UNPKG

@sphereon/oid4vci-common

Version:

OpenID 4 Verifiable Credential Issuance Common Types

1,261 lines (1,235 loc) • 63.2 kB

JavaScript

"use strict"; var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __name = (target, value) => __defProp(target, "name", { value, configurable: true }); var __esm = (fn, res) => function __init() { return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res; }; var __commonJS = (cb, mod) => function __require() { return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports; }; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( // If the importer is in node compatibility mode or this is not an ESM // file that has been converted to a CommonJS file using a Babel- // compatible transform (i.e. "__esModule" has not been set), then set // "default" to the CommonJS "module.exports" for node compatibility. isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod )); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // ../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.14.0_postcss@8.5.6_tsx@4.20.6_typescript@5.8.3_yaml@2.8.1/node_modules/tsup/assets/cjs_shims.js var init_cjs_shims = __esm({ "../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.14.0_postcss@8.5.6_tsx@4.20.6_typescript@5.8.3_yaml@2.8.1/node_modules/tsup/assets/cjs_shims.js"() { "use strict"; } }); // lib/functions/randomBytes.cjs var require_randomBytes = __commonJS({ "lib/functions/randomBytes.cjs"(exports, module2) { "use strict"; init_cjs_shims(); var MAX_BYTES = 65536; var MAX_UINT32 = 4294967295; var _global = typeof globalThis !== "undefined" ? globalThis : global; var crypto = _global.crypto || _global.msCrypto; if (!crypto) { try { crypto = require("crypto"); } catch (err) { throw Error("crypto module is not available"); } } function randomBytes2(size) { if (size > MAX_UINT32) throw new Error("requested too many random bytes"); const bytes = Buffer.allocUnsafe(size); if (size > 0) { if (size > MAX_BYTES) { for (let generated = 0; generated < size; generated += MAX_BYTES) { crypto.getRandomValues(bytes.slice(generated, generated + MAX_BYTES)); } } else { crypto.getRandomValues(bytes); } } return Uint8Array.from(bytes); } __name(randomBytes2, "randomBytes"); module2.exports = randomBytes2; } }); // lib/index.ts var index_exports = {}; __export(index_exports, { ACCESS_TOKEN_ISSUER_REQUIRED_ERROR: () => ACCESS_TOKEN_ISSUER_REQUIRED_ERROR, ALG_ERROR: () => ALG_ERROR, AUD_ERROR: () => AUD_ERROR, Alg: () => Alg, AuthorizationChallengeError: () => AuthorizationChallengeError, AuthzFlowType: () => AuthzFlowType, BAD_PARAMS: () => BAD_PARAMS, CODE_VERIFIER_DEFAULT_LENGTH: () => CODE_VERIFIER_DEFAULT_LENGTH, CREDENTIAL_MISSING_ERROR: () => CREDENTIAL_MISSING_ERROR, CodeChallengeMethod: () => CodeChallengeMethod, CreateRequestObjectMode: () => CreateRequestObjectMode, CredentialEventNames: () => CredentialEventNames, CredentialOfferEventNames: () => CredentialOfferEventNames, DID_NO_DIDDOC_ERROR: () => DID_NO_DIDDOC_ERROR, DefaultURISchemes: () => DefaultURISchemes, EVENTS: () => EVENTS, EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED: () => EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED, EXPIRED_PRE_AUTHORIZED_CODE: () => EXPIRED_PRE_AUTHORIZED_CODE, Encoding: () => Encoding, GRANTS_MUST_NOT_BE_UNDEFINED: () => GRANTS_MUST_NOT_BE_UNDEFINED, GrantTypes: () => GrantTypes, IAT_ERROR: () => IAT_ERROR, INVALID_PRE_AUTHORIZED_CODE: () => INVALID_PRE_AUTHORIZED_CODE, ISSUER_CONFIG_ERROR: () => ISSUER_CONFIG_ERROR, ISS_MUST_BE_CLIENT_ID: () => ISS_MUST_BE_CLIENT_ID, ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT: () => ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT, IssueStatus: () => IssueStatus, JWS_NOT_VALID: () => JWS_NOT_VALID, JWT_SIGNER_CALLBACK_REQUIRED_ERROR: () => JWT_SIGNER_CALLBACK_REQUIRED_ERROR, JWT_VERIFY_CONFIG_ERROR: () => JWT_VERIFY_CONFIG_ERROR, JsonURIMode: () => JsonURIMode, KID_DID_NO_DID_ERROR: () => KID_DID_NO_DID_ERROR, KID_JWK_X5C_ERROR: () => KID_JWK_X5C_ERROR, NONCE_ERROR: () => NONCE_ERROR, NONCE_LENGTH: () => NONCE_LENGTH, NONCE_STATE_MANAGER_REQUIRED_ERROR: () => NONCE_STATE_MANAGER_REQUIRED_ERROR, NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT: () => NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT, NO_JWT_PROVIDED: () => NO_JWT_PROVIDED, NotificationStatusEventNames: () => NotificationStatusEventNames, OpenId4VCIVersion: () => OpenId4VCIVersion, PARMode: () => PARMode, PIN_NOT_MATCH_ERROR: () => PIN_NOT_MATCH_ERROR, PIN_VALIDATION_ERROR: () => PIN_VALIDATION_ERROR, PRE_AUTHORIZED_CODE_REQUIRED_ERROR: () => PRE_AUTHORIZED_CODE_REQUIRED_ERROR, PRE_AUTH_CODE_LITERAL: () => PRE_AUTH_CODE_LITERAL, PRE_AUTH_GRANT_LITERAL: () => PRE_AUTH_GRANT_LITERAL, PROOF_CANT_BE_CONSTRUCTED: () => PROOF_CANT_BE_CONSTRUCTED, ResponseType: () => ResponseType, STATE_MANAGER_REQUIRED_ERROR: () => STATE_MANAGER_REQUIRED_ERROR, STATE_MISSING_ERROR: () => STATE_MISSING_ERROR, TYP_ERROR: () => TYP_ERROR, TokenError: () => TokenError, TokenErrorResponse: () => TokenErrorResponse, UNKNOWN_CLIENT_ERROR: () => UNKNOWN_CLIENT_ERROR, UNSUPPORTED_GRANT_TYPE_ERROR: () => UNSUPPORTED_GRANT_TYPE_ERROR, URL_NOT_VALID: () => URL_NOT_VALID, USER_PIN_NOT_REQUIRED_ERROR: () => USER_PIN_NOT_REQUIRED_ERROR, USER_PIN_REQUIRED_ERROR: () => USER_PIN_REQUIRED_ERROR, USER_PIN_TX_CODE_SPEC_ERROR: () => USER_PIN_TX_CODE_SPEC_ERROR, VCI_LOGGERS: () => VCI_LOGGERS, VCI_LOG_COMMON: () => VCI_LOG_COMMON, WRONG_METADATA_FORMAT: () => WRONG_METADATA_FORMAT, WellKnownEndpoints: () => WellKnownEndpoints, acquireDeferredCredential: () => acquireDeferredCredential, adjustUrl: () => adjustUrl, assertValidCodeVerifier: () => assertValidCodeVerifier, assertedUniformCredentialOffer: () => assertedUniformCredentialOffer, authorizationServerMetadataFieldNames: () => authorizationServerMetadataFieldNames, convertJsonToURI: () => convertJsonToURI, convertURIToJsonObject: () => convertURIToJsonObject, createCodeChallenge: () => createCodeChallenge, createProofOfPossession: () => createProofOfPossession, credentialIssuerMetadataFieldNamesV1_0_15: () => credentialIssuerMetadataFieldNamesV1_0_15, decodeJsonProperties: () => decodeJsonProperties, determineFlowType: () => determineFlowType, determineGrantTypes: () => determineGrantTypes, determineSpecVersionFromOffer: () => determineSpecVersionFromOffer, determineSpecVersionFromScheme: () => determineSpecVersionFromScheme, determineSpecVersionFromURI: () => determineSpecVersionFromURI, determineVersionsFromIssuerMetadata: () => determineVersionsFromIssuerMetadata, extractBearerToken: () => extractBearerToken, formPost: () => formPost, generateCodeVerifier: () => generateCodeVerifier, generateNonce: () => generateNonce, generateRandomString: () => generateRandomString, getClientIdFromCredentialOfferPayload: () => getClientIdFromCredentialOfferPayload, getCredentialConfigurationIdsFromOfferV1_0_15: () => getCredentialConfigurationIdsFromOfferV1_0_15, getCredentialOfferPayload: () => getCredentialOfferPayload, getFormatForVersion: () => getFormatForVersion, getIssuerDisplays: () => getIssuerDisplays, getIssuerFromCredentialOfferPayload: () => getIssuerFromCredentialOfferPayload, getIssuerName: () => getIssuerName, getJson: () => getJson, getNumberOrUndefined: () => getNumberOrUndefined, getScheme: () => getScheme, getStateFromCredentialOfferPayload: () => getStateFromCredentialOfferPayload, getSupportedCredential: () => getSupportedCredential, getSupportedCredentials: () => getSupportedCredentials, getTypesFromAuthorizationDetails: () => getTypesFromAuthorizationDetails, getTypesFromCredentialSupported: () => getTypesFromCredentialSupported, getTypesFromObject: () => getTypesFromObject, getURIComponentsAsArray: () => getURIComponentsAsArray, getUniformFormat: () => getUniformFormat, isCredentialOfferVersion: () => isCredentialOfferVersion, isDeferredCredentialIssuancePending: () => isDeferredCredentialIssuancePending, isDeferredCredentialResponse: () => isDeferredCredentialResponse, isFormat: () => isFormat, isJWS: () => isJWS, isNotFormat: () => isNotFormat, isPreAuthCode: () => isPreAuthCode, isValidURL: () => isValidURL, isW3cCredentialSupported: () => isW3cCredentialSupported, normalizeOfferInput: () => normalizeOfferInput, post: () => post, resolveCredentialOfferURI: () => resolveCredentialOfferURI, supportedOID4VCICredentialFormat: () => supportedOID4VCICredentialFormat, toAuthorizationResponsePayload: () => toAuthorizationResponsePayload, toUniformCredentialOfferPayload: () => toUniformCredentialOfferPayload, toUniformCredentialOfferRequest: () => toUniformCredentialOfferRequest, trimBoth: () => trimBoth, trimEnd: () => trimEnd, trimStart: () => trimStart, validateJWT: () => validateJWT }); module.exports = __toCommonJS(index_exports); init_cjs_shims(); var import_ssi_types5 = require("@sphereon/ssi-types"); // lib/functions/index.ts init_cjs_shims(); // lib/functions/CredentialRequestUtil.ts init_cjs_shims(); // lib/functions/CredentialResponseUtil.ts init_cjs_shims(); // lib/functions/HttpUtils.ts init_cjs_shims(); var import_ssi_types = require("@sphereon/ssi-types"); var import_cross_fetch = __toESM(require("cross-fetch"), 1); // lib/types/index.ts init_cjs_shims(); // lib/types/OpenIDClient.ts init_cjs_shims(); // lib/types/Authorization.types.ts init_cjs_shims(); // lib/types/Generic.types.ts init_cjs_shims(); var supportedOID4VCICredentialFormat = [ "jwt_vc_json", "jwt_vc_json-ld", "ldp_vc", "dc+sd-jwt", "jwt_vc", "mso_mdoc" ]; var PRE_AUTH_CODE_LITERAL = "pre-authorized_code"; var PRE_AUTH_GRANT_LITERAL = "urn:ietf:params:oauth:grant-type:pre-authorized_code"; // lib/types/Authorization.types.ts var AuthorizationChallengeError = /* @__PURE__ */ (function(AuthorizationChallengeError2) { AuthorizationChallengeError2["invalid_request"] = "invalid_request"; AuthorizationChallengeError2["invalid_client"] = "invalid_client"; AuthorizationChallengeError2["unauthorized_client"] = "unauthorized_client"; AuthorizationChallengeError2["invalid_session"] = "invalid_session"; AuthorizationChallengeError2["invalid_scope"] = "invalid_scope"; AuthorizationChallengeError2["insufficient_authorization"] = "insufficient_authorization"; AuthorizationChallengeError2["redirect_to_web"] = "redirect_to_web"; return AuthorizationChallengeError2; })({}); var GrantTypes = /* @__PURE__ */ (function(GrantTypes2) { GrantTypes2["AUTHORIZATION_CODE"] = "authorization_code"; GrantTypes2["PRE_AUTHORIZED_CODE"] = "urn:ietf:params:oauth:grant-type:pre-authorized_code"; GrantTypes2["PASSWORD"] = "password"; return GrantTypes2; })({}); var Encoding = /* @__PURE__ */ (function(Encoding2) { Encoding2["FORM_URL_ENCODED"] = "application/x-www-form-urlencoded"; Encoding2["UTF_8"] = "UTF-8"; return Encoding2; })({}); var ResponseType = /* @__PURE__ */ (function(ResponseType2) { ResponseType2["AUTH_CODE"] = "code"; return ResponseType2; })({}); var CodeChallengeMethod = /* @__PURE__ */ (function(CodeChallengeMethod2) { CodeChallengeMethod2["plain"] = "plain"; CodeChallengeMethod2["S256"] = "S256"; return CodeChallengeMethod2; })({}); var PARMode = /* @__PURE__ */ (function(PARMode2) { PARMode2[PARMode2["REQUIRE"] = 0] = "REQUIRE"; PARMode2[PARMode2["AUTO"] = 1] = "AUTO"; PARMode2[PARMode2["NEVER"] = 2] = "NEVER"; return PARMode2; })({}); var CreateRequestObjectMode = /* @__PURE__ */ (function(CreateRequestObjectMode2) { CreateRequestObjectMode2[CreateRequestObjectMode2["NONE"] = 0] = "NONE"; CreateRequestObjectMode2[CreateRequestObjectMode2["REQUEST_OBJECT"] = 1] = "REQUEST_OBJECT"; CreateRequestObjectMode2[CreateRequestObjectMode2["REQUEST_URI"] = 