@sphereon/oid4vci-issuer/dist/index.d.ts

OpenID 4 Verifiable Credential Issuance issuer REST endpoints

import { ICredential, SdJwtDecodedVerifiableCredentialPayload, SdJwtDisclosureFrame, W3CVerifiableCredential, CompactSdJwtVc, ISimpleLogger } from '@sphereon/ssi-types';
import { OID4VCICredentialFormat, CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13, CredentialDefinitionJwtVcJsonV1_0_13, ProofTypesSupported, CredentialsSupportedDisplay, IssuerCredentialSubject, KeyProofType, ProofType, IssuerCredentialSubjectDisplay, CredentialConfigurationSupportedV1_0_13, GrantAuthorizationCode, PRE_AUTH_GRANT_LITERAL, GrantUrnIetf, CredentialIssuerMetadataOptsV1_0_13, CredentialOfferPayloadV1_0_13, AssertedUniformCredentialOffer, CredentialIssuerMetadataOpts, CredentialOfferPayloadV1_0_11, CredentialOfferV1_0_13, UniformCredentialOffer, CredentialOfferMode, IssuerMetadataV1_0_13, CredentialIssuerMetadataV1_0_11, CredentialOfferSession, ClientMetadata, JWTVerifyCallback, CredentialRequest, JwtVerifyResult, StatusListOpts, CNonceState, UniformCredentialRequest, CredentialSupplierConfig, CredentialDataSupplierInput, AuthorizationServerMetadata, TxCode, IStateManager, URIState, NotificationRequest, JsonLdIssuerCredentialDefinition, QRCodeOpts, CreateCredentialOfferURIResult, CredentialResponse, ImageInfo, MetadataDisplay, IssuerMetadata, ClientResponseType, TokenEndpointAuthMethod, TokenEndpointAuthSigningAlg, OAuthScope, OAuthResponseType, OAuthResponseMode, OAuthGrantType, RevocationEndpointAuthMethod, RevocationEndpointAuthSigningAlg, PKCECodeChallengeMethod, StateType, JWTSignerCallback, Alg, AccessTokenRequest, AccessTokenResponse } from '@sphereon/oid4vci-common';
import { SigningAlgo, JWK } from '@sphereon/oid4vc-common';

declare class CredentialSupportedBuilderV1_13 {
    format?: OID4VCICredentialFormat;
    scope?: string;
    credentialName?: string;
    credentialDefinition?: CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | CredentialDefinitionJwtVcJsonV1_0_13;
    cryptographicBindingMethodsSupported?: ('jwk' | 'cose_key' | 'did' | string)[];
    credentialSigningAlgValuesSupported?: string[];
    proofTypesSupported?: ProofTypesSupported;
    display?: CredentialsSupportedDisplay[];
    credentialSubject?: IssuerCredentialSubject;
    withFormat(credentialFormat: OID4VCICredentialFormat): CredentialSupportedBuilderV1_13;
    withCredentialName(credentialName: string): CredentialSupportedBuilderV1_13;
    withCredentialDefinition(credentialDefinition: CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | CredentialDefinitionJwtVcJsonV1_0_13): CredentialSupportedBuilderV1_13;
    withScope(scope: string): CredentialSupportedBuilderV1_13;
    addCryptographicBindingMethod(method: string | string[]): CredentialSupportedBuilderV1_13;
    withCryptographicBindingMethod(method: string | string[]): CredentialSupportedBuilderV1_13;
    addCredentialSigningAlgValuesSupported(algValues: string | string[]): CredentialSupportedBuilderV1_13;
    withCredentialSigningAlgValuesSupported(algValues: string | string[]): CredentialSupportedBuilderV1_13;
    addProofTypesSupported(keyProofType: KeyProofType, proofType: ProofType): CredentialSupportedBuilderV1_13;
    withProofTypesSupported(proofTypesSupported: ProofTypesSupported): CredentialSupportedBuilderV1_13;
    addCredentialSupportedDisplay(credentialDisplay: CredentialsSupportedDisplay | CredentialsSupportedDisplay[]): CredentialSupportedBuilderV1_13;
    withCredentialSupportedDisplay(credentialDisplay: CredentialsSupportedDisplay | CredentialsSupportedDisplay[]): CredentialSupportedBuilderV1_13;
    withCredentialSubject(credentialSubject: IssuerCredentialSubject): this;
    addCredentialSubjectPropertyDisplay(subjectProperty: string, issuerCredentialSubjectDisplay: IssuerCredentialSubjectDisplay): CredentialSupportedBuilderV1_13;
    build(): Record<string, CredentialConfigurationSupportedV1_0_13>;
}

