@sphereon/oid4vci-common - npm Package Compare versions

Comparing version 0.16.0 to 0.16.1-feature.MWALL.715.232

dist/events/index.d.ts

@@ -13,3 +13,4 @@ import { EventManager } from '@sphereon/ssi-types';
     OID4VCI_NOTIFICATION_RECEIVED = "OID4VCI_NOTIFICATION_RECEIVED",
-    OID4VCI_NOTIFICATION_PROCESSED = "OID4VCI_NOTIFICATION_PROCESSED"
+    OID4VCI_NOTIFICATION_PROCESSED = "OID4VCI_NOTIFICATION_PROCESSED",
+    OID4VCI_NOTIFICATION_ERROR = "OID4VCI_NOTIFICATION_ERROR"
 }
@@ -16,0 +17,0 @@ export type LogEvents = 'oid4vciLog';

dist/events/index.js

@@ -19,4 +19,5 @@ "use strict";
     NotificationStatusEventNames["OID4VCI_NOTIFICATION_PROCESSED"] = "OID4VCI_NOTIFICATION_PROCESSED";
+    NotificationStatusEventNames["OID4VCI_NOTIFICATION_ERROR"] = "OID4VCI_NOTIFICATION_ERROR";
 })(NotificationStatusEventNames || (exports.NotificationStatusEventNames = NotificationStatusEventNames = {}));
 exports.EVENTS = ssi_types_1.EventManager.instance();
 //# sourceMappingURL=index.js.map

dist/functions/CredentialRequestUtil.js

@@ -31,2 +31,5 @@ "use strict";
     }
+    else if (credentialRequest.format === 'mso_mdoc' && 'doctype' in credentialRequest) {
+        types = [credentialRequest.doctype];
+    }
     if (!types || types.length === 0) {
@@ -33,0 +36,0 @@ throw Error('Could not deduce types from credential request');

dist/functions/FormatUtils.js

@@ -14,3 +14,3 @@ "use strict";
 const isUniformFormat = (format) => {
-    return ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc', 'vc+sd-jwt'].includes(format);
+    return ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc', 'vc+sd-jwt', 'mso_mdoc'].includes(format);
 };
@@ -17,0 +17,0 @@ function getUniformFormat(format) {

dist/functions/IssuerMetadataUtils.js

@@ -59,3 +59,4 @@ "use strict";
     let credentialConfigurationsV13 = undefined;
-    if (version < types_1.OpenId4VCIVersion.VER_1_0_12 || (issuerMetadata === null || issuerMetadata === void 0 ? void 0 : issuerMetadata.credentials_supported)) {
+    if (version < types_1.OpenId4VCIVersion.VER_1_0_12 ||
+        ((issuerMetadata === null || issuerMetadata === void 0 ? void 0 : issuerMetadata.credential_configurations_supported) === undefined && (issuerMetadata === null || issuerMetadata === void 0 ? void 0 : issuerMetadata.credentials_supported))) {
         if ((issuerMetadata === null || issuerMetadata === void 0 ? void 0 : issuerMetadata.credentials_supported) && !Array.isArray(issuerMetadata === null || issuerMetadata === void 0 ? void 0 : issuerMetadata.credentials_supported)) {
@@ -62,0 +63,0 @@ // The current code duplication and logic is such a mess, that we re-adjust the object to the proper type again

dist/functions/ProofUtil.d.ts

@@ -12,3 +12,2 @@ import { JWK } from '@sphereon/oid4vc-common';
  *    arguments needed for signing ProofOfPossession
- * @param callbacks:
  *    - proofOfPossessionCallback: JWTSignerCallback
@@ -18,2 +17,4 @@ *      Mandatory to create (sign) ProofOfPossession
  *      If exists, verifies the ProofOfPossession
+ * @param popMode
+ * @param callbacks
  * @param jwtProps
@@ -20,0 +21,0 @@ * @param existingJwt

dist/functions/ProofUtil.js

@@ -29,3 +29,2 @@ "use strict";
  *    arguments needed for signing ProofOfPossession
- * @param callbacks:
  *    - proofOfPossessionCallback: JWTSignerCallback
@@ -35,2 +34,4 @@ *      Mandatory to create (sign) ProofOfPossession
  *      If exists, verifies the ProofOfPossession
+ * @param popMode
+ * @param callbacks
  * @param jwtProps
@@ -122,3 +123,3 @@ * @param existingJwt
     const now = +new Date();
-    const jwtPayload = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({}, (aud && { aud })), { iat: (_o = (_m = jwt.payload) === null || _m === void 0 ? void 0 : _m.iat) !== null && _o !== void 0 ? _o : Math.round(now / 1000 - 60), exp: (_q = (_p = jwt.payload) === null || _p === void 0 ? void 0 : _p.exp) !== null && _q !== void 0 ? _q : Math.round(now / 1000 + 10 * 60), nonce }), (client_id && { client_id })), (iss && { iss })), (jti && { jti }));
+    const jwtPayload = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({}, (aud && { aud })), { iat: (_o = (_m = jwt.payload) === null || _m === void 0 ? void 0 : _m.iat) !== null && _o !== void 0 ? _o : Math.floor(now / 1000) - 60, exp: (_q = (_p = jwt.payload) === null || _p === void 0 ? void 0 : _p.exp) !== null && _q !== void 0 ? _q : Math.floor(now / 1000) + 10 * 60, nonce }), (client_id && { client_id })), (iss && { iss })), (jti && { jti }));
     const jwtHeader = Object.assign(Object.assign(Object.assign({ typ,
@@ -125,0 +126,0 @@ alg }, (kid && { kid })), (jwk && { jwk })), (x5c && { x5c }));

