@sphereon/oid4vci-client

import { CredentialFormat, ISimpleLogger } from '@sphereon/ssi-types'; import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common'; import * as _sphereon_oid4vci_common from '@sphereon/oid4vci-common'; import { AccessTokenRequestOpts, OpenIDResponse, AccessTokenResponse, DPoPResponseParams, AccessTokenRequest, TxCodeAndPinRequired, EndpointMetadata, AuthorizationServerOpts, IssuerOpts, RequestObjectOpts, PKCEOpts, EndpointMetadataResultV1_0_15, AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl, CredentialConfigurationSupportedV1_0_15, OpenId4VCIVersion, AuthorizationChallengeRequestOpts, AuthorizationChallengeCodeResponse, CommonAuthorizationChallengeRequest, ExperimentalSubjectIssuance, UniformCredentialOfferRequest, CredentialIssuerMetadataV1_0_15, Jwt, ProofOfPossessionCallbacks, PoPMode, ProofOfPossession, Alg, Typ, AuthorizationDetailsV1_0_15, OID4VCICredentialFormat, CredentialResponse, CredentialRequest, CredentialRequestV1_0_15, CredentialIssuerMetadata, NotificationRequest, NotificationResponseResult, WellKnownEndpoints, CredentialOfferPayload, CredentialOfferPayloadV1_0_15, IssuerMetadataV1_0_15, AuthorizationResponse, CredentialResponseV1_0_15, AuthzFlowType, CredentialConfigurationSupported } from '@sphereon/oid4vci-common'; declare class AccessTokenClient { acquireAccessToken(opts: AccessTokenRequestOpts): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, createDPoPOpts, }: { accessTokenRequest: AccessTokenRequest; pinMetadata?: TxCodeAndPinRequired; metadata?: EndpointMetadata; asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<AccessTokenResponse, DPoPResponseParams>>; createAccessTokenRequest(opts: Omit<AccessTokenRequestOpts, 'createDPoPOpts'>): Promise<AccessTokenRequest>; private assertPreAuthorizedGrantType; private assertAuthorizationGrantType; private getPinMetadata; private assertAlphanumericPin; private assertNonEmptyPreAuthorizedCode; private assertNonEmptyCodeVerifier; private assertNonEmptyCode; private validate; private sendAuthCode; static determineTokenURL({ asOpts, issuerOpts, metadata, }: { asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; metadata?: EndpointMetadata; }): string; private static creatTokenURLFromURL; private throwNotSupportedFlow; } declare function createSignedAuthRequestWhenNeeded(requestObject: Record<string, any>, opts: RequestObjectOpts & { aud?: string; }): Promise<void>; declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: { pkce: PKCEOpts; endpointMetadata: EndpointMetadataResultV1_0_15; authorizationRequest: AuthorizationRequestOpts; credentialOffer?: CredentialOfferRequestWithBaseUrl; credentialConfigurationSupported?: Record<string, CredentialConfigurationSupportedV1_0_15>; clientId?: string; version?: OpenId4VCIVersion; }) => Promise<string>; declare const acquireAuthorizationChallengeAuthCode: (opts: AuthorizationChallengeRequestOpts) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare const acquireAuthorizationChallengeAuthCodeUsingRequest: (opts: { authorizationChallengeRequest: CommonAuthorizationChallengeRequest; metadata?: EndpointMetadata; issuerOpts?: IssuerOpts; }) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare const createAuthorizationChallengeRequest: (opts: AuthorizationChallengeRequestOpts) => Promise<CommonAuthorizationChallengeRequest>; declare const sendAuthorizationChallengeRequest: (authorizationChallengeCodeUrl: string, authorizationChallengeRequest: CommonAuthorizationChallengeRequest, opts?: { headers?: Record<string, string>; }) => Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>>; declare class CredentialRequestClientBuilderV1_0_15 { credentialEndpoint?: string; deferredCredentialEndpoint?: string; nonceEndpoint?: string; deferredCredentialAwait: boolean; deferredCredentialIntervalInMS: number; credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string[]; token?: string; version?: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialConfigurationId, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadataResultV1_0_15; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilderV1_0_15; static fromURI({ uri, metadata, }: { uri: string; metadata?: EndpointMetadataResultV1_0_15; }): Promise<CredentialRequestClientBuilderV1_0_15>; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilderV1_0_15; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilderV1_0_15; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withCredentialEndpoint(credentialEndpoint: