@sphereon/oid4vci-common/dist/index.cjs.map

OpenID 4 Verifiable Credential Issuance Common Types

{"version":3,"sources":["../../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.11.29_postcss@8.5.3_tsx@4.19.4_typescript@5.8.3_yaml@2.8.0/node_modules/tsup/assets/cjs_shims.js","../lib/functions/randomBytes.cjs","../lib/index.ts","../lib/functions/index.ts","../lib/functions/CredentialRequestUtil.ts","../lib/types/index.ts","../lib/types/OpenIDClient.ts","../lib/types/Authorization.types.ts","../lib/types/Generic.types.ts","../lib/types/CredentialIssuance.types.ts","../lib/types/v1_0_08.types.ts","../lib/types/v1_0_09.types.ts","../lib/types/v1_0_11.types.ts","../lib/types/v1_0_13.types.ts","../lib/types/ServerMetadata.ts","../lib/types/OpenID4VCIErrors.ts","../lib/types/OpenID4VCIVersions.types.ts","../lib/types/StateManager.types.ts","../lib/types/Token.types.ts","../lib/types/QRCode.types.ts","../lib/functions/FormatUtils.ts","../lib/functions/CredentialResponseUtil.ts","../lib/functions/HttpUtils.ts","../lib/functions/CredentialOfferUtil.ts","../lib/functions/Encoding.ts","../lib/functions/TypeConversionUtils.ts","../lib/functions/IssuerMetadataUtils.ts","../lib/functions/ProofUtil.ts","../lib/functions/AuthorizationResponseUtil.ts","../lib/functions/RandomUtils.ts","../lib/experimental/holder-vci.ts","../lib/events/index.ts"],"sourcesContent":["// Shim globals in cjs bundle\n// There's a weird bug that esbuild will always inject importMetaUrl\n// if we export it as `const importMetaUrl = ... __filename ...`\n// But using a function will not cause this issue\n\nconst getImportMetaUrl = () =>\n  typeof document === 'undefined'\n    ? new URL(`file:${__filename}`).href\n    : (document.currentScript && document.currentScript.src) ||\n      new URL('main.js', document.baseURI).href\n\nexport const importMetaUrl = /* @__PURE__ */ getImportMetaUrl()\n","// limit of Crypto.getRandomValues()\n// https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues\nconst MAX_BYTES = 65536\n\n// Node supports requesting up to this number of bytes\n// https://github.com/nodejs/node/blob/master/lib/internal/crypto/random.js#L48\nconst MAX_UINT32 = 4294967295\n\nfunction oldBrowser() {\n  throw new Error('Secure random number generation is not supported by this browser.\\nUse Chrome, Firefox or Internet Explorer 11')\n}\n\n// eslint-disable-next-line no-undef\nconst _global = typeof globalThis !== 'undefined' ? globalThis : global\n\nlet crypto = _global.crypto || _global.msCrypto\nif (!crypto) {\n  try {\n    // eslint-disable-next-line no-undef\n    crypto = require('crypto')\n  } catch (err) {\n    throw Error('crypto module is not available')\n  }\n}\n\nfunction randomBytes(size) {\n  // phantomjs needs to throw\n  if (size > MAX_UINT32) throw new Error('requested too many random bytes')\n\n  // eslint-disable-next-line no-undef\n  const bytes = Buffer.allocUnsafe(size)\n\n  if (size > 0) {\n    // getRandomValues fails on IE if size == 0\n    if (size > MAX_BYTES) {\n      // this is the max bytes crypto.getRandomValues\n      // can do at once see https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues\n      for (let generated = 0; generated < size; generated += MAX_BYTES) {\n        // buffer.slice automatically checks if the end is past the end of\n        // the buffer so we don't have to here\n        crypto.getRandomValues(bytes.slice(generated, generated + MAX_BYTES))\n      }\n    } else {\n      crypto.getRandomValues(bytes)\n    }\n  }\n  return Uint8Array.from(bytes)\n}\n\n// eslint-disable-next-line no-undef\nmodule.exports = randomBytes\n","import { Loggers } from '@sphereon/ssi-types'\n\nexport const VCI_LOGGERS = Loggers.DEFAULT\nexport const VCI_LOG_COMMON = VCI_LOGGERS.get('sphereon:oid4vci:common')\n\nexport * from './functions'\nexport * from './types'\nexport * from './experimental/holder-vci'\nexport * from './events'\n","export * from './CredentialRequestUtil'\nexport * from './CredentialResponseUtil'\nexport * from './CredentialOfferUtil'\nexport * from './Encoding'\nexport * from './TypeConversionUtils'\nexport * from './IssuerMetadataUtils'\nexport * from './FormatUtils'\nexport * from './HttpUtils'\nexport * from './ProofUtil'\nexport * from './AuthorizationResponseUtil'\nexport * from './RandomUtils'\n","import {\n  CredentialRequest,\n  CredentialRequestV1_0_08,\n  CredentialRequestV1_0_11,\n  CredentialRequestV1_0_13,\n  OpenId4VCIVersion,\n  UniformCredentialRequest,\n} from '../types'\n\nimport { getFormatForVersion } from './FormatUtils'\n\nexport function getTypesFromRequest(credentialRequest: CredentialRequest, opts?: { filterVerifiableCredential: boolean }) {\n  let types: string[] = []\n  if ('credential_identifier' in credentialRequest && credentialRequest.credential_identifier) {\n    throw Error(`Cannot get types from request when it contains a credential_identifier`)\n  } else if (\n    credentialRequest.format === 'jwt_vc_json-ld' ||\n    credentialRequest.format === 'ldp_vc' ||\n    credentialRequest.format === 'jwt_vc' ||\n    credentialRequest.format === 'jwt_vc_json'\n  ) {\n    if ('credential_definition' in credentialRequest && credentialRequest.credential_definition) {\n      types =\n        'types' in credentialRequest.credential_definition\n          ? credentialRequest.credential_definition.types\n          : credentialRequest.credential_definition.type\n    }\n\n    if ('type' in credentialRequest && Array.isArray(credentialRequest.type)) {\n      types = credentialRequest.type\n    }\n\n    if ('types' in credentialRequest && Array.isArray(credentialRequest.types)) {\n      types = credentialRequest.types\n    }\n  } else if (credentialRequest.format === 'vc+sd-jwt' && 'vct' in credentialRequest) {\n    types = [credentialRequest.vct]\n  } else if (credentialRequest.format === 'mso_mdoc' && 'doctype' in credentialRequest) {\n    types = [credentialRequest.doctype]\n  }\n\n  if (!types || types.length === 0) {\n    throw Error('Could not deduce types from credential request')\n  }\n  if (opts?.filterVerifiableCredential) {\n    return types.filter((type) => type !