interface CredentialOfferGrantInput {
    authorization_code?: Partial<GrantAuthorizationCode>;
    [PRE_AUTH_GRANT_LITERAL]?: Partial<GrantUrnIetf>;
}
declare function createCredentialOfferObject(issuerMetadata?: CredentialIssuerMetadataOptsV1_0_13, opts?: {
    credentialOffer?: CredentialOfferPayloadV1_0_13;
    credentialOfferUri?: string;
    grants?: CredentialOfferGrantInput;
    client_id?: string;
}): AssertedUniformCredentialOffer;
declare function createCredentialOfferObjectv1_0_11(issuerMetadata?: CredentialIssuerMetadataOpts, opts?: {
    credentialOffer?: CredentialOfferPayloadV1_0_11;
    credentialOfferUri?: string;
    scheme?: string;
    baseUri?: string;
    grants?: CredentialOfferGrantInput;
}): AssertedUniformCredentialOffer;
declare function createCredentialOfferURIFromObject(credentialOffer: CredentialOfferV1_0_13 | UniformCredentialOffer, offerMode: CredentialOfferMode, opts?: {
    scheme?: string;
    baseUri?: string;
}): string;
declare function createCredentialOfferURI(offerMode: CredentialOfferMode, issuerMetadata?: IssuerMetadataV1_0_13, opts?: {
    credentialOffer?: CredentialOfferPayloadV1_0_13;
    credentialOfferUri?: string;
    scheme?: string;
    baseUri?: string;
    grants?: CredentialOfferGrantInput;
}): string;
declare function createCredentialOfferURIv1_0_11(offerMode: CredentialOfferMode, issuerMetadata?: CredentialIssuerMetadataV1_0_11, opts?: {
    credentialOffer?: CredentialOfferPayloadV1_0_11;
    credentialOfferUri?: string;
    scheme?: string;
    baseUri?: string;
    grants?: CredentialOfferGrantInput;
}): string;
declare const isPreAuthorizedCodeExpired: (state: CredentialOfferSession, expirationDurationInSeconds: number) => boolean;
declare const assertValidPinNumber: (pin?: string, pinLength?: number) => void;

declare function oidcAccessTokenVerifyCallback(opts: {
    credentialIssuer: string;
    authorizationServer: string;
    clientMetadata?: ClientMetadata;
}): JWTVerifyCallback;

type CredentialSignerCallback = (opts: {
    credentialRequest: CredentialRequest;
    credential: CredentialIssuanceInput;
    format?: OID4VCICredentialFormat;
    /**
     * We use object since we don't want to expose the DID Document TS type to too many interfaces.
     * An implementation that wants to look into the DIDDoc would have to do a cast in the signer callback implementation
     */
    jwtVerifyResult: JwtVerifyResult;
    statusLists?: Array<StatusListOpts>;
}) => Promise<W3CVerifiableCredential | CompactSdJwtVc>;
interface CredentialDataSupplierArgs extends CNonceState {
    credentialRequest: UniformCredentialRequest;
    credentialOffer: AssertedUniformCredentialOffer;
    clientId?: string;
    credentialSupplierConfig?: CredentialSupplierConfig;
    credentialDataSupplierInput?: CredentialDataSupplierInput;
}
type CredentialIssuanceInput = ICredential | (SdJwtDecodedVerifiableCredentialPayload & {
    __disclosureFrame?: SdJwtDisclosureFrame;
});
interface CredentialDataSupplierResult {
    credential: CredentialIssuanceInput;
    format?: OID4VCICredentialFormat;
    signCallback?: CredentialSignerCallback;
}
type CredentialDataSupplier = (args: CredentialDataSupplierArgs) => Promise<CredentialDataSupplierResult>;