dist/functions/TypeConversionUtils.d.ts

@@ -1,4 +0,4 @@
-import { AuthorizationDetails, CredentialOfferPayload, UniformCredentialOfferPayload, UniformCredentialOfferRequest } from '../index';
-import { CredentialConfigurationSupported, CredentialConfigurationSupportedSdJwtVcV1_0_13, CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13, CredentialDefinitionJwtVcJsonV1_0_13, CredentialOfferFormat, CredentialsSupportedLegacy, CredentialSupportedSdJwtVc, JsonLdIssuerCredentialDefinition } from '../types';
-export declare function isW3cCredentialSupported(supported: CredentialConfigurationSupported | CredentialsSupportedLegacy): supported is Exclude<CredentialConfigurationSupported, CredentialConfigurationSupportedSdJwtVcV1_0_13 | CredentialSupportedSdJwtVc>;
+import { AuthorizationDetails, CredentialConfigurationSupportedMsoMdocV1_0_13, CredentialOfferPayload, CredentialSupportedMsoMdoc, UniformCredentialOfferPayload, UniformCredentialOfferRequest } from '../index';
+import { CredentialConfigurationSupported, CredentialConfigurationSupportedSdJwtVcV1_0_13, CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13, CredentialDefinitionJwtVcJsonV1_0_13, CredentialOfferFormatV1_0_11, CredentialsSupportedLegacy, CredentialSupportedSdJwtVc, JsonLdIssuerCredentialDefinition } from '../types';
+export declare function isW3cCredentialSupported(supported: CredentialConfigurationSupported | CredentialsSupportedLegacy): supported is Exclude<CredentialConfigurationSupported, CredentialConfigurationSupportedMsoMdocV1_0_13 | CredentialSupportedMsoMdoc | CredentialConfigurationSupportedSdJwtVcV1_0_13 | CredentialSupportedSdJwtVc>;
 export declare const getNumberOrUndefined: (input?: string) => number | undefined;
@@ -9,3 +9,3 @@ /**
  */
-export declare function getTypesFromObject(subject: CredentialConfigurationSupported | CredentialOfferFormat | CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | CredentialDefinitionJwtVcJsonV1_0_13 | JsonLdIssuerCredentialDefinition | string): string[] | undefined;
+export declare function getTypesFromObject(subject: CredentialConfigurationSupported | CredentialOfferFormatV1_0_11 | CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13 | CredentialDefinitionJwtVcJsonV1_0_13 | JsonLdIssuerCredentialDefinition | string): string[] | undefined;
 export declare function getTypesFromCredentialOffer(offer: UniformCredentialOfferRequest | CredentialOfferPayload | UniformCredentialOfferPayload, opts?: {
@@ -12,0 +12,0 @@ configIdAsType?: boolean;

dist/functions/TypeConversionUtils.js

@@ -36,2 +36,5 @@ "use strict";
     }
+    else if ('doctype' in subject && subject.doctype) {
+        return [subject.doctype];
+    }
     index_1.VCI_LOG_COMMON.warning('Could not deduce credential types. Probably a failure down the line will happen!');
@@ -90,2 +93,5 @@ return undefined;
     }
+    else if (credentialSupported.format === 'mso_mdoc') {
+        types = [credentialSupported.doctype];
+    }
     if (!types || types.length === 0) {
@@ -92,0 +98,0 @@ throw Error('Could not deduce types from credential supported');

dist/types/Authorization.types.d.ts

@@ -66,4 +66,4 @@ import { CreateDPoPClientOpts } from '@sphereon/oid4vc-common';
  */
-export type AuthorizationDetails = (CommonAuthorizationDetails & (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc)) | string;
-export type AuthorizationRequest = AuthorizationRequestJwtVcJson | AuthorizationRequestJwtVcJsonLdAndLdpVc | AuthorizationRequestSdJwtVc;
+export type AuthorizationDetails = (CommonAuthorizationDetails & (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc | AuthorizationDetailsMsoMdoc)) | string;
+export type AuthorizationRequest = AuthorizationRequestJwtVcJson | AuthorizationRequestJwtVcJsonLdAndLdpVc | AuthorizationRequestSdJwtVc | AuthorizationRequestMsoMdoc;
 export interface AuthorizationRequestJwtVcJson extends CommonAuthorizationRequest {
@@ -78,2 +78,5 @@ authorization_details?: AuthorizationDetailsJwtVcJson[];
 }
+export interface AuthorizationRequestMsoMdoc extends CommonAuthorizationRequest {
+    authorization_details?: AuthorizationDetailsMsoMdoc[];
+}
 export interface CommonAuthorizationDetails {
@@ -129,2 +132,7 @@ /**
 }
+export interface AuthorizationDetailsMsoMdoc extends CommonAuthorizationDetails {
+    format: 'mso_mdoc';
+    doctype: string;
+    claims?: IssuerCredentialSubject;
+}
 export declare enum GrantTypes {
@@ -238,2 +246,3 @@ AUTHORIZATION_CODE = "authorization_code",
     requestObjectOpts?: RequestObjectOpts;
+    holderPreferredAuthzFlowTypeOrder?: AuthzFlowType[];
 }
@@ -240,0 +249,0 @@ export interface AuthorizationResponse {

dist/types/CredentialIssuance.types.d.ts

@@ -1,3 +0,3 @@
-import { W3CVerifiableCredential } from '@sphereon/ssi-types';
-import { BaseJWK } from 'common/dist';
+import { BaseJWK } from '@sphereon/oid4vc-common';
+import { IVerifiableCredential } from '@sphereon/ssi-types';
 import { ExperimentalSubjectIssuance } from '../experimental/holder-vci';
@@ -12,3 +12,3 @@ import { AuthzFlowType } from './Authorization.types';
 export interface CredentialResponse extends ExperimentalSubjectIssuance {
-    credential?: W3CVerifiableCredential;
+    credential?: IVerifiableCredential | string;
     format?: OID4VCICredentialFormat;
@@ -77,3 +77,3 @@ transaction_id?: string;
 }
-export interface ProofOfPossessionCallbacks<DIDDoc> {
+export interface ProofOfPossessionCallbacks<DIDDoc = never> {
     signCallback: JWTSignerCallback;
@@ -134,7 +134,7 @@ verifyCallback?: JWTVerifyCallback<DIDDoc>;
 export type JWTSignerCallback = (jwt: Jwt, kid?: string) => Promise<string>;
-export type JWTVerifyCallback<DIDDoc> = (args: {
+export type JWTVerifyCallback<DIDDoc = never> = (args: {
     jwt: string;
     kid?: string;
 }) => Promise<JwtVerifyResult<DIDDoc>>;
-export interface JwtVerifyResult<DIDDoc> {
+export interface JwtVerifyResult<DIDDoc = never> {
     jwt: Jwt;
@@ -141,0 +141,0 @@ kid?: string;

