		@@ -10,6 +10,7 @@ "use strict";
		const defaultHasher = (data, algorithm) => {
		if (!supportedAlgorithms.includes(algorithm)) {
		const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
		if (!supportedAlgorithms.includes(sanitizedAlgorithm)) {
		throw new Error(`Unsupported hashing algorithm ${algorithm}`);
		}
		return new Uint8Array((0, sha_js_1.default)(algorithm)
		return new Uint8Array((0, sha_js_1.default)(sanitizedAlgorithm)
		.update(data)
		@@ -16,0 +17,0 @@ .digest());

dist/jwt/JwkThumbprint.js

		@@ -77,3 +77,3 @@ "use strict";
		}
		return u8a.toString((0, hasher_1.defaultHasher)(algorithm, JSON.stringify(components)), 'base64url');
		return u8a.toString((0, hasher_1.defaultHasher)(JSON.stringify(components), algorithm), 'base64url');
		});
		@@ -80,0 +80,0 @@ }

dist/jwt/JwtIssuer.d.ts

		@@ -34,3 +34,2 @@ import { JWK, JwtHeader, JwtPayload, JwtProtectionMethod, SigningAlgo } from '..';
		issuer: string;
		clientIdScheme: 'x509_san_dns' \| 'x509_san_uri';
		}
		@@ -37,0 +36,0 @@ export interface JwtIssuerJwk extends JwtIssuerBase {

dist/jwt/jwtUtils.d.ts

		@@ -16,2 +16,12 @@ import { JwtHeader, JwtPayload } from '..';
		export declare function epochTime(): number;
		export declare const BASE64_URL_REGEX: RegExp;
		export declare const isJws: (jws: string) => boolean;
		export declare const isJwe: (jwe: string) => boolean;
		export declare const decodeProtectedHeader: (jwt: string) => import("jwt-decode").JwtHeader;
		export declare const decodeJwt: (jwt: string) => JwtPayload;
		export declare const checkExp: (input: {
		exp: number;
		now?: number;
		clockSkew?: number;
		}) => boolean;
		//# sourceMappingURL=jwtUtils.d.ts.map

dist/jwt/jwtUtils.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.epochTime = exports.getNowSkewed = exports.parseJWT = void 0;
		exports.checkExp = exports.decodeJwt = exports.decodeProtectedHeader = exports.isJwe = exports.isJws = exports.BASE64_URL_REGEX = exports.epochTime = exports.getNowSkewed = exports.parseJWT = void 0;
		const jwt_decode_1 = require("jwt-decode");
		@@ -38,2 +38,26 @@ function parseJWT(jwt) {
		exports.epochTime = epochTime;
		exports.BASE64_URL_REGEX = /^([0-9a-zA-Z-_]{4})*(([0-9a-zA-Z-_]{2}(==)?)\|([0-9a-zA-Z-_]{3}(=)?))?$/;
		const isJws = (jws) => {
		const jwsParts = jws.split('.');
		return jwsParts.length === 3 && jwsParts.every((part) => exports.BASE64_URL_REGEX.test(part));
		};
		exports.isJws = isJws;
		const isJwe = (jwe) => {
		const jweParts = jwe.split('.');
		return jweParts.length === 5 && jweParts.every((part) => exports.BASE64_URL_REGEX.test(part));
		};
		exports.isJwe = isJwe;
		const decodeProtectedHeader = (jwt) => {
		return (0, jwt_decode_1.jwtDecode)(jwt, { header: true });
		};
		exports.decodeProtectedHeader = decodeProtectedHeader;
		const decodeJwt = (jwt) => {
		return (0, jwt_decode_1.jwtDecode)(jwt, { header: false });
		};
		exports.decodeJwt = decodeJwt;
		const checkExp = (input) => {
		const { exp, now, clockSkew } = input;
		return exp < (now !== null && now !== void 0 ? now : Date.now() / 1000) - (clockSkew !== null && clockSkew !== void 0 ? clockSkew : 120);
		};
		exports.checkExp = checkExp;
		//# sourceMappingURL=jwtUtils.js.map

dist/jwt/JwtVerifier.js

		@@ -25,2 +25,15 @@ "use strict";
		exports.getDidJwtVerifier = getDidJwtVerifier;
		const getIssuer = (type, payload) => {
		// For 'request-object' the `iss` value is not required so we map the issuer to client_id
		if (type === 'request-object') {
		if (!payload.client_id) {
		throw new Error('Missing required field client_id in request object JWT');
		}
		return payload.client_id;
		}
		if (typeof payload.iss !== 'string') {
		throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
		}
		return payload.iss;
		};
		const getX5cVerifier = (jwt, options) => {
		@@ -35,6 +48,9 @@ const { type } = options;
		}
		if (typeof jwt.payload.iss !== 'string') {
		throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim.`);
		}
		return { method: 'x5c', x5c: jwt.header.x5c, issuer: jwt.payload.iss, type: type, alg: jwt.header.alg };
		return {
		method: 'x5c',
		x5c: jwt.header.x5c,
		issuer: getIssuer(type, jwt.payload),
		type: type,
		alg: jwt.header.alg,
		};
		};
		@@ -41,0 +57,0 @@ exports.getX5cVerifier = getX5cVerifier;