declare class VcIssuer {
    private readonly _issuerMetadata;
    private readonly _authorizationServerMetadata;
    private readonly _defaultCredentialOfferBaseUri?;
    private readonly _credentialSignerCallback?;
    private readonly _jwtVerifyCallback?;
    private readonly _credentialDataSupplier?;
    private readonly _credentialOfferSessions;
    private readonly _cNonces;
    private readonly _uris;
    private readonly _cNonceExpiresIn;
    private readonly _asClientOpts?;
    constructor(issuerMetadata: CredentialIssuerMetadataOptsV1_0_13, authorizationServerMetadata: AuthorizationServerMetadata, args: {
        txCode?: TxCode;
        baseUri?: string;
        credentialOfferSessions: IStateManager<CredentialOfferSession>;
        defaultCredentialOfferBaseUri?: string;
        cNonces: IStateManager<CNonceState>;
        uris?: IStateManager<URIState>;
        credentialSignerCallback?: CredentialSignerCallback;
        jwtVerifyCallback?: JWTVerifyCallback;
        credentialDataSupplier?: CredentialDataSupplier;
        cNonceExpiresIn?: number | undefined;
        asClientOpts?: ClientMetadata;
    });
    getCredentialOfferSessionById(id: string, lookups?: Array<'uri' | 'preAuthorizedCode' | 'issuerState' | 'correlationId'>): Promise<CredentialOfferSession>;
    deleteCredentialOfferSessionById(id: string, lookups?: Array<'uri' | 'preAuthorizedCode' | 'issuerState' | 'correlationId'>): Promise<CredentialOfferSession>;
    processNotification({ preAuthorizedCode, issuerState, notification, }: {
        preAuthorizedCode?: string;
        issuerState?: string;
        notification: NotificationRequest;
    }): Promise<Error | CredentialOfferSession>;
    createCredentialOfferURI(opts: {
        offerMode?: CredentialOfferMode;
        grants?: CredentialOfferGrantInput;
        client_id?: string;
        redirectUri?: string;
        credential_configuration_ids?: Array<string>;
        credentialDefinition?: JsonLdIssuerCredentialDefinition;
        credentialOfferUri?: string;
        credentialDataSupplierInput?: CredentialDataSupplierInput;
        baseUri?: string;
        scheme?: string;
        pinLength?: number;
        qrCodeOpts?: QRCodeOpts;
        correlationId?: string;
        statusListOpts?: Array<StatusListOpts>;
        sessionLifeTimeInSec?: number;
    }): Promise<CreateCredentialOfferURIResult>;
    /**
     * issueCredentialFromIssueRequest
     * @param opts issuerRequestParams
     *  - issueCredentialsRequest the credential request
     *  - issuerState the state of the issuer
     *  - jwtVerifyCallback callback that verifies the Proof of Possession JWT
     *  - issuerCallback callback to issue a Verifiable Credential
     *  - cNonce an existing c_nonce
     */
    issueCredential(opts: {
        credentialRequest: CredentialRequest;
        credential?: CredentialIssuanceInput;
        credentialDataSupplier?: CredentialDataSupplier;
        credentialDataSupplierInput?: CredentialDataSupplierInput;
        newCNonce?: string;
        cNonceExpiresIn?: number;
        tokenExpiresIn?: number;
        jwtVerifyCallback?: JWTVerifyCallback;
        credentialSignerCallback?: CredentialSignerCallback;
        responseCNonce?: string;
    }): Promise<CredentialResponse>;
    private updateSession;
    private validateCredentialRequestProof;
    private isMetadataSupportCredentialRequestFormat;
    private issueCredentialImpl;
    get credentialSignerCallback(): CredentialSignerCallback | undefined;
    get jwtVerifyCallback(): JWTVerifyCallback | undefined;
    get credentialDataSupplier(): CredentialDataSupplier | undefined;
    get uris(): IStateManager<URIState>;
    get cNonceExpiresIn(): number;
    get credentialOfferSessions(): IStateManager<CredentialOfferSession>;
    get cNonces(): IStateManager<CNonceState>;
    get defaultCredentialOfferBaseUri(): string | undefined;
    get issuerMetadata(): CredentialIssuerMetadataOptsV1_0_13;
    get authorizationServerMetadata(): AuthorizationServerMetadata;
    get asClientOpts(): ClientMetadata | undefined;
}

declare class DisplayBuilder {
    name?: string;
    locale?: string;
    additionalProperties: Record<string, unknown>;
    logo?: ImageInfo;
    backgroundColor?: string;
    textColor?: string;
    withName(name: string): this;
    withLocale(locale: string): this;
    withLogo(logo: ImageInfo): this;
    withBackgroundColor(backgroundColor: string): this;
    withTextColor(textColor: string): this;
    withAdditionalProperties(properties: Record<string, unknown>): this;
    addAdditionalProperty(key: string, value: unknown): this;
    build(): MetadataDisplay;
}