dist/types/Generic.types.d.ts

@@ -20,3 +20,3 @@ import { ICredentialContextType, IVerifiableCredential, W3CVerifiableCredential } from '@sphereon/ssi-types';
 }
-export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc';
+export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc';
 export interface NameAndLocale {
@@ -124,4 +124,10 @@ name?: string;
 }
-export type CredentialConfigurationSupported = CredentialConfigurationSupportedV1_0_13 | (CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc));
-export type CredentialsSupportedLegacy = CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc);
+export interface CredentialSupportedMsoMdoc extends CommonCredentialSupported {
+    format: 'mso_mdoc';
+    doctype: string;
+    claims?: IssuerCredentialSubject;
+    order?: string[];
+}
+export type CredentialConfigurationSupported = CredentialConfigurationSupportedV1_0_13 | (CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc));
+export type CredentialsSupportedLegacy = CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc);
 export interface CommonCredentialOfferFormat {
@@ -143,3 +149,8 @@ format: OID4VCICredentialFormat | string;
 }
-export type CredentialOfferFormat = CommonCredentialOfferFormat & (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc);
+export interface CredentialOfferFormatMsoMdoc extends CommonCredentialOfferFormat {
+    format: 'mso_mdoc';
+    doctype: string;
+    claims?: IssuerCredentialSubject;
+}
+export type CredentialOfferFormatV1_0_11 = CommonCredentialOfferFormat & (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc | CredentialOfferFormatMsoMdoc);
 /**
@@ -186,2 +197,7 @@ * Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on
 }
+export interface CredentialRequestMsoMdoc extends CommonCredentialRequest {
+    format: 'mso_mdoc';
+    doctype: string;
+    claims?: IssuerCredentialSubject;
+}
 export interface CommonCredentialResponse extends ExperimentalSubjectIssuance {
@@ -215,3 +231,3 @@ credential?: W3CVerifiableCredential;
     authorization_code?: GrantAuthorizationCode;
-    'urn:ietf:params:oauth:grant-type:pre-authorized_code'?: GrantUrnIetf;
+    [PRE_AUTH_GRANT_LITERAL]?: GrantUrnIetf;
 }
@@ -296,3 +312,3 @@ export interface GrantAuthorizationCode {
 export type NotificationError = 'invalid_notification_id' | 'invalid_notification_request';
-export type NotificationResult = {
+export type NotificationResponseResult = {
     error: boolean;
@@ -299,0 +315,0 @@ response?: NotificationErrorResponse;

dist/types/QRCode.types.d.ts

 /// <reference types="node" />
+/// <reference types="node" />
 export interface ComponentOptions {
@@ -3,0 +4,0 @@ /**

dist/types/ServerMetadata.d.ts

@@ -1,14 +0,22 @@
-import { SigningAlgo } from '@sphereon/oid4vc-common';
-export interface AuthorizationServerMetadata {
+import { DynamicRegistrationClientMetadata, SigningAlgo } from '@sphereon/oid4vc-common';
+export type OAuthResponseType = 'code' | 'token' | 'id_token' | 'code token' | 'code id_token' | 'token id_token' | 'code token id_token';
+export type TokenEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none';
+export type TokenEndpointAuthSigningAlg = 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES384' | 'ES512' | 'PS256' | 'PS384' | 'PS512' | 'HS256' | 'HS384' | 'HS512';
+export type OAuthScope = 'openid' | 'profile' | 'email' | 'address' | 'phone' | 'offline_access';
+export type OAuthResponseMode = 'query' | 'fragment' | 'form_post';
+export type OAuthGrantType = 'authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:device_code' | 'urn:ietf:params:oauth:grant-type:saml2-bearer' | 'urn:ietf:params:oauth:grant-type:jwt-bearer';
+export type RevocationEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none';
+export type RevocationEndpointAuthSigningAlg = 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES384' | 'ES512' | 'PS256' | 'PS384' | 'PS512' | 'HS256' | 'HS384' | 'HS512';
+export type PKCECodeChallengeMethod = 'plain' | 'S256';
+export interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata {
     issuer: string;
     authorization_endpoint?: string;
     token_endpoint?: string;
-    token_endpoint_auth_methods_supported?: string[];
-    token_endpoint_auth_signing_alg_values_supported?: string[];
-    jwks_uri?: string;
+    token_endpoint_auth_methods_supported?: Array<TokenEndpointAuthMethod>;
+    token_endpoint_auth_signing_alg_values_supported?: Array<TokenEndpointAuthSigningAlg>;
     registration_endpoint?: string;
-    scopes_supported?: string[];
-    response_types_supported: string[];
-    response_modes_supported?: string[];
-    grant_types_supported?: string[];
+    scopes_supported?: Array<OAuthScope | string>;
+    response_types_supported: Array<OAuthResponseType>;
+    response_modes_supported?: Array<OAuthResponseMode>;
+    grant_types_supported?: Array<OAuthGrantType>;
     service_documentation?: string;
@@ -19,6 +27,6 @@ ui_locales_supported?: string[];
     revocation_endpoint?: string;
-    revocation_endpoint_auth_methods_supported?: string[];
-    revocation_endpoint_auth_signing_alg_values_supported?: string[];
+    revocation_endpoint_auth_methods_supported?: Array<RevocationEndpointAuthMethod>;
+    revocation_endpoint_auth_signing_alg_values_supported?: Array<RevocationEndpointAuthSigningAlg>;
     introspection_endpoint?: string;
-    code_challenge_methods_supported?: string[];
+    code_challenge_methods_supported?: Array<PKCECodeChallengeMethod>;
     pushed_authorization_request_endpoint?: string;
@@ -46,2 +54,3 @@ require_pushed_authorization_requests?: boolean;
 }
+export declare const authorizationServerMetadataFieldNames: Array<keyof AuthorizationServerMetadata>;
 export declare enum WellKnownEndpoints {
@@ -48,0 +57,0 @@ OPENID_CONFIGURATION = "/.well-known/openid-configuration",