string): this; withIssuerState(issuerState?: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withNonceEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withNonceEndpoint(nonceEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withCredentialConfigurationId(credentialConfigurationId: string): this; withCredentialType(credentialTypes: string | string[]): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } declare class ProofOfPossessionBuilder<DIDDoc = never> { private readonly proof?; private readonly callbacks?; private readonly mode; private kid?; private jwk?; private aud?; private clientId?; private issuer?; private jwt?; private alg?; private jti?; private cNonce?; private typ?; private constructor(); static manual({ jwt, callbacks, version, mode, }: { jwt?: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromJwt({ jwt, callbacks, version, mode, }: { jwt: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromAccessTokenResponse({ accessTokenResponse, callbacks, version, mode, }: { accessTokenResponse: AccessTokenResponse; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromProof(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder; withAud(aud: string | string[]): this; withClientId(clientId: string): this; withKid(kid: string): this; withJWK(jwk: JWK): this; withIssuer(issuer: string): this; withAlg(alg: Alg | string): this; withJti(jti: string): this; withTyp(typ: Typ): this; withAccessTokenNonce(cNonce: string): this; withAccessTokenResponse(accessToken: AccessTokenResponse): this; withEndpointMetadata(endpointMetadata: EndpointMetadata): this; withJwt(jwt: Jwt): this; build(): Promise<ProofOfPossession>; } interface CredentialRequestOpts { deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; credentialEndpoint: string; notificationEndpoint?: string; deferredCredentialEndpoint?: string; credentialTypes?: string[]; credentialIdentifier?: string; credentialConfigurationId?: string; proof: ProofOfPossession; token: string; version: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; authorizationDetails?: AuthorizationDetailsV1_0_15[]; } type CreateCredentialRequestOpts = { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; version: OpenId4VCIVersion; credentialConfigurationId?: string; }; declare function buildProof(proofInput: ProofOfPossessionBuilder | ProofOfPossession, opts: { version: OpenId4VCIVersion; cNonce?: string; }): Promise<ProofOfPossession>; declare class CredentialRequestClient { private readonly _credentialRequestOpts; private _isDeferred; get credentialRequestOpts(): CredentialRequestOpts; isDeferred(): boolean; getCredentialEndpoint(): string; getDeferredCredentialEndpoint(): string | undefined; constructor(builder: CredentialRequestClientBuilderV1_0_15); /** * Typically you should not use this method, as it omits a proof from the request. * There are certain issuers that in specific circumstances can do without this proof, because they have other means of user binding * like using DPoP together with an authorization code flow. These are however rare, so you should be using the acquireCredentialsUsingProof normally * @param opts */ acquireCredentialsWithoutProof(opts: { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingProof(opts: { proofInput: ProofOfPossessionBuilder | ProofOfPossession; format: CredentialFormat | OID4VCICredentialFormat; credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingRequestWithoutProof(uniformRequest: CredentialRequest, format: OID4VCICredentialFormat, createDPoPOpts?: CreateDPoPClientOpts): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; acquireCredentialsUsingRequest(uniformRequest: CredentialRequest, format: OID4VCICredentialFormat, createDPoPOpts?: CreateDPoPClientOpts): Promise<OpenIDResponse<CredentialResponse, DPoPResponseParams> & { access_token: string; }>; private acquireCredentialsUsingRequestImpl; acquireDeferredCredential(response: Pick<CredentialResponse, 'transaction_id' | 'acceptance_token' | 'c_nonce'>, opts?: { bearerToken?: string; }): Promise<OpenIDResponse<CredentialResponse> & { access_token: string; }>; createCredentialRequestWithoutProof(opts: CreateCredentialRequestOpts): Promise<CredentialRequestV1_0_15>; createCredentialRequest(opts: CreateCredentialRequestOpts & { proofInput: ProofOfPossessionBuilder | ProofOfPossession; }): Promise<CredentialRequestV1_0_15>; private createCredentialRequestImpl; private version; } declare class