declare class IssuerMetadataBuilderV1_13 {
    credentialEndpoint?: string;
    credentialIssuer?: string;
    supportedBuilders: CredentialSupportedBuilderV1_13[];
    credentialConfigurationsSupported: Record<string, CredentialConfigurationSupportedV1_0_13>;
    displayBuilders: DisplayBuilder[];
    display: MetadataDisplay[];
    batchCredentialEndpoint?: string;
    authorizationServers?: string[];
    tokenEndpoint?: string;
    authorizationChallengeEndpoint?: string;
    withBatchCredentialEndpoint(batchCredentialEndpoint: string): void;
    withAuthorizationServers(authorizationServers: string[]): this;
    withAuthorizationServer(authorizationServer: string): this;
    withAuthorizationChallengeEndpoint(authorizationChallengeEndpoint: string): this;
    withTokenEndpoint(tokenEndpoint: string): this;
    withCredentialEndpoint(credentialEndpoint: string): IssuerMetadataBuilderV1_13;
    withCredentialIssuer(credentialIssuer: string): IssuerMetadataBuilderV1_13;
    newSupportedCredentialBuilder(): CredentialSupportedBuilderV1_13;
    addSupportedCredentialBuilder(supportedCredentialBuilder: CredentialSupportedBuilderV1_13): this;
    addCredentialConfigurationsSupported(id: string, supportedCredential: CredentialConfigurationSupportedV1_0_13): this;
    withIssuerDisplay(issuerDisplay: MetadataDisplay[] | MetadataDisplay): IssuerMetadataBuilderV1_13;
    addDisplay(display: MetadataDisplay): void;
    addDisplayBuilder(displayBuilder: DisplayBuilder): void;
    newDisplayBuilder(): DisplayBuilder;
    build(): IssuerMetadataV1_0_13;
}

declare class VcIssuerBuilder {
    issuerMetadataBuilder?: IssuerMetadataBuilderV1_13;
    issuerMetadata: Partial<CredentialIssuerMetadataOptsV1_0_13>;
    authorizationServerMetadata: Partial<AuthorizationServerMetadata>;
    asClientOpts?: ClientMetadata;
    txCode?: TxCode;
    defaultCredentialOfferBaseUri?: string;
    userPinRequired?: boolean;
    cNonceExpiresIn?: number;
    credentialOfferStateManager?: IStateManager<CredentialOfferSession>;
    credentialOfferURIManager?: IStateManager<URIState>;
    cNonceStateManager?: IStateManager<CNonceState>;
    credentialSignerCallback?: CredentialSignerCallback;
    jwtVerifyCallback?: JWTVerifyCallback;
    credentialDataSupplier?: CredentialDataSupplier;
    withIssuerMetadata(issuerMetadata: IssuerMetadata): this;
    withASClientMetadata(clientMetadata: ClientMetadata): this;
    withASClientMetadataParams({ client_id, client_secret, redirect_uris, response_types, ...other }: {
        client_id: string;
        client_secret?: string;
        redirect_uris?: string[];
        response_types?: ClientResponseType[];
    } & ClientMetadata): this;
    withAuthorizationMetadata(authorizationServerMetadata: AuthorizationServerMetadata): this;
    withIssuerMetadataBuilder(builder: IssuerMetadataBuilderV1_13): this;
    withDefaultCredentialOfferBaseUri(baseUri: string): this;
    withCredentialIssuer(issuer: string): this;
    withAuthorizationServers(authorizationServers: string | string[]): this;
    withCredentialEndpoint(credentialEndpoint: string): this;
    withBatchCredentialEndpoint(batchCredentialEndpoint: string): this;
    withTokenEndpoint(tokenEndpoint: string): this;
    withIssuerDisplay(issuerDisplay: MetadataDisplay[] | MetadataDisplay): this;
    addIssuerDisplay(issuerDisplay: MetadataDisplay): this;
    withCredentialConfigurationsSupported(credentialConfigurationsSupported: Record<string, CredentialConfigurationSupportedV1_0_13>): this;
    addCredentialConfigurationsSupported(id: string, supportedCredential: CredentialConfigurationSupportedV1_0_13): this;
    withTXCode(txCode: TxCode): this;
    withCredentialOfferURIStateManager(credentialOfferURIManager: IStateManager<URIState>): this;
    withInMemoryCredentialOfferURIState(): this;
    withCredentialOfferStateManager(credentialOfferManager: IStateManager<CredentialOfferSession>): this;
    withInMemoryCredentialOfferState(): this;
    withCNonceStateManager(cNonceManager: IStateManager<CNonceState>): this;
    withInMemoryCNonceState(): this;
    withCNonceExpiresIn(cNonceExpiresIn: number): this;
    withCredentialSignerCallback(cb: CredentialSignerCallback): this;
    withJWTVerifyCallback(verifyCallback: JWTVerifyCallback): this;
    withCredentialDataSupplier(credentialDataSupplier: CredentialDataSupplier): this;
    build(): VcIssuer;
}