2] = "REQUEST_URI"; return CreateRequestObjectMode2; })({}); var AuthzFlowType = /* @__PURE__ */ (function(AuthzFlowType2) { AuthzFlowType2["AUTHORIZATION_CODE_FLOW"] = "Authorization Code Flow"; AuthzFlowType2["PRE_AUTHORIZED_CODE_FLOW"] = "Pre-Authorized Code Flow"; return AuthzFlowType2; })({}); (function(AuthzFlowType2) { function valueOf(request) { if (PRE_AUTH_CODE_LITERAL in request) { return "Pre-Authorized Code Flow"; } return "Authorization Code Flow"; } __name(valueOf, "valueOf"); AuthzFlowType2.valueOf = valueOf; })(AuthzFlowType || (AuthzFlowType = {})); // lib/types/CredentialIssuance.types.ts init_cjs_shims(); var JsonURIMode = /* @__PURE__ */ (function(JsonURIMode2) { JsonURIMode2[JsonURIMode2["JSON_STRINGIFY"] = 0] = "JSON_STRINGIFY"; JsonURIMode2[JsonURIMode2["X_FORM_WWW_URLENCODED"] = 1] = "X_FORM_WWW_URLENCODED"; return JsonURIMode2; })({}); var Alg = /* @__PURE__ */ (function(Alg2) { Alg2["EdDSA"] = "EdDSA"; Alg2["ES256"] = "ES256"; Alg2["ES256K"] = "ES256K"; Alg2["PS256"] = "PS256"; Alg2["PS384"] = "PS384"; Alg2["PS512"] = "PS512"; Alg2["RS256"] = "RS256"; Alg2["RS384"] = "RS384"; Alg2["RS512"] = "RS512"; return Alg2; })({}); // lib/types/v1_0_15.types.ts init_cjs_shims(); var credentialIssuerMetadataFieldNamesV1_0_15 = [ "credential_issuer", "credential_configurations_supported", "credential_endpoint", "nonce_endpoint", "deferred_credential_endpoint", "notification_endpoint", "credential_response_encryption", "batch_credential_issuance", "authorization_servers", "token_endpoint", "display", "credential_supplier_config", "credential_identifiers_supported", "signed_metadata", "authorization_challenge_endpoint" ]; // lib/types/ServerMetadata.ts init_cjs_shims(); var authorizationServerMetadataFieldNames = [ "issuer", "authorization_endpoint", "authorization_challenge_endpoint", "token_endpoint", "jwks_uri", "registration_endpoint", "scopes_supported", "response_types_supported", "response_modes_supported", "grant_types_supported", "token_endpoint_auth_methods_supported", "token_endpoint_auth_signing_alg_values_supported", "service_documentation", "ui_locales_supported", "op_policy_uri", "op_tos_uri", "revocation_endpoint", "revocation_endpoint_auth_methods_supported", "revocation_endpoint_auth_signing_alg_values_supported", "introspection_endpoint", "introspection_endpoint_auth_methods_supported", "introspection_endpoint_auth_signing_alg_values_supported", "code_challenge_methods_supported", "signed_metadata" ]; var WellKnownEndpoints = /* @__PURE__ */ (function(WellKnownEndpoints2) { WellKnownEndpoints2["OPENID_CONFIGURATION"] = "/.well-known/openid-configuration"; WellKnownEndpoints2["OAUTH_AS"] = "/.well-known/oauth-authorization-server"; WellKnownEndpoints2["OPENID4VCI_ISSUER"] = "/.well-known/openid-credential-issuer"; return WellKnownEndpoints2; })({}); // lib/types/OpenID4VCIErrors.ts init_cjs_shims(); var BAD_PARAMS = "Wrong parameters provided"; var URL_NOT_VALID = "Request url is not valid"; var JWS_NOT_VALID = "JWS is not valid"; var PROOF_CANT_BE_CONSTRUCTED = "Proof can't be constructed."; var NO_JWT_PROVIDED = "No JWT provided"; var TYP_ERROR = 'Typ must be "openid4vci-proof+jwt"'; var ALG_ERROR = `Algorithm is a required field, you are free to use the signing algorithm of your choice or one of the following: ${Object.keys(Alg).join(", ")}`; var KID_JWK_X5C_ERROR = "Only one must be present: x5c should not present when kid and/or jwk is already present"; var KID_DID_NO_DID_ERROR = "A DID value needs to be returned when kid is present"; var DID_NO_DIDDOC_ERROR = "A DID Document needs to be resolved when a DID is encountered"; var AUD_ERROR = "aud must be the URL of the credential issuer"; var IAT_ERROR = "iat must be the time at which the proof was issued"; var NONCE_ERROR = "nonce must be c_nonce provided by the credential issuer"; var JWT_VERIFY_CONFIG_ERROR = "JWT verify callback not configured correctly."; var ISSUER_CONFIG_ERROR = "Issuer not configured correctly."; var UNKNOWN_CLIENT_ERROR = "The client is not known by the issuer"; var NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT = "iss missing in authorization-code context"; var ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT = "iss should be omitted in pre-authorized-code context"; var ISS_MUST_BE_CLIENT_ID = "iss must be the client id"; var GRANTS_MUST_NOT_BE_UNDEFINED = "Grants must not be undefined"; var STATE_MISSING_ERROR = "issuer state or pre-authorized key not found"; var CREDENTIAL_MISSING_ERROR = "Credential must be present in response"; var UNSUPPORTED_GRANT_TYPE_ERROR = "unsupported grant_type"; var PRE_AUTHORIZED_CODE_REQUIRED_ERROR = "pre-authorized_code is required"; var USER_PIN_REQUIRED_ERROR = "User pin is required"; var USER_PIN_TX_CODE_SPEC_ERROR = "user_pin is mixed with tx_code, indicating a spec mismatch"; var USER_PIN_NOT_REQUIRED_ERROR = "User pin is not required"; var PIN_VALIDATION_ERROR = "PIN must consist the following amount of characters:"; var PIN_NOT_MATCH_ERROR = "PIN is invalid"; var INVALID_PRE_AUTHORIZED_CODE = "pre-authorized_code is invalid"; var EXPIRED_PRE_AUTHORIZED_CODE = "pre-authorized_code is expired"; var JWT_SIGNER_CALLBACK_REQUIRED_ERROR = "JWT signer callback function is required"; var STATE_MANAGER_REQUIRED_ERROR = "StateManager instance is required"; var NONCE_STATE_MANAGER_REQUIRED_ERROR = "NonceStateManager instance is required"; var ACCESS_TOKEN_ISSUER_REQUIRED_ERROR = "access token issuer is required"; var WRONG_METADATA_FORMAT = "Wrong metadata format"; // lib/types/OpenID4VCIVersions.types.ts init_cjs_shims(); var OpenId4VCIVersion = /* @__PURE__ */ (function(OpenId4VCIVersion2) { OpenId4VCIVersion2[OpenId4VCIVersion2["VER_1_0_15"] = 1015] = "VER_1_0_15"; OpenId4VCIVersion2[OpenId4VCIVersion2["VER_UNKNOWN"] = Number.MAX_VALUE] = "VER_UNKNOWN"; return