== 'VerifiableCredential')\n  }\n  return types\n}\n\nexport function getCredentialRequestForVersion(\n  credentialRequest: UniformCredentialRequest,\n  version: OpenId4VCIVersion,\n): UniformCredentialRequest | CredentialRequestV1_0_08 | CredentialRequestV1_0_11 | CredentialRequestV1_0_13 {\n  if (version === OpenId4VCIVersion.VER_1_0_08) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const draft8Format = getFormatForVersion(credentialRequest.format!, version)\n    const types = getTypesFromRequest(credentialRequest, { filterVerifiableCredential: true })\n\n    if (credentialRequest.credential_subject_issuance) {\n      throw Error('Experimental subject issuance is not supported for older versions of the spec')\n    }\n    return {\n      format: draft8Format,\n      proof: credentialRequest.proof,\n      type: types[0],\n    } satisfies CredentialRequestV1_0_08\n    /* } else if (version === OpenId4VCIVersion.VER_1_0_11) {\n    // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n    // @ts-ignore\n    const { credential_definition = undefined, ...requestv11 } = credentialRequest;\n    return {\n      ...requestv11,\n      ...credential_definition,\n    } as CredentialRequestV1_0_11;*/\n  }\n\n  return credentialRequest\n}\n","export * from './OpenIDClient'\nexport * from './Authorization.types'\nexport * from './CredentialIssuance.types'\nexport * from './Generic.types'\nexport * from './v1_0_08.types'\nexport * from './v1_0_09.types'\nexport * from './v1_0_11.types'\nexport * from './v1_0_13.types'\nexport * from './ServerMetadata'\nexport * from './OpenID4VCIErrors'\nexport * from './OpenID4VCIVersions.types'\nexport * from './StateManager.types'\nexport * from './Token.types'\nexport * from './QRCode.types'\n","/**\n * Copied from openid-client\n */\nexport type ClientResponseType = 'code' | 'id_token' | 'code id_token' | 'none' | string\nexport type ClientAuthMethod =\n  | 'client_secret_basic'\n  | 'client_secret_post'\n  | 'client_secret_jwt'\n  | 'private_key_jwt'\n  | 'tls_client_auth'\n  | 'self_signed_tls_client_auth'\n  | 'none'\nexport interface ClientMetadata {\n  // important\n  client_id: string\n  id_token_signed_response_alg?: string\n  token_endpoint_auth_method?: ClientAuthMethod\n  client_secret?: string\n  redirect_uris?: string[]\n  response_types?: ClientResponseType[]\n  post_logout_redirect_uris?: string[]\n  default_max_age?: number\n  require_auth_time?: boolean\n  tls_client_certificate_bound_access_tokens?: boolean\n  request_object_signing_alg?: string\n\n  // less important\n  id_token_encrypted_response_alg?: string\n  id_token_encrypted_response_enc?: string\n  introspection_endpoint_auth_method?: ClientAuthMethod\n  introspection_endpoint_auth_signing_alg?: string\n  request_object_encryption_alg?: string\n  request_object_encryption_enc?: string\n  revocation_endpoint_auth_method?: ClientAuthMethod\n  revocation_endpoint_auth_signing_alg?: string\n  token_endpoint_auth_signing_alg?: string\n  userinfo_encrypted_response_alg?: string\n  userinfo_encrypted_response_enc?: string\n  userinfo_signed_response_alg?: string\n  authorization_encrypted_response_alg?: string\n  authorization_encrypted_response_enc?: string\n  authorization_signed_response_alg?: string\n\n  [key: string]: unknown\n}\n","import { CreateDPoPClientOpts } from '@sphereon/oid4vc-common'\n\nimport { Alg, CredentialOfferPayload, ProofOfPossessionCallbacks, UniformCredentialOffer } from './CredentialIssuance.types'\nimport {\n  ErrorResponse,\n  IssuerCredentialSubject,\n  JsonLdIssuerCredentialDefinition,\n  OID4VCICredentialFormat,\n  PRE_AUTH_CODE_LITERAL,\n  TxCode,\n} from './Generic.types'\nimport { EndpointMetadata } from './ServerMetadata'\n\nexport interface CommonAuthorizationRequest {\n  /**\n   * REQUIRED.  Value MUST be set to \"code\". for Authorization Code Grant\n   */\n  response_type: ResponseType.AUTH_CODE\n  /**\n   * The authorization server issues the registered client a client\n   *    identifier -- a unique string representing the registration\n   *    information provided by the client.\n   */\n  client_id: string\n  /**\n   * If the \"code_challenge_method\" from Section 4.3 was \"S256\", the\n   *    received \"code_verifier\" is hashed by SHA-256, base64url-encoded, and\n   *    then compared to the \"code_challenge\", i.e.:\n   *    BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge\n   *\n   * If the \"code_challenge_method\" from Section 4.3 was \"plain\", they are\n   *    compared directly, i.e.:\n   *    code_verifier == code_challenge.\n   */\n  code_challenge: string\n  /**\n   * value must be set either to \"S256\" or a value defined by a cryptographically secure\n   */\n  code_challenge_method: CodeChallengeMethod\n  /**\n   * The redirection endpoint URI MUST be an absolute URI as defined by: absolute-URI  = scheme \":\" hier-part [ \"?\" query ]\n   */\n  redirect_uri: string\n  /**\n   * The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.\n   */\n  scope?: string\n  /**\n   * There are two possible ways to request issuance of a specific Credential type in an Authorization Request.\n   * One way is to use of the authorization_details request parameter as defined in [I-D.ietf-oauth-rar]\n   * with one or more authorization details objects of type openid_credential Section 5.1.1.\n   * (The other is through the use of scopes as defined in Section 5.1.2.)\n   */\n  authorization_details?: AuthorizationDetails[] | AuthorizationDetails\n  /**\n   * OPTIONAL. JSON string containing the Wallet's OpenID Connect issuer URL. The Credential Issuer will use the discovery process as defined in\n   * [SIOPv2] to determine the Wallet's capabilities and endpoints. RECOMMENDED in Dynamic Credential Request.