declare class AuthorizationServerMetadataBuilder {
    private metadata;
    withIssuer(issuer: string): AuthorizationServerMetadataBuilder;
    withAuthorizationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withAuthorizationChallengeEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withTokenEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withTokenEndpointAuthMethodsSupported(methods: Array<TokenEndpointAuthMethod>): AuthorizationServerMetadataBuilder;
    withTokenEndpointAuthSigningAlgValuesSupported(algs: Array<TokenEndpointAuthSigningAlg>): AuthorizationServerMetadataBuilder;
    withRegistrationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withScopesSupported(scopes: Array<OAuthScope | string>): AuthorizationServerMetadataBuilder;
    withResponseTypesSupported(types: Array<OAuthResponseType>): AuthorizationServerMetadataBuilder;
    withResponseModesSupported(modes: Array<OAuthResponseMode>): AuthorizationServerMetadataBuilder;
    withGrantTypesSupported(types: Array<OAuthGrantType>): AuthorizationServerMetadataBuilder;
    withServiceDocumentation(url: string): AuthorizationServerMetadataBuilder;
    withUILocalesSupported(locales: string[]): AuthorizationServerMetadataBuilder;
    withOpPolicyUri(uri: string): AuthorizationServerMetadataBuilder;
    withOpTosUri(uri: string): AuthorizationServerMetadataBuilder;
    withRevocationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withRevocationEndpointAuthMethodsSupported(methods: Array<RevocationEndpointAuthMethod>): AuthorizationServerMetadataBuilder;
    withRevocationEndpointAuthSigningAlgValuesSupported(algs: Array<RevocationEndpointAuthSigningAlg>): AuthorizationServerMetadataBuilder;
    withIntrospectionEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withCodeChallengeMethodsSupported(methods: Array<PKCECodeChallengeMethod>): AuthorizationServerMetadataBuilder;
    withPushedAuthorizationRequestEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withRequirePushedAuthorizationRequests(required: boolean): AuthorizationServerMetadataBuilder;
    withPreAuthorizedGrantAnonymousAccessSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withDPoPSigningAlgValuesSupported(algs: (string | SigningAlgo)[]): AuthorizationServerMetadataBuilder;
    withFrontchannelLogoutSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withFrontchannelLogoutSessionSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withBackchannelLogoutSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withBackchannelLogoutSessionSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withUserinfoEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withCheckSessionIframe(url: string): AuthorizationServerMetadataBuilder;
    withEndSessionEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withAcrValuesSupported(values: string[]): AuthorizationServerMetadataBuilder;
    withSubjectTypesSupported(types: string[]): AuthorizationServerMetadataBuilder;
    withRequestObjectSigningAlgValuesSupported(algs: string[]): AuthorizationServerMetadataBuilder;
    withDisplayValuesSupported(values: string[]): AuthorizationServerMetadataBuilder;
    withClaimTypesSupported(types: string[]): AuthorizationServerMetadataBuilder;
    withClaimsSupported(claims: string[]): AuthorizationServerMetadataBuilder;
    withClaimsParameterSupported(supported: boolean): AuthorizationServerMetadataBuilder;
    withCredentialEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    withDeferredCredentialEndpoint(endpoint: string): AuthorizationServerMetadataBuilder;
    build(): AuthorizationServerMetadata;
}

declare class MemoryStates<T extends StateType> implements IStateManager<T> {
    private readonly expiresInMS;
    private readonly states;
    private cleanupIntervalId?;
    constructor(opts?: {
        expiresInSec?: number;
    });
    clearAll(): Promise<void>;
    clearExpired(timestamp?: number): Promise<void>;
    delete(id: string): Promise<boolean>;
    getAsserted(id: string): Promise<T>;
    get(id: string): Promise<T | undefined>;
    has(id: string): Promise<boolean>;
    set(id: string, stateValue: T): Promise<void>;
    startCleanupRoutine(timeout?: number): Promise<void>;
    stopCleanupRoutine(): Promise<void>;
}