CredentialOfferClient { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise<CredentialOfferRequestWithBaseUrl>; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialOfferClientV1_0_15 { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise<CredentialOfferRequestWithBaseUrl>; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialRequestClientBuilder { private _builder; private constructor(); static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadata; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilder; static fromURI({ uri, metadata, }: { uri: string; metadata?: EndpointMetadataResultV1_0_15; }): Promise<CredentialRequestClientBuilder>; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilder; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilder; getVersion(): OpenId4VCIVersion | undefined; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata | CredentialIssuerMetadataV1_0_15): this; withCredentialEndpoint(credentialEndpoint: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withIssuerState(issuerState?: string): this; withCredentialType(credentialTypes: string | string[]): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } declare const generateMissingPKCEOpts: (pkce: PKCEOpts) => PKCEOpts; declare function sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; /** * Allows to retrieve information from a well-known location * * @param host The host * @param endpointType The endpoint type, currently supports OID4VCI, OIDC and OAuth2 endpoint types * @param opts Options, like for instance whether an error should be thrown in case the endpoint doesn't exist */ declare const retrieveWellknown: <T>(host: string, endpointType: WellKnownEndpoints, opts?: { errorOnNotFound?: boolean; }) => Promise<OpenIDResponse<T>>; declare const createJwtBearerClientAssertion: (request: Partial<AccessTokenRequest>, opts: AccessTokenRequestOpts & { version?: OpenId4VCIVersion; }) => Promise<void>; declare function isUriEncoded(str: string): boolean; declare function handleCredentialOfferUri(uri: string): Promise<{ credential_offer: unknown; }>; declare function constructBaseResponse(request: UniformCredentialOfferRequest, scheme: string, baseUrl: string): { txCode?: _sphereon_oid4vci_common.TxCode | undefined; preAuthorizedCode?: string | undefined; issuerState?: string | undefined; original_credential_offer: _sphereon_oid4vci_common.CredentialOfferPayload; version: _sphereon_oid4vci_common.OpenId4VCIVersion; supportedFlows: _sphereon_oid4vci_common.AuthzFlowType[]; credential_offer: _sphereon_oid4vci_common.UniformCredentialOfferPayload; credential_offer_uri?: string; clientId?: string | undefined; scheme: string; baseUrl: string; }; declare class MetadataClient { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean; }): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise<OpenIDResponse<CredentialIssuerMetadataV1_0_15> | undefined>; } declare class MetadataClientV1_0_15 { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayloadV1_0_15): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound: boolean; }): Promise<EndpointMetadataResultV1_0_15>; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise<OpenIDResponse<IssuerMetadataV1_0_15> | undefined>; } interface OpenID4VCIClientStateV1_0_15 { credentialIssuer: string; credentialOffer?: CredentialOfferRequestWithBaseUrl; clientId?: string; kid?: string; jwk?: JWK; alg?: Alg | string; endpointMetadata?: EndpointMetadataResultV1_0_15; accessTokenResponse?: AccessTokenResponse; dpopResponseParams?: DPoPResponseParams; authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse; pkce: PKCEOpts; accessToken?: string; authorizationURL?: string; cachedCNonce?: string; keyAttestation?: string; } declare class OpenID4VCIClientV1_0_15 { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; keyAttestation?: string; }): Promise<OpenID4VCIClientV1_0_15>; static fromState({ state, }: { state: OpenID4VCIClientStateV1_0_15 | string; }): Promise<OpenID4VCIClientV1_0_15>; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; keyAttestation?: string; }): Promise<OpenID4VCIClientV1_0_15>; createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<string>; retrieveServerMetadata(): Promise<EndpointMetadataResultV1_0_15>; acquireNonce(): Promise<string>; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise<AuthorizationChallengeCodeResponse>; acquireAccessToken(opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record<string, any>; }): Promise<AccessTokenResponse & { params?: DPoPResponseParams; }>; acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponseV1_0_15 & { params?: DPoPResponseParams; access_token: string; }>; exportState(): Promise<string>; getCredentialsSupported(restrictToInitiationTypes?: boolean, format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record<string, CredentialConfigurationSupportedV1_0_15>; sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; getCredentialOfferConfigurationIds(): string[]; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResultV1_0_15; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; get state(): OpenID4VCIClientStateV1_0_15; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; getNonceEndpoint(): string | undefined; hasNonceEndpoint(): boolean; getAuthorizationChallengeEndpoint(): string | undefined; hasAuthorizationChallengeEndpoint(): boolean; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string | undefined; isEBSI(): any; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; } type OpenID4VCIClientState = OpenID4VCIClientStateV1_0_15; type EndpointMetadataResult = EndpointMetadataResultV1_0_15; declare class OpenID4VCIClient { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; endpointMetadata?: EndpointMetadataResult; }): Promise<OpenID4VCIClient>; static fromState({ state }: { state: OpenID4VCIClientState | string; }): Promise<OpenID4VCIClient>; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, endpointMetadata, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; endpointMetadata?: EndpointMetadataResult; }): Promise<OpenID4VCIClient>; /** * Allows you to create an Authorization Request URL when using an Authorization Code flow. This URL needs to be accessed using the front channel (browser) * * The Identity provider would present a login screen typically; after you authenticated, it would redirect to the provided redirectUri; which can be same device or cross-device * @param opts */ createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise<string>; retrieveServerMetadata(): Promise<EndpointMetadataResult>; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise<AuthorizationChallengeCodeResponse>; acquireAccessToken(opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record<string, any>; }): Promise<AccessTokenResponse & { params?: DPoPResponseParams; }>; acquireCredentials({ credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialTypes: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; experimentalHolderIssuanceSupported?: boolean; createDPoPOpts?: CreateDPoPClientOpts; }): Promise<CredentialResponseV1_0_15 & { params?: DPoPResponseParams; access_token: string; }>; exportState(): Promise<string>; getCredentialsSupported(format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record<string, CredentialConfigurationSupportedV1_0_15> | Array<CredentialConfigurationSupported>; sendNotification(credentialRequestOpts: Partial<CredentialRequestOpts>, request: NotificationRequest, accessToken?: string): Promise<NotificationResponseResult>; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResult; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; getAuthorizationChallengeEndpoint(): string | undefined; hasAuthorizationChallengeEndpoint(): boolean; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string; /** * Too bad we need a method like this, but EBSI is not exposing metadata */ isEBSI(): any; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; private hasNonceEndpoint; private acquireNonceViaV15Delegate; private shouldRetryWithFreshNonce; } declare const LOG: ISimpleLogger<string>; export { AccessTokenClient, type CreateCredentialRequestOpts, CredentialOfferClient, CredentialOfferClientV1_0_15, CredentialRequestClient, CredentialRequestClientBuilder, CredentialRequestClientBuilderV1_0_15, type CredentialRequestOpts, type EndpointMetadataResult, LOG, MetadataClient, MetadataClientV1_0_15, OpenID4VCIClient, type OpenID4VCIClientState, type OpenID4VCIClientStateV1_0_15, OpenID4VCIClientV1_0_15, ProofOfPossessionBuilder, acquireAuthorizationChallengeAuthCode, acquireAuthorizationChallengeAuthCodeUsingRequest, buildProof, constructBaseResponse, createAuthorizationChallengeRequest, createAuthorizationRequestUrl, createJwtBearerClientAssertion, createSignedAuthRequestWhenNeeded, generateMissingPKCEOpts, handleCredentialOfferUri, isUriEncoded, retrieveWellknown, sendAuthorizationChallengeRequest, sendNotification };