV1_0_11, CredentialRequestClientBuilderV1_0_13, CredentialRequestClientV1_0_11, type CredentialRequestOpts, type CredentialRequestOptsV1_0_11, type EndpointMetadataResult, LOG, MetadataClient, MetadataClientV1_0_11, MetadataClientV1_0_13, OpenID4VCIClient, type OpenID4VCIClientState, type OpenID4VCIClientStateV1_0_11, type OpenID4VCIClientStateV1_0_13, OpenID4VCIClientV1_0_11, OpenID4VCIClientV1_0_13, ProofOfPossessionBuilder, acquireAuthorizationChallengeAuthCode, acquireAuthorizationChallengeAuthCodeUsingRequest, buildProof, constructBaseResponse, createAuthorizationChallengeRequest, createAuthorizationRequestUrl, createAuthorizationRequestUrlV1_0_11, createJwtBearerClientAssertion, createSignedAuthRequestWhenNeeded, generateMissingPKCEOpts, handleCredentialOfferUri, isUriEncoded, retrieveWellknown, sendAuthorizationChallengeRequest, sendNotification };