declare function lookupStateManagerMultiGetAsserted<K extends StateType, V extends StateType>(args: {
    id: string;
    lookups: string[];
    keyValueMapper: IStateManager<K>;
    valueStateManager: IStateManager<V>;
}): Promise<V>;
declare function lookupStateManagerMultiGet<K extends StateType, V extends StateType>({ id, lookups, keyValueMapper, valueStateManager, }: {
    id: string;
    lookups: string[];
    keyValueMapper: IStateManager<K>;
    valueStateManager: IStateManager<V>;
}): Promise<V | undefined>;
declare class LookupStateManager<K extends StateType, V extends StateType> implements IStateManager<V> {
    private keyValueMapper;
    private valueStateManager;
    private lookup;
    constructor(keyValueMapper: IStateManager<K>, valueStateManager: IStateManager<V>, lookup: string);
    startCleanupRoutine(timeout?: number | undefined): Promise<void>;
    stopCleanupRoutine(): Promise<void>;
    clearAll(): Promise<void>;
    clearExpired(timestamp?: number): Promise<void>;
    private assertedValueId;
    private valueId;
    delete(id: string): Promise<boolean>;
    get(id: string): Promise<V | undefined>;
    has(id: string): Promise<boolean>;
    set(_id: string, _stateValue: V): Promise<void>;
    setMapped(valueKey: string, keyObject: K, stateValue: V): Promise<void>;
    getAsserted(id: string): Promise<V>;
}

declare class CredentialOfferStateBuilder {
    private readonly credentialOfferState;
    constructor();
    credentialOffer(credentialOffer: AssertedUniformCredentialOffer): CredentialOfferStateBuilder;
    createdAt(timestamp: number): CredentialOfferStateBuilder;
    build(): CredentialOfferSession;
}

interface ITokenEndpointOpts {
    tokenEndpointDisabled?: boolean;
    tokenPath?: string;
    interval?: number;
    cNonceExpiresIn?: number;
    tokenExpiresIn?: number;
    preAuthorizedCodeExpirationDuration?: number;
    accessTokenSignerCallback?: JWTSignerCallback;
    accessTokenVerificationCallback?: JWTVerifyCallback;
    accessTokenIssuer?: string;
    accessTokenProvider?: AccessTokenProvider;
}
type AccessTokenProvider = 'internal' | 'oidc' | 'oauth2';
declare const generateAccessToken: (opts: Required<Pick<ITokenEndpointOpts, "accessTokenSignerCallback" | "tokenExpiresIn" | "accessTokenIssuer" | "accessTokenProvider">> & {
    additionalClaims?: Record<string, unknown>;
    preAuthorizedCode?: string;
    alg?: Alg;
    dPoPJwk?: JWK;
}) => Promise<string>;
declare const isValidGrant: (assertedState: CredentialOfferSession, grantType: string) => boolean;
declare const assertValidAccessTokenRequest: (request: AccessTokenRequest, opts: {
    credentialOfferSessions: IStateManager<CredentialOfferSession>;
    expirationDuration: number;
}) => Promise<{
    preAuthSession: CredentialOfferSession;
}>;
declare const createAccessTokenResponse: (request: AccessTokenRequest, opts: {
    credentialOfferSessions: IStateManager<CredentialOfferSession>;
    cNonces: IStateManager<CNonceState>;
    cNonce?: string;
    cNonceExpiresIn?: number;
    tokenExpiresIn: number;
    accessTokenSignerCallback: JWTSignerCallback;
    accessTokenIssuer: string;
    accessTokenProvider?: AccessTokenProvider;
    interval?: number;
    dPoPJwk?: JWK;
}) => Promise<AccessTokenResponse>;

declare const LOG: ISimpleLogger<string | unknown>;

export { type AccessTokenProvider, AuthorizationServerMetadataBuilder, type CredentialDataSupplier, type CredentialDataSupplierArgs, type CredentialDataSupplierResult, type CredentialIssuanceInput, type CredentialOfferGrantInput, CredentialOfferStateBuilder, type CredentialSignerCallback, CredentialSupportedBuilderV1_13, DisplayBuilder, type ITokenEndpointOpts, IssuerMetadataBuilderV1_13, LOG, LookupStateManager, MemoryStates, VcIssuer, VcIssuerBuilder, assertValidAccessTokenRequest, assertValidPinNumber, createAccessTokenResponse, createCredentialOfferObject, createCredentialOfferObjectv1_0_11, createCredentialOfferURI, createCredentialOfferURIFromObject, createCredentialOfferURIv1_0_11, generateAccessToken, isPreAuthorizedCodeExpired, isValidGrant, lookupStateManagerMultiGet, lookupStateManagerMultiGetAsserted, oidcAccessTokenVerifyCallback };