OpenId4VCIVersion2; })({}); var DefaultURISchemes = /* @__PURE__ */ (function(DefaultURISchemes2) { DefaultURISchemes2["INITIATE_ISSUANCE"] = "openid-initiate-issuance"; DefaultURISchemes2["CREDENTIAL_OFFER"] = "openid-credential-offer"; return DefaultURISchemes2; })({}); // lib/types/StateManager.types.ts init_cjs_shims(); var IssueStatus = /* @__PURE__ */ (function(IssueStatus2) { IssueStatus2["OFFER_CREATED"] = "OFFER_CREATED"; IssueStatus2["ACCESS_TOKEN_REQUESTED"] = "ACCESS_TOKEN_REQUESTED"; IssueStatus2["ACCESS_TOKEN_CREATED"] = "ACCESS_TOKEN_CREATED"; IssueStatus2["CREDENTIAL_REQUEST_RECEIVED"] = "CREDENTIAL_REQUEST_RECEIVED"; IssueStatus2["CREDENTIAL_ISSUED"] = "CREDENTIAL_ISSUED"; IssueStatus2["NOTIFICATION_CREDENTIAL_ACCEPTED"] = "NOTIFICATION_CREDENTIAL_ACCEPTED"; IssueStatus2["NOTIFICATION_CREDENTIAL_DELETED"] = "NOTIFICATION_CREDENTIAL_DELETED"; IssueStatus2["NOTIFICATION_CREDENTIAL_FAILURE"] = "NOTIFICATION_CREDENTIAL_FAILURE"; IssueStatus2["ERROR"] = "ERROR"; return IssueStatus2; })({}); // lib/types/Token.types.ts init_cjs_shims(); var TokenErrorResponse = /* @__PURE__ */ (function(TokenErrorResponse2) { TokenErrorResponse2["invalid_request"] = "invalid_request"; TokenErrorResponse2["invalid_grant"] = "invalid_grant"; TokenErrorResponse2["invalid_client"] = "invalid_client"; TokenErrorResponse2["invalid_scope"] = "invalid_scope"; TokenErrorResponse2["invalid_dpop_proof"] = "invalid_dpop_proof"; return TokenErrorResponse2; })({}); var TokenError = class _TokenError extends Error { static { __name(this, "TokenError"); } _statusCode; _responseError; constructor(statusCode, responseError, message) { super(message); this._statusCode = statusCode; this._responseError = responseError; Object.setPrototypeOf(this, _TokenError.prototype); } get statusCode() { return this._statusCode; } get responseError() { return this._responseError; } getDescription() { return this.message; } }; // lib/types/QRCode.types.ts init_cjs_shims(); // lib/functions/HttpUtils.ts var logger = import_ssi_types.Loggers.DEFAULT.get("sphereon:openid4vci:http"); var getJson = /* @__PURE__ */ __name(async (URL1, opts) => { return await openIdFetch(URL1, void 0, { method: "GET", ...opts }); }, "getJson"); var formPost = /* @__PURE__ */ __name(async (url, body, opts) => { return await post(url, body, opts?.contentType ? { ...opts } : { contentType: Encoding.FORM_URL_ENCODED, ...opts }); }, "formPost"); var post = /* @__PURE__ */ __name(async (url, body, opts) => { return await openIdFetch(url, body, { method: "POST", ...opts }); }, "post"); var openIdFetch = /* @__PURE__ */ __name(async (url, body, opts) => { const headers = opts?.customHeaders ?? {}; if (opts?.bearerToken) { headers["Authorization"] = `${headers.dpop ? "DPoP" : "Bearer"} ${typeof opts.bearerToken === "function" ? await opts.bearerToken() : opts.bearerToken}`; } const method = opts?.method ? opts.method : body ? "POST" : "GET"; const accept = opts?.accept ? opts.accept : "application/json"; headers["Accept"] = accept; if (headers["Content-Type"]) { if (opts?.contentType && opts.contentType !== headers["Content-Type"]) { throw Error(`Mismatch in content-types from custom headers (${headers["Content-Type"]}) and supplied content type option (${opts.contentType})`); } } else { if (opts?.contentType) { headers["Content-Type"] = opts.contentType; } else if (method !== "GET") { headers["Content-Type"] = "application/json"; } } const payload = { method, headers, body }; logger.debug(`START fetching url: ${url}`); if (body) { logger.debug(`Body:\r ${typeof body == "string" ? body : JSON.stringify(body)}`); } logger.debug(`Headers:\r ${JSON.stringify(payload.headers)}`); const origResponse = await (0, import_cross_fetch.default)(url, payload); const isJSONResponse = accept === "application/json" || origResponse.headers.get("Content-Type") === "application/json"; const success = origResponse && origResponse.status >= 200 && origResponse.status < 400; const responseText = await origResponse.text(); const responseBody = isJSONResponse && responseText.includes("{") ? JSON.parse(responseText) : responseText; logger.debug(`${success ? "success" : "error"} status: ${origResponse.status}, body:\r ${JSON.stringify(responseBody)}`); if (!success && opts?.exceptionOnHttpErrorStatus) { const error = JSON.stringify(responseBody); throw new Error(error === "{}" ? '{"error": "not found"}' : error); } logger.debug(`END fetching url: ${url}`); return { origResponse, successBody: success ? responseBody : void 0, errorBody: !success ? responseBody : void 0 }; }, "openIdFetch"); var isValidURL = /* @__PURE__ */ __name((url) => { const urlPattern = new RegExp("^(https?:\\/\\/)((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|((localhost))|((\\d{1,3}\\.){3}\\d{1,3}))(\\:\\d+)?(\\/[-a-z\\d%_.~+:]*)*(\\?[;&a-z\\d%_.~+=-]*)?(\\#[-a-z\\d_]*)?$", "i"); return urlPattern.test(url); }, "isValidURL"); var trimBoth = /* @__PURE__ */ __name((value, trim) => { return trimEnd(trimStart(value, trim), trim); }, "trimBoth"); var trimEnd = /* @__PURE__ */ __name((value, trim) => { return value.endsWith(trim) ? value.substring(0, value.length - trim.length) : value; }, "trimEnd"); var trimStart = /* @__PURE__ */ __name((value, trim) => { return value.startsWith(trim) ? value.substring(trim.length) : value; }, "trimStart"); var adjustUrl = /* @__PURE__ */ __name((urlOrPath, opts) => { let url = typeof urlOrPath === "object" ? urlOrPath.toString() : urlOrPath; if (opts?.append) { url = trimEnd(url, "/") + "/" + trimStart(opts.append, "/"); } if (opts?.prepend) { if (opts.prepend.includes("://")) { if (!url.startsWith(opts.prepend)) { url = trimEnd(opts.prepend, "/") + "/" + trimStart(url, "/"); } } else { let host = ""; let path = url; if (url.includes("://")) { host = new URL(url).host; path = new URL(url).pathname; } if (!path.startsWith(opts.prepend)) { if (host && host !