\n   */\n  wallet_issuer?: string\n  /**\n   * OPTIONAL. JSON string containing an opaque user hint the Wallet MAY use in subsequent callbacks to optimize the user's experience.\n   * RECOMMENDED in Dynamic Credential Request.\n   */\n  user_hint?: string\n  /**\n   * OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in\n   * an issuance initation request from the Credential Issuer to the Wallet (see (Section 4.1). This request parameter is used to pass the\n   * issuer_state value back to the Credential Issuer.\n   */\n  issuer_state?: string\n}\n\n// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-req\nexport interface CommonAuthorizationChallengeRequest {\n  /**\n   * REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included..\n   */\n  client_id?: string\n  /**\n   * OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in\n   * an issuance initation request from the Credential Issuer to the Wallet. This request parameter is used to pass the\n   * issuer_state value back to the Credential Issuer.\n   */\n  issuer_state?: string\n  /**\n   * The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.\n   */\n  scope?: string // TODO what we do with this\n  /**\n   * OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent\n   * requests by this client with an ongoing authorization request sequence. The client MUST include the\n   * auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with\n   * the error response.\n   */\n  auth_session?: string\n  /**\n   * OPTIONAL. If the \"code_challenge_method\" from Section 4.3 was \"S256\", the\n   *    received \"code_verifier\" is hashed by SHA-256, base64url-encoded, and\n   *    then compared to the \"code_challenge\", i.e.:\n   *    BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge\n   *\n   * If the \"code_challenge_method\" from Section 4.3 was \"plain\", they are\n   *    compared directly, i.e.:\n   *    code_verifier == code_challenge.\n   */\n  code_challenge?: string // TODO what we do with this\n  /**\n   * OPTIONAL. value must be set either to \"S256\" or a value defined by a cryptographically secure\n   */\n  code_challenge_method?: CodeChallengeMethod // TODO what we do with this\n  /**\n   * OPTIONAL. String containing information about the session when credential presentation is happening during issuance of another\n   * credential. The content of this parameter is opaque to the wallet. When this parameter is present the Wallet MUST use this parameter in\n   * the subsequent Authorization Challenge Request. This allows the Issuer to determine which it can be used by to prevent session\n   * fixation attacks. The Response URI MAY return this parameter in response to successful Authorization Responses or for Error\n   * Responses.\n   */\n  presentation_during_issuance_session?: string\n}\n\nexport interface AuthorizationChallengeRequestOpts {\n  clientId?: string\n  issuerState?: string\n  authSession?: string\n  scope?: string\n  codeChallenge?: string\n  codeChallengeMethod?: CodeChallengeMethod\n  presentationDuringIssuanceSession?: string\n  metadata?: EndpointMetadata\n  credentialIssuer?: string\n}\n\n// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-error-response\nexport interface AuthorizationChallengeErrorResponse {\n  /**\n   * A single ASCII error code of type AuthorizationChallengeError.\n   */\n  error: AuthorizationChallengeError\n  /**\n   * OPTIONAL. OPTIONAL. Human-readable ASCII text providing additional information, used\n   * to assist the client developer in understanding the error that occurred. Values for the error_description\n   * parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.\n   */\n  error_description?: string\n  /**\n   * OPTIONAL. A URI identifying a human-readable web page with information about the error, used\n   * to provide the client developer with additional information about the error. Values for the error_uri\n   * parameter MUST conform to the URI-reference syntax and thus MUST NOT include characters outside the\n   * set %x21 / %x23-5B / %x5D-7E.\n   */\n  error_uri?: string\n  /**\n   * OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent\n   * requests by this client with an ongoing authorization request sequence. The client MUST include the\n   * auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with\n   * the error response.\n   */\n  auth_session?: string\n  /**\n   * OPTIONAL. The request URI corresponding to the authorization request posted. This URI is a single-use reference\n   * to the respective request data in the subsequent authorization request.\n   */\n  request_uri?: string\n  /**\n   * OPTIONAL. A JSON number that represents the lifetime of the request URI in seconds as a positive integer.\n   */\n  expires_in?: number\n  /**\n   * String containing the OID4VP request URI. The Wallet will use this URI to start the OID4VP flow.\n   */\n  presentation?: string\n}\n\n// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-res\nexport interface AuthorizationChallengeCodeResponse {\n  /**\n   * The authorization code issued by the authorization server.\n   */\n  authorization_code: string\n  state?: string\n}\n\n// https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-error-response\nexport enum AuthorizationChallengeError {\n  invalid_request = 'invalid_request',\n  invalid_client = 'invalid_client',\n  unauthorized_client = 'unauthorized_client',\n  invalid_session = 'invalid_session',\n  invalid_scope = 'invalid_scope',\n  insufficient_authorization = 'insufficient_authorization',\n  redirect_to_web = 'redirect_to_web',\n}\n\n/**\n * string type added for conformity with our previous code in the client\n */\nexport type AuthorizationDetails =\n  | (CommonAuthorizationDetails &\n      (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc | AuthorizationDetailsMsoMdoc))\n  | string\n\nexport type AuthorizationRequest =\n  | AuthorizationRequestJwtVcJson\n  | AuthorizationRequestJwtVcJsonLdAndLdpVc\n  | AuthorizationRequestSdJwtVc\n  | AuthorizationRequestMsoMdoc\n\nexport