dist/types/ServerMetadata.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WellKnownEndpoints = void 0;
+exports.WellKnownEndpoints = exports.authorizationServerMetadataFieldNames = void 0;
+// These can be used be a reducer
+exports.authorizationServerMetadataFieldNames = [
+    'issuer',
+    'authorization_endpoint',
+    'token_endpoint',
+    'jwks_uri',
+    'registration_endpoint',
+    'scopes_supported',
+    'response_types_supported',
+    'response_modes_supported',
+    'grant_types_supported',
+    'token_endpoint_auth_methods_supported',
+    'token_endpoint_auth_signing_alg_values_supported',
+    'service_documentation',
+    'ui_locales_supported',
+    'op_policy_uri',
+    'op_tos_uri',
+    'revocation_endpoint',
+    'revocation_endpoint_auth_methods_supported',
+    'revocation_endpoint_auth_signing_alg_values_supported',
+    'introspection_endpoint',
+    'introspection_endpoint_auth_methods_supported',
+    'introspection_endpoint_auth_signing_alg_values_supported',
+    'code_challenge_methods_supported',
+    'signed_metadata',
+];
 var WellKnownEndpoints;
@@ -5,0 +31,0 @@ (function (WellKnownEndpoints) {

dist/types/StateManager.types.d.ts

 import { AssertedUniformCredentialOffer } from './CredentialIssuance.types';
-import { CredentialDataSupplierInput } from './Generic.types';
+import { CredentialDataSupplierInput, NotificationRequest } from './Generic.types';
 export interface StateType {
@@ -15,2 +15,3 @@ createdAt: number;
     notification_id: string;
+    notification?: NotificationRequest;
     issuerState?: string;
@@ -26,2 +27,5 @@ preAuthorizedCode?: string;
     CREDENTIAL_ISSUED = "CREDENTIAL_ISSUED",
+    NOTIFICATION_CREDENTIAL_ACCEPTED = "NOTIFICATION_CREDENTIAL_ACCEPTED",
+    NOTIFICATION_CREDENTIAL_DELETED = "NOTIFICATION_CREDENTIAL_DELETED",
+    NOTIFICATION_CREDENTIAL_FAILURE = "NOTIFICATION_CREDENTIAL_FAILURE",
     ERROR = "ERROR"
@@ -28,0 +32,0 @@ }

dist/types/StateManager.types.js

@@ -12,4 +12,7 @@ "use strict";
     IssueStatus["CREDENTIAL_ISSUED"] = "CREDENTIAL_ISSUED";
+    IssueStatus["NOTIFICATION_CREDENTIAL_ACCEPTED"] = "NOTIFICATION_CREDENTIAL_ACCEPTED";
+    IssueStatus["NOTIFICATION_CREDENTIAL_DELETED"] = "NOTIFICATION_CREDENTIAL_DELETED";
+    IssueStatus["NOTIFICATION_CREDENTIAL_FAILURE"] = "NOTIFICATION_CREDENTIAL_FAILURE";
     IssueStatus["ERROR"] = "ERROR";
 })(IssueStatus || (exports.IssueStatus = IssueStatus = {}));
 //# sourceMappingURL=StateManager.types.js.map

dist/types/v1_0_09.types.d.ts

 import { CommonAuthorizationRequest } from './Authorization.types';
-import { CredentialOfferFormat } from './Generic.types';
+import { CredentialOfferFormatV1_0_11 } from './Generic.types';
 export interface CredentialOfferV1_0_09 {
@@ -20,3 +20,3 @@ credential_offer: CredentialOfferPayloadV1_0_09;
      */
-    credentials: (CredentialOfferFormat | string)[];
+    credentials: (CredentialOfferFormatV1_0_11 | string)[];
     'pre-authorized_code'?: string;
@@ -23,0 +23,0 @@ user_pin_required?: boolean | string;

dist/types/v1_0_11.types.d.ts

 import { AuthorizationDetailsJwtVcJson, AuthorizationServerOpts, CommonAuthorizationRequest } from './Authorization.types';
 import { UniformCredentialOffer, UniformCredentialOfferRequest } from './CredentialIssuance.types';
-import { CommonCredentialRequest, CredentialDataSupplierInput, CredentialIssuerMetadataOpts, CredentialOfferFormat, CredentialRequestJwtVcJson, CredentialRequestJwtVcJsonLdAndLdpVc, CredentialRequestSdJwtVc, Grant } from './Generic.types';
+import { CommonCredentialRequest, CredentialDataSupplierInput, CredentialIssuerMetadataOpts, CredentialOfferFormatV1_0_11, CredentialRequestJwtVcJson, CredentialRequestJwtVcJsonLdAndLdpVc, CredentialRequestSdJwtVc, Grant } from './Generic.types';
 import { QRCodeOpts } from './QRCode.types';
@@ -50,3 +50,3 @@ import { AuthorizationServerMetadata, AuthorizationServerType, EndpointMetadata } from './ServerMetadata';
      */
-    credentials: (CredentialOfferFormat | string)[];
+    credentials: (CredentialOfferFormatV1_0_11 | string)[];
     /**
@@ -53,0 +53,0 @@ * OPTIONAL. A JSON object indicating to the Wallet the Grant Types the Credential Issuer's AS is prepared