== "") { url = trimEnd(host, "/"); } url += trimEnd(url, "/") + "/" + trimBoth(opts.prepend, "/") + "/" + trimStart(path, "/"); } } } if (opts?.stripSlashStart) { url = trimStart(url, "/"); } if (opts?.stripSlashEnd) { url = trimEnd(url, "/"); } if (typeof urlOrPath === "string") { return url; } return new URL(url); }, "adjustUrl"); // lib/functions/CredentialResponseUtil.ts function isDeferredCredentialResponse(credentialResponse) { const orig = credentialResponse.successBody; return credentialResponse.origResponse.status % 200 <= 2 && !!orig && !orig.credentials && (!!orig.acceptance_token || !!orig.transaction_id); } __name(isDeferredCredentialResponse, "isDeferredCredentialResponse"); function assertNonFatalError(credentialResponse) { if (credentialResponse.origResponse.status === 400 && credentialResponse.errorBody?.error) { if (credentialResponse.errorBody.error === "invalid_transaction_id" || credentialResponse.errorBody.error.includes("acceptance_token")) { throw Error("Invalid transaction id. Probably the deferred credential request expired"); } } } __name(assertNonFatalError, "assertNonFatalError"); function isDeferredCredentialIssuancePending(credentialResponse) { if (isDeferredCredentialResponse(credentialResponse)) { return credentialResponse?.successBody?.transaction_id ?? !!credentialResponse?.successBody?.acceptance_token; } if (credentialResponse.origResponse.status === 400 && credentialResponse.errorBody?.error) { if (credentialResponse.errorBody.error === "issuance_pending") { return true; } else if (credentialResponse.errorBody.error_description?.toLowerCase().includes("not available yet")) { return true; } } return false; } __name(isDeferredCredentialIssuancePending, "isDeferredCredentialIssuancePending"); function sleep(ms) { return new Promise((resolve) => { setTimeout(resolve, ms); }); } __name(sleep, "sleep"); async function acquireDeferredCredential({ bearerToken, transactionId, deferredCredentialEndpoint, deferredCredentialIntervalInMS, deferredCredentialAwait }) { let credentialResponse = await acquireDeferredCredentialImpl({ bearerToken, transactionId, deferredCredentialEndpoint }); const DEFAULT_SLEEP_IN_MS = 5e3; while (!credentialResponse.successBody?.credentials && deferredCredentialAwait) { assertNonFatalError(credentialResponse); const pending = isDeferredCredentialIssuancePending(credentialResponse); console.log(`Issuance still pending?: ${pending}`); if (!pending) { return Promise.reject(Error(`Issuance isn't pending anymore: ${credentialResponse}`)); } await sleep(deferredCredentialIntervalInMS ?? DEFAULT_SLEEP_IN_MS); credentialResponse = await acquireDeferredCredentialImpl({ bearerToken, transactionId, deferredCredentialEndpoint }); } return credentialResponse; } __name(acquireDeferredCredential, "acquireDeferredCredential"); async function acquireDeferredCredentialImpl({ bearerToken, transactionId, deferredCredentialEndpoint }) { const response = await post(deferredCredentialEndpoint, JSON.stringify(transactionId ? { transaction_id: transactionId } : ""), { bearerToken }); console.log(JSON.stringify(response, null, 2)); assertNonFatalError(response); return { ...response, access_token: bearerToken }; } __name(acquireDeferredCredentialImpl, "acquireDeferredCredentialImpl"); // lib/functions/CredentialOfferUtil.ts init_cjs_shims(); var import_ssi_types2 = require("@sphereon/ssi-types"); var import_jwt_decode = require("jwt-decode"); var import_oid4vc_common = require("@sphereon/oid4vc-common"); var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:offer"); function determineSpecVersionFromURI(uri) { let version = determineSpecVersionFromScheme(uri, OpenId4VCIVersion.VER_UNKNOWN) ?? OpenId4VCIVersion.VER_UNKNOWN; if (version === OpenId4VCIVersion.VER_UNKNOWN) { version = OpenId4VCIVersion.VER_1_0_15; } return version; } __name(determineSpecVersionFromURI, "determineSpecVersionFromURI"); function determineSpecVersionFromScheme(credentialOfferURI, openId4VCIVersion) { const scheme = getScheme(credentialOfferURI); const url = toUrlWithDummyBase(credentialOfferURI); const qp = url.searchParams; if (scheme === DefaultURISchemes.INITIATE_ISSUANCE) { if (qp.has("credential_offer") || qp.has("credential_offer_uri")) { return recordVersion(openId4VCIVersion, [ OpenId4VCIVersion.VER_1_0_15 ], scheme); } return recordVersion(openId4VCIVersion, [ OpenId4VCIVersion.VER_UNKNOWN ], scheme); } if (scheme === DefaultURISchemes.CREDENTIAL_OFFER) { if (qp.has("credential_offer_uri")) { return recordVersion(openId4VCIVersion, [ OpenId4VCIVersion.VER_1_0_15 ], scheme); } const rawParam = getParamValueLoose(qp, "credential_offer"); if (rawParam) { const decoded = tryDecodeOffer(rawParam); const version = sniffOfferVersion(decoded); if (version !== OpenId4VCIVersion.VER_UNKNOWN) { return recordVersion(openId4VCIVersion, [ version ], scheme); } } return recordVersion(openId4VCIVersion, [ OpenId4VCIVersion.VER_UNKNOWN ], scheme); } return recordVersion(openId4VCIVersion, [ OpenId4VCIVersion.VER_UNKNOWN ], scheme); } __name(determineSpecVersionFromScheme, "determineSpecVersionFromScheme"); function toUrlWithDummyBase(uri) { const normalized = uri.replace(/^openid-[^?]+:\/\//, "https://dummy/?"); return new URL(normalized); } __name(toUrlWithDummyBase, "toUrlWithDummyBase"); function getParamValueLoose(qp, key) { if (qp.has(key)) return qp.get(key); if (qp.has(`?${key}`)) return qp.get(`?${key}`); return null; } __name(getParamValueLoose, "getParamValueLoose"); function tryDecodeOffer(input) { let candidate = input; try { candidate = decodeURIComponent(candidate); } catch { } if (!