interface AuthorizationRequestJwtVcJson extends CommonAuthorizationRequest {\n  authorization_details?: AuthorizationDetailsJwtVcJson[]\n}\n\nexport interface AuthorizationRequestJwtVcJsonLdAndLdpVc extends CommonAuthorizationRequest {\n  authorization_details?: AuthorizationDetailsJwtVcJsonLdAndLdpVc[]\n}\n\nexport interface AuthorizationRequestSdJwtVc extends CommonAuthorizationRequest {\n  authorization_details?: AuthorizationDetailsSdJwtVc[]\n}\n\nexport interface AuthorizationRequestMsoMdoc extends CommonAuthorizationRequest {\n  authorization_details?: AuthorizationDetailsMsoMdoc[]\n}\n\n/*\nexport interface AuthDetails {\n  type: 'openid_credential' | string;\n  locations?: string | string[];\n  format: CredentialFormat | CredentialFormat[];\n\n  [s: string]: unknown;\n}\n*/\n\nexport interface CommonAuthorizationDetails {\n  /**\n   * REQUIRED. JSON string that determines the authorization details type.\n   * MUST be set to openid_credential for the purpose of this specification.\n   */\n  type: 'openid_credential' | string\n\n  /**\n   *  REQUIRED when format parameter is not present. String specifying a unique identifier of the Credential being described in the credential_configurations_supported map in the Credential Issuer Metadata as defined in Section 11.2.3. The referenced object in the credential_configurations_supported map conveys the details, such as the format, for issuance of the requested Credential. This specification defines Credential Format specific Issuer Metadata in Appendix A. It MUST NOT be present if format parameter is present.\n   */\n  credential_configuration_id?: string // FIXME maybe split up and make this & format required again\n\n  /**\n   * REQUIRED. JSON string representing the format in which the Credential is requested to be issued.\n   * This Credential format identifier determines further claims in the authorization details object\n   * specifically used to identify the Credential type to be issued. This specification defines\n   * Credential Format Profiles in Appendix E.\n   */\n  format?: OID4VCICredentialFormat\n  /**\n   * If the Credential Issuer metadata contains an authorization_server parameter,\n   * the authorization detail's locations common data field MUST be set to the Credential Issuer Identifier value.\n   */\n  locations?: string[]\n\n  /* // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  // [key: string]: any;*/\n}\n\nexport interface AuthorizationDetailsJwtVcJson extends CommonAuthorizationDetails {\n  format: 'jwt_vc_json' | 'jwt_vc' // jwt_vc added for backward compat\n\n  /**\n   * A JSON object containing a list of key value pairs, where the key identifies the claim offered in the Credential.\n   * The value MAY be a dictionary, which allows to represent the full (potentially deeply nested) structure of the\n   * verifiable credential to be issued. This object indicates the claims the Wallet would like to turn up in the\n   * credential to be issued.\n   */\n  credentialSubject?: IssuerCredentialSubject\n\n  types: string[] // This claim contains the type values the Wallet requests authorization for at the issuer.\n}\n\nexport interface AuthorizationDetailsJwtVcJsonLdAndLdpVc extends CommonAuthorizationDetails {\n  format: 'ldp_vc' | 'jwt_vc_json-ld'\n\n  /**\n   * REQUIRED. JSON object containing (and isolating) the detailed description of the credential type.\n   * This object MUST be processed using full JSON-LD processing. It consists of the following sub-claims:\n   *   - @context: REQUIRED. JSON array as defined in Appendix E.1.3.2\n   *   - types: REQUIRED. JSON array as defined in Appendix E.1.3.2.\n   *            This claim contains the type values the Wallet shall request in the subsequent Credential Request\n   */\n  credential_definition: JsonLdIssuerCredentialDefinition\n}\n\nexport interface AuthorizationDetailsSdJwtVc extends CommonAuthorizationDetails {\n  format: 'vc+sd-jwt'\n\n  vct: string\n  claims?: IssuerCredentialSubject\n}\n\nexport interface AuthorizationDetailsMsoMdoc extends CommonAuthorizationDetails {\n  format: 'mso_mdoc'\n\n  doctype: string\n  claims?: IssuerCredentialSubject\n}\n\nexport enum GrantTypes {\n  AUTHORIZATION_CODE = 'authorization_code',\n  PRE_AUTHORIZED_CODE = 'urn:ietf:params:oauth:grant-type:pre-authorized_code',\n  PASSWORD = 'password',\n}\n\nexport enum Encoding {\n  FORM_URL_ENCODED = 'application/x-www-form-urlencoded',\n  UTF_8 = 'UTF-8',\n}\n\nexport enum ResponseType {\n  AUTH_CODE = 'code',\n}\n\nexport enum CodeChallengeMethod {\n  plain = 'plain',\n  S256 = 'S256',\n}\n\nexport interface AuthorizationServerOpts {\n  allowInsecureEndpoints?: boolean\n  as?: string // If not provided the issuer hostname will be used!\n  tokenEndpoint?: string // Allows to override the default '/token' endpoint\n  clientOpts?: AuthorizationServerClientOpts\n}\n\nexport type AuthorizationServerClientOpts = {\n  clientId: string\n  clientAssertionType?: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'\n  kid?: string\n  alg?: Alg\n  signCallbacks?: ProofOfPossessionCallbacks\n}\n\nexport interface IssuerOpts {\n  issuer: string\n  tokenEndpoint?: string\n  fetchMetadata?: boolean\n}\n\nexport interface AccessTokenFromAuthorizationResponseOpts extends AccessTokenRequestOpts {\n  authorizationResponse: AuthorizationResponse\n}\n\nexport type TxCodeAndPinRequired = { isPinRequired?: boolean; txCode?: TxCode }\n\nexport interface AccessTokenRequestOpts {\n  credentialOffer?: UniformCredentialOffer\n  credentialIssuer?: string\n  asOpts?: AuthorizationServerOpts\n  metadata?: EndpointMetadata\n  codeVerifier?: string // only required for authorization flow\n  code?: string // only required for authorization flow\n  redirectUri?: string // only required for authorization flow\n  pin?: string // Pin-number. Only used when required\n  pinMetadata?: TxCodeAndPinRequired // OPTIONAL. String value containing a Transaction Code. This value MUST be present if a tx_code object was present in the Credential Offer (including if the object was empty). This parameter MUST only be used if the grant_type is urn:ietf:params:oauth:grant-type:pre-authorized_code.