dist/types/v1_0_13.types.d.ts

@@ -1,9 +0,8 @@
-import { JWK } from 'common/dist';
+import { JWK } from '@sphereon/oid4vc-common';
 import { ExperimentalSubjectIssuance } from '../experimental/holder-vci';
 import { ProofOfPossession } from './CredentialIssuance.types';
-import { AlgValue, CommonCredentialRequest, CredentialDataSupplierInput, CredentialRequestSdJwtVc, CredentialsSupportedDisplay, CredentialSupplierConfig, EncValue, Grant, IssuerCredentialSubject, MetadataDisplay, OID4VCICredentialFormat, ProofTypesSupported, ResponseEncryption } from './Generic.types';
+import { AlgValue, CommonCredentialRequest, CredentialDataSupplierInput, CredentialRequestMsoMdoc, CredentialRequestSdJwtVc, CredentialsSupportedDisplay, CredentialSupplierConfig, EncValue, Grant, IssuerCredentialSubject, MetadataDisplay, OID4VCICredentialFormat, ProofTypesSupported, ResponseEncryption } from './Generic.types';
 import { QRCodeOpts } from './QRCode.types';
 import { AuthorizationServerMetadata, AuthorizationServerType, EndpointMetadata } from './ServerMetadata';
 export interface IssuerMetadataV1_0_13 {
-    issuer?: string;
     credential_configurations_supported: Record<string, CredentialConfigurationSupportedV1_0_13>;
@@ -13,3 +12,2 @@ credential_issuer: string;
     authorization_servers?: string[];
-    batch_credential_endpoint?: string;
     deferred_credential_endpoint?: string;
@@ -31,3 +29,3 @@ notification_endpoint?: string;
 };
-export type CredentialConfigurationSupportedV1_0_13 = CredentialConfigurationSupportedCommonV1_0_13 & (CredentialConfigurationSupportedSdJwtVcV1_0_13 | CredentialConfigurationSupportedJwtVcJsonV1_0_13 | CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13);
+export type CredentialConfigurationSupportedV1_0_13 = CredentialConfigurationSupportedCommonV1_0_13 & (CredentialConfigurationSupportedSdJwtVcV1_0_13 | CredentialConfigurationSupportedJwtVcJsonV1_0_13 | CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13 | CredentialConfigurationSupportedMsoMdocV1_0_13);
 export type CredentialConfigurationSupportedCommonV1_0_13 = {
@@ -48,2 +46,8 @@ format: OID4VCICredentialFormat | 'string';
 }
+export interface CredentialConfigurationSupportedMsoMdocV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
+    format: 'mso_mdoc';
+    doctype: string;
+    claims?: IssuerCredentialSubject;
+    order?: string[];
+}
 export interface CredentialConfigurationSupportedJwtVcJsonV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
@@ -68,3 +72,7 @@ format: 'jwt_vc_json' | 'jwt_vc';
 }
-export type CredentialRequestV1_0_13 = CredentialRequestV1_0_13Common & (CredentialRequestJwtVcJsonV1_0_13 | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_13 | CredentialRequestSdJwtVc | CredentialRequestV1_0_13CredentialIdentifier);
+export type CredentialRequestV1_0_13 = CredentialRequestV1_0_13Common & (CredentialRequestJwtVcJsonV1_0_13 | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_13 | CredentialRequestSdJwtVc | CredentialRequestMsoMdoc | CredentialRequestV1_0_13CredentialIdentifier);
+/**
+ * Normally a proof always needs to be present. There are exceptions for certain issuers doing strong user binding part of presentation flows
+ */
+export type CredentialRequestWithoutProofV1_0_13 = Omit<CredentialRequestV1_0_13Common, 'proof'> & (CredentialRequestJwtVcJsonV1_0_13 | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_13 | CredentialRequestSdJwtVc | CredentialRequestMsoMdoc | CredentialRequestV1_0_13CredentialIdentifier);
 export interface CredentialRequestV1_0_13CredentialIdentifier extends CredentialRequestV1_0_13Common {
@@ -137,2 +145,3 @@ format?: undefined;
 }
+export declare const credentialIssuerMetadataFieldNames: Array<keyof CredentialIssuerMetadataOptsV1_0_13>;
 export interface EndpointMetadataResultV1_0_13 extends EndpointMetadata {
@@ -139,0 +148,0 @@ authorizationServerType: AuthorizationServerType;

dist/types/v1_0_13.types.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.credentialIssuerMetadataFieldNames = void 0;
+// These can be used be a reducer
+exports.credentialIssuerMetadataFieldNames = [
+    // Required fields
+    'credential_issuer',
+    'credential_configurations_supported',
+    'credential_endpoint',
+    // Optional fields from CredentialIssuerMetadataOpts
+    'batch_credential_endpoint',
+    'deferred_credential_endpoint',
+    'notification_endpoint',
+    'credential_response_encryption',
+    'authorization_servers',
+    'token_endpoint',
+    'display',
+    'credential_supplier_config',
+    // Optional fields from v1.0.13
+    'credential_identifiers_supported',
+    'signed_metadata',
+];
 //# sourceMappingURL=v1_0_13.types.js.map

lib/events/index.ts

@@ -18,4 +18,5 @@ import { EventManager } from '@sphereon/ssi-types';
   OID4VCI_NOTIFICATION_PROCESSED = 'OID4VCI_NOTIFICATION_PROCESSED',
+  OID4VCI_NOTIFICATION_ERROR = 'OID4VCI_NOTIFICATION_ERROR',
 }
 export type LogEvents = 'oid4vciLog';
 export const EVENTS = EventManager.instance();

lib/functions/CredentialRequestUtil.ts

@@ -38,2 +38,4 @@ import {
     types = [credentialRequest.vct];
+  } else if (credentialRequest.format === 'mso_mdoc' && 'doctype' in credentialRequest) {
+    types = [credentialRequest.doctype];
   }
@@ -40,0 +42,0 @@

lib/functions/FormatUtils.ts

@@ -20,3 +20,3 @@ import { CredentialFormat } from '@sphereon/ssi-types';
 const isUniformFormat = (format: string): format is OID4VCICredentialFormat => {
-  return ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc', 'vc+sd-jwt'].includes(format);
+  return ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc', 'vc+sd-jwt', 'mso_mdoc'].includes(format);
 };
@@ -23,0 +23,0 @@

lib/functions/IssuerMetadataUtils.ts

@@ -79,3 +79,6 @@ import { getTypesFromObject, isW3cCredentialSupported, VCI_LOG_COMMON } from '../index';
   let credentialConfigurationsV13: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined = undefined;
-  if (version < OpenId4VCIVersion.VER_1_0_12 || issuerMetadata?.credentials_supported) {
+  if (
+    version < OpenId4VCIVersion.VER_1_0_12 ||
+    (issuerMetadata?.credential_configurations_supported === undefined && issuerMetadata?.credentials_supported)
+  ) {
     if (issuerMetadata?.credentials_supported && !Array.isArray(issuerMetadata?.credentials_supported)) {
@@ -82,0 +85,0 @@ // The current code duplication and logic is such a mess, that we re-adjust the object to the proper type again