/[{}]/.test(candidate) && /^[A-Za-z0-9\-_]+$/.test(candidate)) { try { const b64 = candidate.replace(/-/g, "+").replace(/_/g, "/").padEnd(Math.ceil(candidate.length / 4) * 4, "="); candidate = atob(b64); } catch { } } return candidate; } __name(tryDecodeOffer, "tryDecodeOffer"); function sniffOfferVersion(jsonLike) { if (!jsonLike) return OpenId4VCIVersion.VER_UNKNOWN; return OpenId4VCIVersion.VER_UNKNOWN; } __name(sniffOfferVersion, "sniffOfferVersion"); function getScheme(credentialOfferURI) { if (!credentialOfferURI || !credentialOfferURI.includes("://")) { throw Error("Invalid credential offer URI"); } return credentialOfferURI.split("://")[0]; } __name(getScheme, "getScheme"); function getIssuerFromCredentialOfferPayload(request) { if (!request || !("issuer" in request) && !("credential_issuer" in request)) { return void 0; } return "issuer" in request ? request.issuer : request["credential_issuer"]; } __name(getIssuerFromCredentialOfferPayload, "getIssuerFromCredentialOfferPayload"); var getClientIdFromCredentialOfferPayload = /* @__PURE__ */ __name((credentialOffer) => { if (!credentialOffer) { return; } if ("client_id" in credentialOffer) { return credentialOffer.client_id; } const state = getStateFromCredentialOfferPayload(credentialOffer); if (state && isJWT(state)) { const decoded = (0, import_jwt_decode.jwtDecode)(state, { header: false }); if ("client_id" in decoded && typeof decoded.client_id === "string") { return decoded.client_id; } } return; }, "getClientIdFromCredentialOfferPayload"); var isJWT = /* @__PURE__ */ __name((input) => { if (!input) { return false; } const noParts = input?.split(".").length; return input?.startsWith("ey") && noParts === 3; }, "isJWT"); var getStateFromCredentialOfferPayload = /* @__PURE__ */ __name((credentialOffer) => { if ("grants" in credentialOffer) { if (credentialOffer.grants?.authorization_code) { return credentialOffer.grants.authorization_code.issuer_state; } else if (credentialOffer.grants?.[PRE_AUTH_GRANT_LITERAL]) { return credentialOffer.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL]; } } if ("op_state" in credentialOffer) { return credentialOffer.op_state; } else if (PRE_AUTH_CODE_LITERAL in credentialOffer) { return credentialOffer[PRE_AUTH_CODE_LITERAL]; } return; }, "getStateFromCredentialOfferPayload"); function determineSpecVersionFromOffer(offer) { if (isCredentialOfferV1_0_15(offer)) { return OpenId4VCIVersion.VER_1_0_15; } return OpenId4VCIVersion.VER_UNKNOWN; } __name(determineSpecVersionFromOffer, "determineSpecVersionFromOffer"); function isCredentialOfferVersion(offer, min, max) { if (max && max.valueOf() < min.valueOf()) { throw Error(`Cannot have a max ${max.valueOf()} version smaller than the min version ${min.valueOf()}`); } const version = determineSpecVersionFromOffer(offer); if (version.valueOf() < min.valueOf()) { logger2.debug(`Credential offer version (${version.valueOf()}) is lower than minimum required version (${min.valueOf()})`); return false; } else if (max && version.valueOf() > max.valueOf()) { logger2.debug(`Credential offer version (${version.valueOf()}) is higher than maximum required version (${max.valueOf()})`); return false; } return true; } __name(isCredentialOfferVersion, "isCredentialOfferVersion"); function isCredentialOfferV1_0_15(offer) { if (!offer) { return false; } offer = normalizeOfferInput(offer); if ("credential_issuer" in offer && "credential_configuration_ids" in offer) { return Array.isArray(offer.credential_configuration_ids); } if ("credential_offer" in offer && offer["credential_offer"]) { return isCredentialOfferV1_0_15(offer["credential_offer"]); } return "credential_offer_uri" in offer; } __name(isCredentialOfferV1_0_15, "isCredentialOfferV1_0_15"); async function toUniformCredentialOfferRequest(offer, opts) { let version = opts?.version ?? determineSpecVersionFromOffer(offer); let originalCredentialOffer = offer.credential_offer; let credentialOfferURI; if ("credential_offer_uri" in offer && offer?.credential_offer_uri !== void 0) { credentialOfferURI = offer.credential_offer_uri; if (opts?.resolve || opts?.resolve === void 0) { VCI_LOG_COMMON.log(`Credential offer contained a URI. Will use that to get the credential offer payload: ${credentialOfferURI}`); originalCredentialOffer = await resolveCredentialOfferURI(credentialOfferURI); } else if (!originalCredentialOffer) { throw Error(`Credential offer uri (${credentialOfferURI}) found, but resolution was explicitly disabled and credential_offer was supplied`); } version = determineSpecVersionFromOffer(originalCredentialOffer); VCI_LOG_COMMON.log(`Offer URI payload determined to be of version ${version}`); } if (!originalCredentialOffer) { throw Error("No credential offer available"); } const payload = toUniformCredentialOfferPayload(originalCredentialOffer, { ...opts, version }); const supportedFlows = determineFlowType(payload, version); return { credential_offer: payload, original_credential_offer: originalCredentialOffer, ...credentialOfferURI && { credential_offer_uri: credentialOfferURI }, supportedFlows, version }; } __name(toUniformCredentialOfferRequest, "toUniformCredentialOfferRequest"); function isPreAuthCode(request) { request = normalizeOfferInput(request); const payload = "credential_offer" in request ? request.credential_offer : request; return payload?.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL] !