@sphereon/oid4vci-issuer-server/dist/index.d.ts

OpenID 4 Verifiable Credential Issuance Server

import { CreateCredentialOfferURIResult, QRCodeOpts, CredentialOfferMode, ClientMetadata, AuthorizationRequest } from '@sphereon/oid4vci-common';
export { ClientAuthMethod, ClientMetadata, ClientResponseType } from '@sphereon/oid4vci-common';
import { ITokenEndpointOpts, VcIssuer } from '@sphereon/oid4vci-issuer';
import { ISingleEndpointOpts, HasEndpointOpts, ExpressSupport } from '@sphereon/ssi-express-support';
import express, { Express, Router, Request } from 'express';

type ICreateCredentialOfferURIResponse = Omit<CreateCredentialOfferURIResult, 'session'>;
interface IGetCredentialOfferEndpointOpts extends ISingleEndpointOpts {
    baseUrl: string;
}
interface IDeleteCredentialOfferEndpointOpts extends ISingleEndpointOpts {
    baseUrl: string;
}
interface ICreateCredentialOfferEndpointOpts extends ISingleEndpointOpts {
    getOfferPath?: string;
    qrCodeOpts?: QRCodeOpts;
    baseUrl?: string;
    credentialOfferReferenceBasePath?: string;
    defaultCredentialOfferMode?: CredentialOfferMode;
}
interface IGetIssueStatusEndpointOpts extends ISingleEndpointOpts {
    baseUrl: string | URL;
}
interface IGetIssuePayloadEndpointOpts extends ISingleEndpointOpts {
    baseUrl: string | URL;
}
interface IAuthorizationChallengeEndpointOpts extends ISingleEndpointOpts {
    createAuthRequestUriEndpointPath?: string;
    verifyAuthResponseEndpointPath?: string;
    /**
     * Callback used for creating the authorization request uri used for the RP.
     * Added an optional state parameter so that when direct calls are used,
     * one could set the state value of the RP session to match the state value of the VCI session.
     */
    createAuthRequestUriCallback: (state?: string) => Promise<string>;
    /**
     * Callback used for verifying the status of the authorization response.
     * This is checked by the issuer before issuing an authorization code.
     */
    verifyAuthResponseCallback: (correlationId: string) => Promise<boolean>;
}
interface IOID4VCIEndpointOpts {
    trustProxy?: boolean | Array<string>;
    tokenEndpointOpts?: ITokenEndpointOpts;
    notificationOpts?: ISingleEndpointOpts;
    createCredentialOfferOpts?: ICreateCredentialOfferEndpointOpts;
    deleteCredentialOfferOpts?: IDeleteCredentialOfferEndpointOpts;
    getCredentialOfferOpts?: IGetCredentialOfferEndpointOpts;
    getStatusOpts?: IGetIssueStatusEndpointOpts;
    getIssuePayloadOpts?: IGetIssuePayloadEndpointOpts;
    parOpts?: ISingleEndpointOpts;
    authorizationChallengeOpts?: IAuthorizationChallengeEndpointOpts;
    nonceOpts?: INonceEndpointOpts;
}
interface INonceEndpointOpts extends ISingleEndpointOpts {
    baseUrl: string | URL;
}
declare enum WellKnownHostLocation {
    AT_CONTEXT_PATH = "AT_CONTEXT_PATH",
    AT_ROOT_PATH = "AT_ROOT_PATH",
    AT_BOTH = "AT_BOTH"
}
interface IOID4VCIServerOpts extends HasEndpointOpts {
    asClientOpts?: ClientMetadata;
    endpointOpts?: IOID4VCIEndpointOpts;
    baseUrl?: string;
    wellKnownHostLocation?: WellKnownHostLocation;
}
declare class OID4VCIServer {
    private readonly _issuer;
    private authRequestsData;
    private readonly _app;
    private readonly _baseUrl;
    private readonly _expressSupport;
    private readonly _router;
    private readonly _asClientOpts?;
    private readonly _wellknownHostLocation?;
    constructor(expressSupport: ExpressSupport, opts: IOID4VCIServerOpts & {
        issuer?: VcIssuer;
    });
    get app(): Express;
    get router(): express.Router;
    get issuer(): VcIssuer;
    stop(): Promise<void>;
    private isTokenEndpointDisabled;
    private isStatusEndpointEnabled;
    private isGetIssuePayloadEndpointEnabled;
    private isAuthorizationChallengeEndpointEnabled;
    private assertAccessTokenHandling;
    private isNonceEndpointEnabled;
    get baseUrl(): URL;
    get wellknownHostLocation(): WellKnownHostLocation | undefined;
}