\n  // if the CreateDPoPOpts are provided, a dPoP will be created using the provided callback,\n  // if the authorization server indicates that it supports dPoP via the dpop_signing_alg_values_supported parameter.\n  createDPoPOpts?: CreateDPoPClientOpts\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  additionalParams?: Record<string, any>\n}\n\n/*export interface AuthorizationRequestOpts {\n  clientId: string;\n  codeChallenge: string;\n  codeChallengeMethod: CodeChallengeMethod;\n  authorizationDetails?: AuthorizationDetails[];\n  redirectUri: string;\n  scope?: string;\n}*/\n\n/**\n * Determinse whether PAR should be used when supported\n *\n * REQUIRE: Require PAR, if AS does not support it throw an error\n * AUTO: Use PAR is the AS supports it, otherwise construct a reqular URI,\n * NEVER: Do not use PAR even if the AS supports it (not recommended)\n */\nexport enum PARMode {\n  REQUIRE,\n  AUTO,\n  NEVER,\n}\n\n/**\n * Optional options to provide PKCE params like code verifier and challenge yourself, or to disable PKCE altogether. If not provide PKCE will still be used! If individual params are not provide, they will be generated/calculated\n */\nexport interface PKCEOpts {\n  /**\n   * PKCE is enabled by default even if you do not provide these options. Set this to true to disable PKCE\n   */\n  disabled?: boolean\n\n  /**\n   * Provide a code_challenge, otherwise it will be calculated using the code_verifier and method\n   */\n  codeChallenge?: string\n\n  /**\n   * The code_challenge_method, should always by S256\n   */\n  codeChallengeMethod?: CodeChallengeMethod\n\n  /**\n   * Provide a code_verifier, otherwise it will be generated\n   */\n  codeVerifier?: string\n}\n\nexport enum CreateRequestObjectMode {\n  NONE,\n  REQUEST_OBJECT,\n  REQUEST_URI,\n}\n\nexport type RequestObjectOpts = {\n  requestObjectMode?: CreateRequestObjectMode\n  signCallbacks?: ProofOfPossessionCallbacks\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  clientMetadata?: Record<string, any> // TODO: Merge SIOP/OID4VP\n  iss?: string\n  jwksUri?: string\n  kid?: string\n}\n\nexport interface AuthorizationRequestOpts {\n  clientId?: string\n  pkce?: PKCEOpts\n  parMode?: PARMode\n  authorizationDetails?: AuthorizationDetails | AuthorizationDetails[]\n  redirectUri?: string\n  scope?: string\n  requestObjectOpts?: RequestObjectOpts\n  holderPreferredAuthzFlowTypeOrder?: AuthzFlowType[]\n}\n\nexport interface AuthorizationResponse {\n  code: string\n  scope?: string\n  state?: string\n}\n\nexport interface AuthorizationGrantResponse extends AuthorizationResponse {\n  grant_type: string\n}\n\nexport interface AccessTokenRequest {\n  client_id?: string\n  code?: string\n  code_verifier?: string\n  grant_type: GrantTypes\n  'pre-authorized_code': string\n  redirect_uri?: string\n  scope?: string\n  user_pin?: string //this is for v11, not required in v13 anymore\n  tx_code?: string //draft 13\n  [s: string]: unknown\n}\n\nexport interface OpenIDResponse<T, P = never> {\n  origResponse: Response\n  successBody?: T\n  errorBody?: ErrorResponse\n  params?: P\n}\n\nexport interface DPoPResponseParams {\n  dpop?: { dpopNonce: string }\n}\n\nexport interface AccessTokenResponse {\n  access_token: string\n  scope?: string\n  token_type?: string\n  expires_in?: number // in seconds\n  c_nonce?: string\n  c_nonce_expires_in?: number // in seconds\n  authorization_pending?: boolean\n  interval?: number // in seconds\n}\n\nexport enum AuthzFlowType {\n  AUTHORIZATION_CODE_FLOW = 'Authorization Code Flow',\n  PRE_AUTHORIZED_CODE_FLOW = 'Pre-Authorized Code Flow',\n}\n\n// eslint-disable-next-line @typescript-eslint/no-namespace\nexport namespace AuthzFlowType {\n  export function valueOf(request: CredentialOfferPayload): AuthzFlowType {\n    if (PRE_AUTH_CODE_LITERAL in request) {\n      return AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW\n    }\n    return AuthzFlowType.AUTHORIZATION_CODE_FLOW\n  }\n}\n\nexport interface PushedAuthorizationResponse {\n  request_uri: string\n  expires_in: number\n}\n","import { ICredentialContextType, IVerifiableCredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\n\nimport { ExperimentalSubjectIssuance } from '../experimental/holder-vci'\n\nimport { ProofOfPossession } from './CredentialIssuance.types'\nimport { AuthorizationServerMetadata } from './ServerMetadata'\nimport { CredentialOfferSession } from './StateManager.types'\nimport { IssuerMetadataV1_0_08 } from './v1_0_08.types'\nimport { CredentialRequestV1_0_11, EndpointMetadataResultV1_0_11 } from './v1_0_11.types'\nimport {\n  CredentialConfigurationSupportedV1_0_13,\n  CredentialRequestV1_0_13,\n  EndpointMetadataResultV1_0_13,\n  IssuerMetadataV1_0_13,\n} from './v1_0_13.types'\n\nexport type InputCharSet = 'numeric' | 'text'\nexport type KeyProofType = 'jwt' | 'cwt' | 'ldp_vp'\n\nexport type PoPMode = 'pop' | 'JWT' // Proof of possession, or regular JWT\n\nexport type CredentialOfferMode = 'VALUE' | 'REFERENCE'\n\n/**\n * Important Note: please be aware that these Common interfaces are based on versions v1_0.11 and v1_0.09\n */\nexport interface ImageInfo {\n  url?: string\n  alt_text?: string\n\n  [key: string]: unknown\n}\n\nexport type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc' // jwt_vc is added for backwards compat\n\nexport interface NameAndLocale {\n  name?: string // REQUIRED. String value of a display name for the Credential.\n  locale?: string // OPTIONAL. String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 [RFC5646]. Multiple display objects MAY be included for separate languages. There MUST be only one object with the same language identifier.