== void 0; } __name(isPreAuthCode, "isPreAuthCode"); async function assertedUniformCredentialOffer(origCredentialOffer, opts) { const credentialOffer = JSON.parse(JSON.stringify(origCredentialOffer)); if (credentialOffer.credential_offer_uri && !credentialOffer.credential_offer) { if (opts?.resolve === void 0 || opts.resolve) { credentialOffer.credential_offer = await resolveCredentialOfferURI(credentialOffer.credential_offer_uri); } else { throw Error(`No credential_offer present, but we did get a URI, but resolution was explicitly disabled`); } } if (!credentialOffer.credential_offer) { throw Error(`No credential_offer present`); } credentialOffer.credential_offer = await toUniformCredentialOfferPayload(credentialOffer.credential_offer, { version: credentialOffer.version }); return credentialOffer; } __name(assertedUniformCredentialOffer, "assertedUniformCredentialOffer"); async function resolveCredentialOfferURI(uri) { if (!uri) { return void 0; } const response = await getJson(uri); if (!response || !response.successBody) { throw Error(`Could not get credential offer from uri: ${uri}: ${JSON.stringify(response?.errorBody)}`); } return response.successBody; } __name(resolveCredentialOfferURI, "resolveCredentialOfferURI"); function toUniformCredentialOfferPayload(rawOffer, opts) { const offer = normalizeOfferInput(rawOffer); const version = opts?.version ?? determineSpecVersionFromOffer(offer); if (version >= OpenId4VCIVersion.VER_1_0_15) { const orig = offer; return { ...orig }; } throw Error(`Could not create uniform payload for version ${version}`); } __name(toUniformCredentialOfferPayload, "toUniformCredentialOfferPayload"); function determineFlowType(suppliedOffer, version) { const payload = getCredentialOfferPayload(suppliedOffer); const supportedFlows = []; if (payload.grants?.authorization_code) { supportedFlows.push(AuthzFlowType.AUTHORIZATION_CODE_FLOW); } if (payload.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL]) { supportedFlows.push(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW); } return supportedFlows; } __name(determineFlowType, "determineFlowType"); function getCredentialOfferPayload(offer) { offer = normalizeOfferInput(offer); let payload; if ("credential_offer" in offer && offer["credential_offer"]) { payload = offer.credential_offer; } else { payload = offer; } return payload; } __name(getCredentialOfferPayload, "getCredentialOfferPayload"); function determineGrantTypes(offer) { offer = normalizeOfferInput(offer); let grants; if ("grants" in offer && offer.grants) { grants = offer.grants; } else { grants = getCredentialOfferPayload(offer).grants; } const types = []; if (grants) { if ("authorization_code" in grants) { types.push(GrantTypes.AUTHORIZATION_CODE); } if (PRE_AUTH_GRANT_LITERAL in grants) { types.push(GrantTypes.PRE_AUTHORIZED_CODE); } } return types; } __name(determineGrantTypes, "determineGrantTypes"); function recordVersion(currentVersion, matchingVersion, key, allowUpgrade = true) { matchingVersion = matchingVersion.sort().reverse(); if (currentVersion === OpenId4VCIVersion.VER_UNKNOWN) { return matchingVersion[0]; } else if (matchingVersion.includes(currentVersion)) { if (!allowUpgrade) { return currentVersion; } return matchingVersion[0]; } throw new Error(`Invalid param. Some keys have been used from version: ${currentVersion} version while '${key}' is used from version: ${JSON.stringify(matchingVersion)}`); } __name(recordVersion, "recordVersion"); function getCredentialConfigurationIdsFromOfferV1_0_15(offer) { return offer.credential_configuration_ids ?? []; } __name(getCredentialConfigurationIdsFromOfferV1_0_15, "getCredentialConfigurationIdsFromOfferV1_0_15"); function normalizeOfferInput(input) { if (typeof input !== "string") { return input; } if (import_ssi_types2.ObjectUtils.isString(input) && input.startsWith("ey")) { const payload = (0, import_oid4vc_common.base64urlToString)(input); return JSON.parse(payload); } try { return JSON.parse(input); } catch { } return input; } __name(normalizeOfferInput, "normalizeOfferInput"); // lib/functions/Encoding.ts init_cjs_shims(); function convertJsonToURI(json, opts) { if (typeof json === "string") { return convertJsonToURI(JSON.parse(json), opts); } const results = []; function encodeAndStripWhitespace(key) { return encodeURIComponent(key.replace(" ", "")); } __name(encodeAndStripWhitespace, "encodeAndStripWhitespace"); let components; if (opts?.mode === JsonURIMode.JSON_STRINGIFY) { components = encodeAndStripWhitespace(JSON.stringify(json)); } else { for (const [key, value] of Object.entries(json)) { if (!value) { continue; } if (!opts?.uriTypeProperties?.includes(key)) { results.push(`${key}=${value}`); continue; } if (opts?.arrayTypeProperties?.includes(key) && Array.isArray(value)) { results.push(value.map((v) => `${encodeAndStripWhitespace(key)}=${customEncodeURIComponent(v, /\./g)}`).join("&")); continue; } const isBool = typeof value == "boolean"; const isNumber = typeof value == "number"; const isString = typeof value == "string"; let encoded; if (isBool || isNumber) { encoded = `${encodeAndStripWhitespace(key)}=${value}`; } else if (isString) { encoded = `${encodeAndStripWhitespace(key)}=${customEncodeURIComponent(value, /\./g)}`; } else { encoded = `${encodeAndStripWhitespace(key)}=${customEncodeURIComponent(JSON.stringify(value), /\./g)}`; } results.push(encoded); } components = results.join("&"); } if (opts?.baseUrl) { if (opts.baseUrl.endsWith("=")) { if (opts.param) { throw Error("Cannot combine param with an url ending in ="); } return `${opts.baseUrl}${components}`; } else if (!opts.baseUrl.includes("?")) { return `${opts.baseUrl}?