lib/hasher.ts

		@@ -8,3 +8,4 @@ import { Hasher } from '@sphereon/ssi-types';
		export const defaultHasher: Hasher = (data, algorithm) => {
		if (!supportedAlgorithms.includes(algorithm as SupportedAlgorithms)) {
		const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
		if (!supportedAlgorithms.includes(sanitizedAlgorithm as SupportedAlgorithms)) {
		throw new Error(`Unsupported hashing algorithm ${algorithm}`);
		@@ -14,3 +15,3 @@ }
		return new Uint8Array(
		sha(algorithm as SupportedAlgorithms)
		sha(sanitizedAlgorithm as SupportedAlgorithms)
		.update(data)
		@@ -17,0 +18,0 @@ .digest(),

lib/jwt/JwkThumbprint.ts

		@@ -47,3 +47,3 @@ import * as u8a from 'uint8arrays';
		}
		return u8a.toString(defaultHasher(algorithm, JSON.stringify(components)), 'base64url');
		return u8a.toString(defaultHasher(JSON.stringify(components), algorithm), 'base64url');
		}
		@@ -50,0 +50,0 @@

lib/jwt/JwtIssuer.ts

		@@ -39,4 +39,2 @@ import { JWK, JwtHeader, JwtPayload, JwtProtectionMethod, SigningAlgo } from '..';
		issuer: string;

		clientIdScheme: 'x509_san_dns' \| 'x509_san_uri';
		}
		@@ -43,0 +41,0 @@

lib/jwt/jwtUtils.ts

		@@ -44,1 +44,29 @@ import { jwtDecode } from 'jwt-decode';
		}

		export const BASE64_URL_REGEX = /^([0-9a-zA-Z-_]{4})*(([0-9a-zA-Z-_]{2}(==)?)\|([0-9a-zA-Z-_]{3}(=)?))?$/;

		export const isJws = (jws: string) => {
		const jwsParts = jws.split('.');
		return jwsParts.length === 3 && jwsParts.every((part) => BASE64_URL_REGEX.test(part));
		};
		export const isJwe = (jwe: string) => {
		const jweParts = jwe.split('.');
		return jweParts.length === 5 && jweParts.every((part) => BASE64_URL_REGEX.test(part));
		};

		export const decodeProtectedHeader = (jwt: string) => {
		return jwtDecode(jwt, { header: true });
		};

		export const decodeJwt = (jwt: string): JwtPayload => {
		return jwtDecode(jwt, { header: false });
		};

		export const checkExp = (input: {
		exp: number;
		now?: number; // The number of milliseconds elapsed since midnight, January 1, 1970 Universal Coordinated Time (UTC).
		clockSkew?: number;
		}) => {
		const { exp, now, clockSkew } = input;
		return exp < (now ?? Date.now() / 1000) - (clockSkew ?? 120);
		};

lib/jwt/JwtVerifier.ts

		@@ -69,2 +69,17 @@ import { JWK, JwtHeader, JwtPayload, SigningAlgo } from '..';

		const getIssuer = (type: JwtType, payload: JwtPayload): string => {
		// For 'request-object' the `iss` value is not required so we map the issuer to client_id
		if (type === 'request-object') {
		if (!payload.client_id) {
		throw new Error('Missing required field client_id in request object JWT');
		}
		return payload.client_id as string;
		}

		if (typeof payload.iss !== 'string') {
		throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
		}
		return payload.iss;
		};

		export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): X5cJwtVerifier => {
		@@ -79,7 +94,9 @@ const { type } = options;

		if (typeof jwt.payload.iss !== 'string') {
		throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim.`);
		}

		return { method: 'x5c', x5c: jwt.header.x5c, issuer: jwt.payload.iss, type: type, alg: jwt.header.alg };
		return {
		method: 'x5c',
		x5c: jwt.header.x5c,
		issuer: getIssuer(type, jwt.payload),
		type: type,
		alg: jwt.header.alg,
		};
		};
		@@ -86,0 +103,0 @@

package.json

		{
		"name": "@sphereon/oid4vc-common",
		"version": "0.16.0",
		"version": "0.16.1-feature.jarm.sdk2.68+452b415",
		"description": "OpenID 4 Verifiable Credentials Common",
		@@ -13,3 +13,3 @@ "source": "lib/index.ts",
		"dependencies": {
		"@sphereon/ssi-types": "0.28.0",
		"@sphereon/ssi-types": "0.29.1-unstable.208",
		"jwt-decode": "^4.0.0",
		@@ -56,3 +56,3 @@ "sha.js": "^2.4.11",
		},
		"gitHead": "7d938320eba5818dfe2bf6ae5291bb3c614085e1"
		"gitHead": "452b41519b4563d1afe22e845ffcef0c488316e5"
		}

dist/hasher.d.ts.map