\n  [key: string]: unknown\n}\n\nexport interface LogoAndColor {\n  logo?: ImageInfo // OPTIONAL. A JSON object with information about the logo of the Credential with a following non-exhaustive list of parameters that MAY be included:\n  description?: string // OPTIONAL. String value of a description of the Credential.\n  background_color?: string //OPTIONAL. String value of a background color of the Credential represented as numerical color values defined in CSS Color Module Level 37 [CSS-Color].\n  text_color?: string // OPTIONAL. String value of a text color of the Credential represented as numerical color values defined in CSS Color Module Level 37 [CSS-Color].\n}\n\nexport type CredentialsSupportedDisplay = NameAndLocale &\n  LogoAndColor & {\n    name: string // REQUIRED. String value of a display name for the Credential.\n    background_image?: ImageInfo //OPTIONAL, NON-SPEC compliant!. URL of a background image useful for card views of credentials. Expected to an image that fills the full card-view of a wallet\n  }\n\nexport type MetadataDisplay = NameAndLocale &\n  LogoAndColor & {\n    name?: string //OPTIONAL. String value of a display name for the Credential Issuer.\n  }\n\nexport interface CredentialSupplierConfig {\n  [key: string]: any // This allows additional properties for credential suppliers\n}\n\nexport interface CredentialIssuerMetadataOpts {\n  credential_endpoint?: string // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components.\n  batch_credential_endpoint?: string // OPTIONAL. URL of the Credential Issuer's Batch Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. If omitted, the Credential Issuer does not support the Batch Credential Endpoint.\n  credentials_supported: CredentialsSupportedLegacy[] // REQUIRED in versions below 13. A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the Section 10.2.3.1.\n  credential_issuer: string // REQUIRED. The Credential Issuer's identifier.\n  authorization_server?: string // OPTIONAL. Identifier of the OAuth 2.0 Authorization Server (as defined in [RFC8414]) the Credential Issuer relies on for authorization. If this element is omitted, the entity providing the Credential Issuer is also acting as the AS, i.e. the Credential Issuer's identifier is used as the OAuth 2.0 Issuer value to obtain the Authorization Server metadata as per [RFC8414].\n  token_endpoint?: string\n  notification_endpoint?: string\n  authorization_challenge_endpoint?: string // OPTIONAL URL of the Credential Issuer's Authorization Challenge Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. Described on https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-02.html#name-authorization-challenge-end\n  display?: MetadataDisplay[] //  An array of objects, where each object contains display properties of a Credential Issuer for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included:\n  credential_supplier_config?: CredentialSupplierConfig\n}\n\n//todo: investigate if these values are enough.\nexport type AlgValue = 'RS256' | 'ES256' | 'PS256' | 'HS256' | string\nexport type EncValue = 'A128GCM' | 'A256GCM' | 'A128CBC-HS256' | 'A256CBC-HS512' | string\n\nexport interface ResponseEncryption {\n  /**\n   * REQUIRED. Array containing a list of the JWE [RFC7516] encryption algorithms\n   * (alg values) [RFC7518] supported by the Credential and Batch Credential Endpoint to encode the\n   * Credential or Batch Credential Response in a JWT\n   */\n  alg_values_supported: AlgValue[]\n\n  /**\n   * REQUIRED. Array containing a list of the JWE [RFC7516] encryption algorithms\n   * (enc values) [RFC7518] supported by the Credential and Batch Credential Endpoint to encode the\n   * Credential or Batch Credential Response in a JWT\n   */\n  enc_values_supported: EncValue[]\n\n  /**\n   * REQUIRED. Boolean value specifying whether the Credential Issuer requires the\n   * additional encryption on top of TLS for the Credential Response. If the value is true, the Credential\n   * Issuer requires encryption for every Credential Response and therefore the Wallet MUST provide\n   * encryption keys in the Credential Request. If the value is false, the Wallet MAY chose whether it\n   * provides encryption keys or not.\n   */\n  encryption_required: boolean\n}\n\n// For now we extend the opts above. Only difference is that the credential endpoint is optional in the Opts, as it can come from other sources. The value is however required in the eventual Issuer Metadata\nexport interface CredentialIssuerMetadata extends CredentialIssuerMetadataOpts, Partial<AuthorizationServerMetadata> {\n  authorization_servers?: string[] // OPTIONAL. Array of strings that identify the OAuth 2.0 Authorization Servers (as defined in [RFC8414]) the Credential Issuer relies on for authorization. If this element is omitted, the entity providing the Credential Issuer is also acting as the AS, i.e. the Credential Issuer's identifier is used as the OAuth 2.0 Issuer value to obtain the Authorization Server metadata as per [RFC8414].\n  credential_endpoint: string // REQUIRED. URL of the Credential Issuer's Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components.\n  credential_configurations_supported: Record<string, CredentialConfigurationSupported> // REQUIRED. A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the Section 10.2.3.1.\n  credential_issuer: string // REQUIRED. The Credential Issuer's identifier.\n  credential_response_encryption_alg_values_supported?: string // OPTIONAL. Array containing a list of the JWE [RFC7516] encryption algorithms (alg values) [RFC7518] supported by the Credential and/or Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT [RFC7519].\n  credential_response_encryption_enc_values_supported?: string //OPTIONAL. Array containing a list of the JWE [RFC7516] encryption algorithms (enc values) [RFC7518] supported by the Credential and/or Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT [RFC7519].