${opts.param ? opts.param + "=" : ""}${components}`; } else if (opts.baseUrl.endsWith("?")) { return `${opts.baseUrl}${opts.param ? opts.param + "=" : ""}${components}`; } else { return `${opts.baseUrl}${opts.param ? "&" + opts.param : ""}=${components}`; } } return components; } __name(convertJsonToURI, "convertJsonToURI"); function convertURIToJsonObject(uri, opts) { if (!uri || opts?.requiredProperties && !opts.requiredProperties?.every((p) => uri.includes(p))) { throw new Error(BAD_PARAMS); } const uriComponents = getURIComponentsAsArray(uri, opts?.arrayTypeProperties); return decodeJsonProperties(uriComponents); } __name(convertURIToJsonObject, "convertURIToJsonObject"); function decodeJsonProperties(parts) { const result = {}; for (const key in parts) { const value = parts[key]; if (!value) { continue; } if (Array.isArray(value)) { result[decodeURIComponent(key)] = value.map((v) => decodeURIComponent(v)); continue; } const isBool = typeof value == "boolean"; const isNumber = typeof value == "number"; const isString = typeof value == "string"; const isObject = typeof value == "object"; if (isBool || isNumber) { result[decodeURIComponent(key)] = value; } else if (isString) { const decoded = decodeURIComponent(value); if (decoded.startsWith("{") && decoded.endsWith("}")) { result[decodeURIComponent(key)] = JSON.parse(decoded); } else { result[decodeURIComponent(key)] = decoded; } } else if (isObject) { result[decodeURIComponent(key)] = decodeJsonProperties(value); } } return result; } __name(decodeJsonProperties, "decodeJsonProperties"); function getURIComponentsAsArray(uri, arrayTypes) { const parts = uri.includes("?") ? uri.split("?")[1] : uri.includes("://") ? uri.split("://")[1] : uri; const json = []; const dict = parts.split("&"); for (const entry of dict) { const pair = entry.split("="); const p0 = pair[0]; const p1 = pair[1]; if (arrayTypes?.includes(p0)) { const key = json[p0]; if (Array.isArray(key)) { key.push(p1); } else { json[p0] = [ p1 ]; } continue; } json[p0] = p1; } return json; } __name(getURIComponentsAsArray, "getURIComponentsAsArray"); function customEncodeURIComponent(uriComponent, searchValue) { return encodeURIComponent(uriComponent).replace(searchValue, (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`); } __name(customEncodeURIComponent, "customEncodeURIComponent"); // lib/functions/TypeConversionUtils.ts init_cjs_shims(); function isW3cCredentialSupported(supported) { return [ "jwt_vc_json", "jwt_vc_json-ld", "ldp_vc", "jwt_vc" ].includes(supported.format); } __name(isW3cCredentialSupported, "isW3cCredentialSupported"); var getNumberOrUndefined = /* @__PURE__ */ __name((input) => { return input && !isNaN(+input) ? +input : void 0; }, "getNumberOrUndefined"); function getTypesFromObject(subject) { if (subject === void 0) { return void 0; } else if (typeof subject === "string") { return [ subject ]; } else if ("credential_definition" in subject) { return getTypesFromObject(subject.credential_definition); } else if ("types" in subject && subject.types) { return Array.isArray(subject.types) ? subject.types : [ subject.types ]; } else if ("type" in subject && subject.type) { return Array.isArray(subject.type) ? subject.type : [ subject.type ]; } else if ("vct" in subject && subject.vct) { return [ subject.vct ]; } else if ("doctype" in subject && subject.doctype) { return [ subject.doctype ]; } VCI_LOG_COMMON.warning("Could not deduce credential types. Probably a failure down the line will happen!"); return void 0; } __name(getTypesFromObject, "getTypesFromObject"); function getTypesFromAuthorizationDetails(authDetails, opts) { const { configIdAsType = false } = { ...opts }; if (typeof authDetails === "string") { return [ authDetails ]; } else if ("types" in authDetails && Array.isArray(authDetails.types)) { return authDetails.types; } else if (configIdAsType && authDetails.credential_configuration_id) { return [ authDetails.credential_configuration_id ]; } return void 0; } __name(getTypesFromAuthorizationDetails, "getTypesFromAuthorizationDetails"); function getTypesFromCredentialSupported(credentialSupported, opts) { let types = []; if (credentialSupported.format === "jwt_vc_json" || credentialSupported.format === "jwt_vc" || credentialSupported.format === "jwt_vc_json-ld" || credentialSupported.format === "ldp_vc") { types = getTypesFromObject(credentialSupported) ?? []; } else if (credentialSupported.format === "dc+sd-jwt" || credentialSupported.format === "vc+sd-jwt") { types = [ credentialSupported.vct ]; } else if (credentialSupported.format === "mso_mdoc") { types = [ credentialSupported.doctype ]; } if (!types || types.length === 0) { throw Error("Could not deduce types from credential supported"); } if (opts?.filterVerifiableCredential) { return types.filter((type) => type !== "VerifiableCredential"); } return types; } __name(getTypesFromCredentialSupported, "getTypesFromCredentialSupported"); // lib/functions/IssuerMetadataUtils.ts init_cjs_shims(); function getSupportedCredentials(opts) { const { version = OpenId4VCIVersion.VER_1_0_15, types } = opts ?? {}; if (types && Array.isArray(types)) { return types.map((typeSet) => { return getSupportedCredential({ ...opts, version, types: typeSet }); }).reduce((acc, result) => { Object.assign(acc, result); return acc; }, {}); } return getSupportedCredential(opts ? { ...opts, types: void 0 } : void 0); } __name(getSupportedCredentials, "getSupportedCredentials"); function determineVersionsFromIssuerMetadata(issuerMetadata) { const versions = /* @__PURE__ */ new Set(); if ("credential_configurations_supported" in issuerMetadata) { versions.add(OpenId4VCIVersion.VER_1_0_15); } if (versions.size === 0) { versions.add(OpenId4VCIVersion.VER_UNKNOWN); } return Array.from(versions).sort().reverse(); } __name(determineVersionsFromIssuerMetadata, "determineVersionsFromIssuerMetadata"); function getSupportedCredential(opts) { const { issuerMetadata, types, format, version = OpenId4VCIVersion.VER_1_0_15 } = opts ?? {}; let credentialConfigurationsV15 = void 0; if (issuerMetadata?.credential_configurations_supported && version >= OpenId4VCIVersion.VER_1_0_15) { credentialConfigurationsV15 = issuerMetadata.credential_configurations_supported; } if (!issuerMetadata || !issuerMetadata.credential_configurations_supported && !issuerMetadata.credentials_supported) { VCI_LOG_COMMON.warning(`No credential issuer metadata or supported credential