declare function getIssueStatusEndpoint(router: Router, issuer: VcIssuer, opts: IGetIssueStatusEndpointOpts): void;
declare function getCredentialOfferReferenceEndpoint(router: Router, issuer: VcIssuer, opts: IGetIssueStatusEndpointOpts): string;
declare function authorizationChallengeEndpoint(router: Router, issuer: VcIssuer, opts: IAuthorizationChallengeEndpointOpts & {
    baseUrl: string | URL;
}): void;
declare function accessTokenEndpoint(router: Router, issuer: VcIssuer, opts: ITokenEndpointOpts & ISingleEndpointOpts & {
    baseUrl: string | URL;
    authRequestsData?: Map<string, AuthorizationRequest>;
}): void;
declare function getCredentialEndpoint(router: Router, issuer: VcIssuer, opts: Pick<ITokenEndpointOpts, 'accessTokenVerificationCallback' | 'accessTokenSignerCallback' | 'tokenExpiresIn' | 'cNonceExpiresIn'> & ISingleEndpointOpts & {
    baseUrl: string | URL;
}): void;
declare function notificationEndpoint(router: Router, issuer: VcIssuer, opts: ISingleEndpointOpts & Pick<ITokenEndpointOpts, 'accessTokenVerificationCallback'> & {
    baseUrl: string | URL;
}): void;
declare function nonceEndpoint(router: Router, issuer: VcIssuer, opts: INonceEndpointOpts): void;
declare function getCredentialOfferEndpoint(router: Router, issuer: VcIssuer, opts?: IGetCredentialOfferEndpointOpts): void;
declare function deleteCredentialOfferEndpoint(router: Router, issuer: VcIssuer, opts?: IGetCredentialOfferEndpointOpts): void;
declare function createCredentialOfferEndpoint(router: Router, issuer: VcIssuer, opts?: ICreateCredentialOfferEndpointOpts & {
    baseUrl?: string;
}, issuerPayloadPath?: string): void;
declare function pushedAuthorizationEndpoint(router: Router, issuer: VcIssuer, authRequestsData: Map<string, AuthorizationRequest>, opts?: ISingleEndpointOpts): void;
declare function getMetadataEndpoints(router: Router, issuer: VcIssuer, opts?: {
    rootRouter?: Router;
    basePath?: string;
    wellKnownHostLocation?: WellKnownHostLocation;
}): void;
declare function determinePath(baseUrl: URL | string | undefined, endpoint: string, opts?: {
    skipBaseUrlCheck?: boolean;
    prependUrl?: string;
    stripBasePath?: boolean;
}): string;
declare function getBaseUrl(url?: URL | string | undefined): string;
declare function getBasePath(url?: URL | string): string;

declare const validateRequestBody: ({ required, conditional, body, }: {
    required?: string[];
    conditional?: string[];
    body: Pick<Request, "body">;
}) => void;

export { type IAuthorizationChallengeEndpointOpts, type ICreateCredentialOfferEndpointOpts, type ICreateCredentialOfferURIResponse, type IDeleteCredentialOfferEndpointOpts, type IGetCredentialOfferEndpointOpts, type IGetIssuePayloadEndpointOpts, type IGetIssueStatusEndpointOpts, type INonceEndpointOpts, type IOID4VCIEndpointOpts, type IOID4VCIServerOpts, OID4VCIServer, WellKnownHostLocation, accessTokenEndpoint, authorizationChallengeEndpoint, createCredentialOfferEndpoint, deleteCredentialOfferEndpoint, determinePath, getBasePath, getBaseUrl, getCredentialEndpoint, getCredentialOfferEndpoint, getCredentialOfferReferenceEndpoint, getIssueStatusEndpoint, getMetadataEndpoints, nonceEndpoint, notificationEndpoint, pushedAuthorizationEndpoint, validateRequestBody };