\n  require_credential_response_encryption?: boolean //OPTIONAL. Boolean value specifying whether the Credential Issuer requires additional encryption on top of TLS for the Credential Response and expects encryption parameters to be present in the Credential Request and/or Batch Credential Request, with true indicating support. When the value is true, credential_response_encryption_alg_values_supported parameter MUST also be provided. If omitted, the default value is false.\n  credential_identifiers_supported?: boolean // OPTIONAL. Boolean value specifying whether the Credential Issuer supports returning credential_identifiers parameter in the authorization_details Token Response parameter, with true indicating support. If omitted, the default value is false.\n}\n\n// For now we extend the opts above. Only difference is that the credential endpoint is optional in the Opts, as it can come from other sources. The value is however required in the eventual Issuer Metadata\n\nexport interface CredentialSupportedBrief {\n  cryptographic_binding_methods_supported?: string[] // OPTIONAL. Array of case sensitive strings that identify how the Credential is bound to the identifier of the End-User who possesses the Credential\n  cryptographic_suites_supported?: string[] // OPTIONAL. Array of case sensitive strings that identify the cryptographic suites that are supported for the cryptographic_binding_methods_supported\n}\n\nexport interface ProofType {\n  proof_signing_alg_values_supported: string[]\n}\n\nexport type ProofTypesSupported = {\n  [key in KeyProofType]?: ProofType\n}\n\nexport type CommonCredentialSupported = CredentialSupportedBrief &\n  ExperimentalSubjectIssuance & {\n    format: OID4VCICredentialFormat | string //REQUIRED. A JSON string identifying the format of this credential, e.g. jwt_vc_json or ldp_vc.\n    id?: string // OPTIONAL. A JSON string identifying the respective object. The value MUST be unique across all credentials_supported entries in the Credential Issuer Metadata\n    display?: CredentialsSupportedDisplay[] // OPTIONAL. An array of objects, where each object contains the display properties of the supported credential for a certain language\n    scope?: string // OPTIONAL. A JSON string identifying the scope value that this Credential Issuer supports for this particular Credential. The value can be the same across multiple credential_configurations_supported objects. The Authorization Server MUST be able to uniquely identify the Credential Issuer based on the scope value. The Wallet can use this value in the Authorization Request as defined in Section 5.1.2. Scope values in this Credential Issuer metadata MAY duplicate those in the scopes_supported parameter of the Authorization Server.\n    proof_types_supported?: ProofTypesSupported\n\n    /**\n     * following properties are non-mso_mdoc specific and we might wanna rethink them when we're going to support mso_mdoc\n     */\n  }\n\nexport interface CredentialSupportedJwtVcJsonLdAndLdpVc extends CommonCredentialSupported {\n  types: string[] // REQUIRED. JSON array designating the types a certain credential type supports\n  '@context': ICredentialContextType[] // REQUIRED. JSON array as defined in [VC_DATA], Section 4.1.\n  credentialSubject?: IssuerCredentialSubject // OPTIONAL. A JSON object containing a list of key value pairs, where the key identifies the claim offered in the Credential. The value MAY be a dictionary, which allows to represent the full (potentially deeply nested) structure of the verifiable credential to be issued.\n  order?: string[] //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.\n  format: 'ldp_vc' | 'jwt_vc_json-ld'\n}\n\nexport interface CredentialSupportedJwtVcJson extends CommonCredentialSupported {\n  types: string[] // REQUIRED. JSON array designating the types a certain credential type supports\n  credentialSubject?: IssuerCredentialSubject // OPTIONAL. A JSON object containing a list of key value pairs, where the key identifies the claim offered in the Credential. The value MAY be a dictionary, which allows to represent the full (potentially deeply nested) structure of the verifiable credential to be issued.\n  order?: string[] //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.\n  format: 'jwt_vc_json' | 'jwt_vc' // jwt_vc added for backwards compat\n}\n\nexport interface CredentialSupportedSdJwtVc extends CommonCredentialSupported {\n  format: 'vc+sd-jwt'\n\n  vct: string\n  claims?: IssuerCredentialSubject\n\n  order?: string[] //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.\n}\n\nexport interface CredentialSupportedMsoMdoc extends CommonCredentialSupported {\n  format: 'mso_mdoc'\n\n  doctype: string\n  claims?: IssuerCredentialSubject\n\n  order?: string[] //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.\n}\n\nexport type CredentialConfigurationSupported =\n  | CredentialConfigurationSupportedV1_0_13\n  | (CommonCredentialSupported &\n      (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc))\n\nexport type CredentialsSupportedLegacy = CommonCredentialSupported &\n  (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc)\n\nexport interface CommonCredentialOfferFormat {\n  format: OID4VCICredentialFormat | string\n}\n\nexport interface CredentialOfferFormatJwtVcJsonLdAndLdpVc extends CommonCredentialOfferFormat {\n  format: 'ldp_vc' | 'jwt_vc_json-ld'\n  // REQUIRED. JSON object containing (and isolating) the detailed description of the credential type. This object MUST be processed using full JSON-LD processing.\n  credential_definition: JsonLdIssuerCredentialDefinition\n}\n\nexport interface CredentialOfferFormatJwtVcJson extends CommonCredentialOfferFormat {\n  format: 'jwt_vc_json' | 'jwt_vc' // jwt_vc is added for backwards compat\n  types: string[] // REQUIRED. JSON array as defined in Appendix E.1.1.2. This claim contains the type values the Wallet shall request in the subsequent Credential Request.