lib/functions/ProofUtil.ts

@@ -29,3 +29,2 @@ import { BaseJWK, JWK } from '@sphereon/oid4vc-common';
  *    arguments needed for signing ProofOfPossession
- * @param callbacks:
  *    - proofOfPossessionCallback: JWTSignerCallback
@@ -35,2 +34,4 @@ *      Mandatory to create (sign) ProofOfPossession
  *      If exists, verifies the ProofOfPossession
+ * @param popMode
+ * @param callbacks
  * @param jwtProps
@@ -150,4 +151,4 @@ * @param existingJwt
     ...(aud && { aud }),
-    iat: jwt.payload?.iat ?? Math.round(now / 1000 - 60), // Let's ensure we subtract 60 seconds for potential time offsets
-    exp: jwt.payload?.exp ?? Math.round(now / 1000 + 10 * 60),
+    iat: jwt.payload?.iat ?? Math.floor(now / 1000) - 60, // Let's ensure we subtract 60 seconds for potential time offsets
+    exp: jwt.payload?.exp ?? Math.floor(now / 1000) + 10 * 60,
     nonce,
@@ -154,0 +155,0 @@ ...(client_id && { client_id }),

lib/functions/TypeConversionUtils.ts

@@ -1,3 +0,11 @@
-import { AuthorizationDetails, CredentialOfferPayload, UniformCredentialOfferPayload, UniformCredentialOfferRequest, VCI_LOG_COMMON } from '../index';
 import {
+  AuthorizationDetails,
+  CredentialConfigurationSupportedMsoMdocV1_0_13,
+  CredentialOfferPayload,
+  CredentialSupportedMsoMdoc,
+  UniformCredentialOfferPayload,
+  UniformCredentialOfferRequest,
+  VCI_LOG_COMMON,
+} from '../index';
+import {
   CredentialConfigurationSupported,
@@ -7,3 +15,3 @@ CredentialConfigurationSupportedSdJwtVcV1_0_13,
   CredentialDefinitionJwtVcJsonV1_0_13,
-  CredentialOfferFormat,
+  CredentialOfferFormatV1_0_11,
   CredentialsSupportedLegacy,
@@ -16,3 +24,9 @@ CredentialSupportedSdJwtVc,
   supported: CredentialConfigurationSupported | CredentialsSupportedLegacy,
-): supported is Exclude<CredentialConfigurationSupported, CredentialConfigurationSupportedSdJwtVcV1_0_13 | CredentialSupportedSdJwtVc> {
+): supported is Exclude<
+  CredentialConfigurationSupported,
+  | CredentialConfigurationSupportedMsoMdocV1_0_13
+  | CredentialSupportedMsoMdoc
+  | CredentialConfigurationSupportedSdJwtVcV1_0_13
+  | CredentialSupportedSdJwtVc
+> {
   return ['jwt_vc_json', 'jwt_vc_json-ld', 'ldp_vc', 'jwt_vc'].includes(supported.format);
@@ -32,3 +46,3 @@ }
     | CredentialConfigurationSupported
-    | CredentialOfferFormat
+    | CredentialOfferFormatV1_0_11
     | CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_13
@@ -55,3 +69,5 @@ | CredentialDefinitionJwtVcJsonV1_0_13
   } else if ('vct' in subject && subject.vct) {
-    return [subject.vct];
+    return [subject.vct as string];
+  } else if ('doctype' in subject && subject.doctype) {
+    return [subject.doctype as string];
   }
@@ -111,2 +127,4 @@ VCI_LOG_COMMON.warning('Could not deduce credential types. Probably a failure down the line will happen!');
     types = [credentialSupported.vct];
+  } else if (credentialSupported.format === 'mso_mdoc') {
+    types = [credentialSupported.doctype];
   }
@@ -113,0 +131,0 @@

lib/types/Authorization.types.ts

@@ -77,6 +77,11 @@ import { CreateDPoPClientOpts } from '@sphereon/oid4vc-common';
 export type AuthorizationDetails =
-  | (CommonAuthorizationDetails & (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc))
+  | (CommonAuthorizationDetails &
+      (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc | AuthorizationDetailsMsoMdoc))
   | string;
 
-export type AuthorizationRequest = AuthorizationRequestJwtVcJson | AuthorizationRequestJwtVcJsonLdAndLdpVc | AuthorizationRequestSdJwtVc;
+export type AuthorizationRequest =
+  | AuthorizationRequestJwtVcJson
+  | AuthorizationRequestJwtVcJsonLdAndLdpVc
+  | AuthorizationRequestSdJwtVc
+  | AuthorizationRequestMsoMdoc;
 
@@ -95,2 +100,6 @@ export interface AuthorizationRequestJwtVcJson extends CommonAuthorizationRequest {
 
+export interface AuthorizationRequestMsoMdoc extends CommonAuthorizationRequest {
+  authorization_details?: AuthorizationDetailsMsoMdoc[];
+}
+
 /*
@@ -169,2 +178,9 @@ export interface AuthDetails {
 
+export interface AuthorizationDetailsMsoMdoc extends CommonAuthorizationDetails {
+  format: 'mso_mdoc';
+
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+}
+
 export enum GrantTypes {
@@ -305,2 +321,3 @@ AUTHORIZATION_CODE = 'authorization_code',
   requestObjectOpts?: RequestObjectOpts;
+  holderPreferredAuthzFlowTypeOrder?: AuthzFlowType[];
 }
@@ -307,0 +324,0 @@

lib/types/CredentialIssuance.types.ts

@@ -1,3 +0,3 @@
-import { W3CVerifiableCredential } from '@sphereon/ssi-types';
-import { BaseJWK } from 'common/dist';
+import { BaseJWK } from '@sphereon/oid4vc-common';
+import { IVerifiableCredential } from '@sphereon/ssi-types';
 
@@ -15,3 +15,3 @@ import { ExperimentalSubjectIssuance } from '../experimental/holder-vci';
 export interface CredentialResponse extends ExperimentalSubjectIssuance {
-  credential?: W3CVerifiableCredential; // OPTIONAL. Contains issued Credential. MUST be present when acceptance_token is not returned. MAY be a JSON string or a JSON object, depending on the Credential format. See Appendix E for the Credential format specific encoding requirements
+  credential?: IVerifiableCredential | string; // OPTIONAL. Contains issued Credential. MUST be present when acceptance_token is not returned. MAY be a JSON string or a JSON object, depending on the Credential format. See Appendix E for the Credential format specific encoding requirements
   format?: OID4VCICredentialFormat /* | OID4VCICredentialFormat[]*/; // REQUIRED. JSON string denoting the format of the issued Credential  TODO: remove when cleaning <v13
@@ -104,3 +104,3 @@ transaction_id?: string; //OPTIONAL. A string identifying a Deferred Issuance transaction. This claim is contained in the response if the Credential Issuer was unable to immediately issue the credential. The value is subsequently used to obtain the respective Credential with the Deferred Credential Endpoint (see Section 9). It MUST be present when the credential parameter is not returned. It MUST be invalidated after the credential for which it was meant has been obtained by the Wallet.
 