\n}\n\n// NOTE: the sd-jwt format is added to oid4vci in a later draft version than currently\n// supported, so there's no defined offer format. However, based on the request structure\n// we support sd-jwt for older drafts of oid4vci as well\nexport interface CredentialOfferFormatSdJwtVc extends CommonCredentialOfferFormat {\n  format: 'vc+sd-jwt'\n\n  vct: string\n  claims?: IssuerCredentialSubject\n}\n\n// NOTE: the sd-jwt format is added to oid4vci in a later draft version than currently\n// supported, so there's no defined offer format. However, based on the request structure\n// we support sd-jwt for older drafts of oid4vci as well\nexport interface CredentialOfferFormatMsoMdoc extends CommonCredentialOfferFormat {\n  format: 'mso_mdoc'\n\n  doctype: string\n  claims?: IssuerCredentialSubject\n}\n\nexport type CredentialOfferFormatV1_0_11 = CommonCredentialOfferFormat &\n  (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc | CredentialOfferFormatMsoMdoc)\n\n/**\n * Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on\n */\nexport type CredentialDataSupplierInput = any\n\nexport type CreateCredentialOfferURIResult = {\n  uri: string\n  correlationId: string\n  qrCodeDataUri?: string\n  session: CredentialOfferSession\n  userPin?: string\n  txCode?: TxCode\n}\n\nexport interface JsonLdIssuerCredentialDefinition {\n  '@context': ICredentialContextType[]\n  types: string[]\n  credentialSubject?: IssuerCredentialSubject\n}\n\nexport interface ErrorResponse {\n  error: string\n  error_description?: string\n  error_uri?: string\n  state?: string\n}\n\nexport type UniformCredentialRequest = CredentialRequestV1_0_11 | CredentialRequestV1_0_13\n\nexport interface CommonCredentialRequest extends ExperimentalSubjectIssuance {\n  format: OID4VCICredentialFormat /* | OID4VCICredentialFormat[];*/ // for now it seems only one is supported in the spec\n  proof?: ProofOfPossession\n}\n\nexport interface CredentialRequestJwtVcJson extends CommonCredentialRequest {\n  format: 'jwt_vc_json' | 'jwt_vc' // jwt_vc for backwards compat\n  types: string[]\n  credentialSubject?: IssuerCredentialSubject\n}\n\nexport interface CredentialRequestJwtVcJsonLdAndLdpVc extends CommonCredentialRequest {\n  format: 'ldp_vc' | 'jwt_vc_json-ld'\n  credential_definition: JsonLdIssuerCredentialDefinition\n}\n\nexport interface CredentialRequestSdJwtVc extends CommonCredentialRequest {\n  format: 'vc+sd-jwt'\n  vct: string\n  claims?: IssuerCredentialSubject\n}\n\nexport interface CredentialRequestMsoMdoc extends CommonCredentialRequest {\n  format: 'mso_mdoc'\n  doctype: string\n  claims?: IssuerCredentialSubject\n}\n\nexport interface CommonCredentialResponse extends ExperimentalSubjectIssuance {\n  // format: string;  TODO do we still need this for previous version support?\n  credential?: W3CVerifiableCredential\n  acceptance_token?: string\n  c_nonce?: string\n  c_nonce_expires_in?: string\n}\n\nexport interface CredentialResponseLdpVc extends CommonCredentialResponse {\n  //  format: 'ldp_vc';\n  credential: IVerifiableCredential\n}\n\nexport interface CredentialResponseJwtVc {\n  //  format: 'jwt_vc_json' | 'jwt_vc_json-ld';  TODO do we still need this for previous version support?\n  credential: string\n}\n\nexport interface CredentialResponseSdJwtVc {\n  //  format: 'vc+sd-jwt';   TODO do we still need this for previous version support?\n  credential: string\n}\n\n// export type CredentialSubjectDisplay = NameAndLocale[];\n\nexport type IssuerCredentialSubjectDisplay = CredentialSubjectDisplay & { [key: string]: CredentialSubjectDisplay }\n\nexport interface CredentialSubjectDisplay {\n  mandatory?: boolean // OPTIONAL. Boolean which when set to true indicates the claim MUST be present in the issued Credential. If the mandatory property is omitted its default should be assumed to be false.\n  value_type?: string // OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are string, number, and image media types such as image/jpeg as defined in IANA media type registry for images\n  display?: NameAndLocale[] // OPTIONAL. An array of objects, where each object contains display properties of a certain claim in the Credential for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included:\n}\n\nexport interface IssuerCredentialSubject {\n  [key: string]: IssuerCredentialSubjectDisplay\n}\n\nexport interface Grant {\n  authorization_code?: GrantAuthorizationCode\n  [PRE_AUTH_GRANT_LITERAL]?: GrantUrnIetf\n}\n\nexport interface GrantAuthorizationCode {\n  /**\n   * OPTIONAL. String value created by the Credential Issuer and opaque to the Wallet that is used to bind the subsequent\n   * Authorization Request with the Credential Issuer to a context set up during previous steps.\n   */\n  issuer_state?: string\n\n  // v12 feature\n  /**\n   * OPTIONAL string that the Wallet can use to identify the Authorization Server to use with this grant type when authorization_servers parameter in the Credential Issuer metadata has multiple entries. MUST NOT be used otherwise. The value of this parameter MUST match with one of the values in the authorization_servers array obtained from the Credential Issuer metadata\n   */\n  authorization_server?: string\n}\n\nexport interface TxCode {\n  /**\n   * OPTIONAL. String specifying the input character set. Possible values are numeric (only digits) and text (any characters). The default is numeric.\n   */\n  input_mode?: InputCharSet\n\n  /**\n   * OPTIONAL. Integer specifying the length of the Transaction Code. This helps the Wallet to render the input screen and improve the user experience.\n   */\n  length?: number\n\n  /**\n   * OPTIONAL. String containing guidance for the Holder of the Wallet on how to obtain the Transaction Code, e.g.,\n   * describing over which communication channel it is delivered. The Wallet is RECOMMENDED to display this description\n   * next to the Transaction Code input screen to improve the user experience. The length of the string MUST NOT exceed\n   * 300 characters. The description does not support internationalization, however the Issuer MAY detect the Holder's\n   * lan