-export interface ProofOfPossessionCallbacks<DIDDoc> {
+export interface ProofOfPossessionCallbacks<DIDDoc = never> {
   signCallback: JWTSignerCallback;
@@ -175,5 +175,5 @@ verifyCallback?: JWTVerifyCallback<DIDDoc>;
 export type JWTSignerCallback = (jwt: Jwt, kid?: string) => Promise<string>;
-export type JWTVerifyCallback<DIDDoc> = (args: { jwt: string; kid?: string }) => Promise<JwtVerifyResult<DIDDoc>>;
+export type JWTVerifyCallback<DIDDoc = never> = (args: { jwt: string; kid?: string }) => Promise<JwtVerifyResult<DIDDoc>>;
 
-export interface JwtVerifyResult<DIDDoc> {
+export interface JwtVerifyResult<DIDDoc = never> {
   jwt: Jwt;
@@ -180,0 +180,0 @@ kid?: string;

lib/types/Generic.types.ts

@@ -20,3 +20,3 @@ import { ICredentialContextType, IVerifiableCredential, W3CVerifiableCredential } from '@sphereon/ssi-types';
 
-export type PoPMode = 'pop' | 'JWT'; // Proof of posession, or regular JWT
+export type PoPMode = 'pop' | 'JWT'; // Proof of possession, or regular JWT
 
@@ -33,3 +33,3 @@ /**
 
-export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc'; // jwt_vc is added for backwards compat /*| 'mso_mdoc'*/; // we do not support mdocs at this point
+export type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc'; // jwt_vc is added for backwards compat
 
@@ -169,8 +169,18 @@ export interface NameAndLocale {
 
+export interface CredentialSupportedMsoMdoc extends CommonCredentialSupported {
+  format: 'mso_mdoc';
+
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+
+  order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
+}
+
 export type CredentialConfigurationSupported =
   | CredentialConfigurationSupportedV1_0_13
-  | (CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc));
+  | (CommonCredentialSupported &
+      (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc));
 
 export type CredentialsSupportedLegacy = CommonCredentialSupported &
-  (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc);
+  (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc);
 
@@ -202,5 +212,15 @@ export interface CommonCredentialOfferFormat {
 
-export type CredentialOfferFormat = CommonCredentialOfferFormat &
-  (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc);
+// NOTE: the sd-jwt format is added to oid4vci in a later draft version than currently
+// supported, so there's no defined offer format. However, based on the request structure
+// we support sd-jwt for older drafts of oid4vci as well
+export interface CredentialOfferFormatMsoMdoc extends CommonCredentialOfferFormat {
+  format: 'mso_mdoc';
 
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+}
+
+export type CredentialOfferFormatV1_0_11 = CommonCredentialOfferFormat &
+  (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVc | CredentialOfferFormatMsoMdoc);
+
 /**
@@ -256,2 +276,8 @@ * Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on
 
+export interface CredentialRequestMsoMdoc extends CommonCredentialRequest {
+  format: 'mso_mdoc';
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+}
+
 export interface CommonCredentialResponse extends ExperimentalSubjectIssuance {
@@ -296,3 +322,3 @@ // format: string;  TODO do we still need this for previous version support?
   authorization_code?: GrantAuthorizationCode;
-  'urn:ietf:params:oauth:grant-type:pre-authorized_code'?: GrantUrnIetf;
+  [PRE_AUTH_GRANT_LITERAL]?: GrantUrnIetf;
 }
@@ -399,3 +425,3 @@
 
-export type NotificationResult = {
+export type NotificationResponseResult = {
   error: boolean;
@@ -402,0 +428,0 @@ response?: NotificationErrorResponse;

lib/types/ServerMetadata.ts

@@ -1,16 +0,65 @@
-import { SigningAlgo } from '@sphereon/oid4vc-common';
+import { DynamicRegistrationClientMetadata, SigningAlgo } from '@sphereon/oid4vc-common';
 
-export interface AuthorizationServerMetadata {
+export type OAuthResponseType = 'code' | 'token' | 'id_token' | 'code token' | 'code id_token' | 'token id_token' | 'code token id_token';
+
+export type TokenEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none';
+
+export type TokenEndpointAuthSigningAlg =
+  | 'RS256'
+  | 'RS384'
+  | 'RS512'
+  | 'ES256'
+  | 'ES384'
+  | 'ES512'
+  | 'PS256'
+  | 'PS384'
+  | 'PS512'
+  | 'HS256'
+  | 'HS384'
+  | 'HS512';
+
+export type OAuthScope = 'openid' | 'profile' | 'email' | 'address' | 'phone' | 'offline_access';
+
+export type OAuthResponseMode = 'query' | 'fragment' | 'form_post';
+
+export type OAuthGrantType =
+  | 'authorization_code'
+  | 'implicit'
+  | 'password'
+  | 'client_credentials'
+  | 'refresh_token'
+  | 'urn:ietf:params:oauth:grant-type:device_code'
+  | 'urn:ietf:params:oauth:grant-type:saml2-bearer'
+  | 'urn:ietf:params:oauth:grant-type:jwt-bearer';
+
+export type RevocationEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none';
+
+export type RevocationEndpointAuthSigningAlg =
+  | 'RS256'
+  | 'RS384'
+  | 'RS512'
+  | 'ES256'
+  | 'ES384'
+  | 'ES512'
+  | 'PS256'
+  | 'PS384'
+  | 'PS512'
+  | 'HS256'
+  | 'HS384'
+  | 'HS512';
+
+export type PKCECodeChallengeMethod = 'plain' | 'S256';
+
+export interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata {
   issuer: string;
   authorization_endpoint?: string;
   token_endpoint?: string;
-  token_endpoint_auth_methods_supported?: string[];
-  token_endpoint_auth_signing_alg_values_supported?: string[];
+  token_endpoint_auth_methods_supported?: Array<TokenEndpointAuthMethod>;
+  token_endpoint_auth_signing_alg_values_supported?: Array<TokenEndpointAuthSigningAlg>;
 
-  jwks_uri?: string;
   registration_endpoint?: string;
-  scopes_supported?: string[];
-  response_types_supported: string[];
-  response_modes_supported?: string[];
-  grant_types_supported?: string[];
+  scopes_supported?: Array<OAuthScope | string>;
+  response_types_supported: Array<OAuthResponseType>;
+  response_modes_supported?: Array<OAuthResponseMode>;
+  grant_types_supported?: Array<OAuthGrantType>;
   service_documentation?: string;
@@ -22,8 +71,9 @@ ui_locales_supported?: string[];
   revocation_endpoint?: string;
-  revocation_endpoint_auth_methods_supported?: string[];
-  revocation_endpoint_auth_signing_alg_values_supported?: string[];
+  revocation_endpoint_auth_methods_supported?: Array<RevocationEndpointAuthMethod>;
+  revocation_endpoint_auth_signing_alg_values_supported?: Array<RevocationEndpointAuthSigningAlg>;
 
   introspection_endpoint?: string;
-  code_challenge_methods_supported?: string[];
+  code_challenge_methods_supported?: Array<PKCECodeChallengeMethod>;
 
+  // TODO below fields are not in the rfc8414 spec, do we need them?
   pushed_authorization_request_endpoint?: string; // The URL of the pushed authorization request endpoint at which a client can post an authorization request to exchange for a request_uri value usable at the authorization server
@@ -59,2 +109,29 @@ // Note that the presence of pushed_authorization_request_endpoint is sufficient for a client to determine that it may use the PAR flow. A request_uri value obtained from the PAR endpoint is usable at the authorization endpoint regardless of other authorization server metadata such as request_uri_parameter_supported or require_request_uri_registration
 
+// These can be used be a reducer
+export const authorizationServerMetadataFieldNames: Array<keyof AuthorizationServerMetadata> = [
+  'issuer',
+  'authorization_endpoint',
+  'token_endpoint',
+  'jwks_uri',
+  'registration_endpoint',
+  'scopes_supported',
+  'response_types_supported',
+  'response_modes_supported',
+  'grant_types_supported',
+  'token_endpoint_auth_methods_supported',
+  'token_endpoint_auth_signing_alg_values_supported',
+  'service_documentation',
+  'ui_locales_supported',
+  'op_policy_uri',
+  'op_tos_uri',
+  'revocation_endpoint',
+  'revocation_endpoint_auth_methods_supported',
+  'revocation_endpoint_auth_signing_alg_values_supported',
+  'introspection_endpoint',
+  'introspection_endpoint_auth_methods_supported',
+  'introspection_endpoint_auth_signing_alg_values_supported',
+  'code_challenge_methods_supported',
+  'signed_metadata',
+] as const;
+
 export enum WellKnownEndpoints {
@@ -61,0 +138,0 @@ OPENID_CONFIGURATION = '/.well-known/openid-configuration',

lib/types/StateManager.types.ts

 import { AssertedUniformCredentialOffer } from './CredentialIssuance.types';
-import { CredentialDataSupplierInput } from './Generic.types';
+import { CredentialDataSupplierInput, NotificationRequest } from './Generic.types'
 
@@ -17,2 +17,3 @@ export interface StateType {
   notification_id: string;
+  notification?: NotificationRequest;
   issuerState?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
@@ -29,2 +30,5 @@ preAuthorizedCode?: string; //todo: Probably good to hash it here, since it would come in from the client and we could match the hash and thus use the client value
   CREDENTIAL_ISSUED = 'CREDENTIAL_ISSUED',
+  NOTIFICATION_CREDENTIAL_ACCEPTED = 'NOTIFICATION_CREDENTIAL_ACCEPTED',
+  NOTIFICATION_CREDENTIAL_DELETED = 'NOTIFICATION_CREDENTIAL_DELETED',
+  NOTIFICATION_CREDENTIAL_FAILURE = 'NOTIFICATION_CREDENTIAL_FAILURE',
   ERROR = 'ERROR',
@@ -31,0 +35,0 @@ }

lib/types/v1_0_09.types.ts

 import { CommonAuthorizationRequest } from './Authorization.types';
-import { CredentialOfferFormat } from './Generic.types';
+import { CredentialOfferFormatV1_0_11 } from './Generic.types';
 
@@ -23,3 +23,3 @@ export interface CredentialOfferV1_0_09 {
    */
-  credentials: (CredentialOfferFormat | string)[];
+  credentials: (CredentialOfferFormatV1_0_11 | string)[];
   'pre-authorized_code'?: string; //CONDITIONAL the code representing the issuer's authorization for the Wallet to obtain Credentials of a certain type. This code MUST be short-lived and single-use. MUST be present in a pre-authorized code flow.
@@ -26,0 +26,0 @@ user_pin_required?: boolean | string; //OPTIONAL Boolean value specifying whether the issuer expects presentation of a user PIN along with the Token Request in a pre-authorized code flow. Default is false.

lib/types/v1_0_11.types.ts

@@ -7,3 +7,3 @@ import { AuthorizationDetailsJwtVcJson, AuthorizationServerOpts, CommonAuthorizationRequest } from './Authorization.types';
   CredentialIssuerMetadataOpts,
-  CredentialOfferFormat,
+  CredentialOfferFormatV1_0_11,
   CredentialRequestJwtVcJson,
@@ -66,3 +66,3 @@ CredentialRequestJwtVcJsonLdAndLdpVc,
    */
-  credentials: (CredentialOfferFormat | string)[];
+  credentials: (CredentialOfferFormatV1_0_11 | string)[];
   /**
@@ -69,0 +69,0 @@ * OPTIONAL. A JSON object indicating to the Wallet the Grant Types the Credential Issuer's AS is prepared

lib/types/v1_0_13.types.ts

@@ -1,2 +0,2 @@
-import { JWK } from 'common/dist';
+import { JWK } from '@sphereon/oid4vc-common';
 
@@ -10,2 +10,3 @@ import { ExperimentalSubjectIssuance } from '../experimental/holder-vci';
   CredentialDataSupplierInput,
+  CredentialRequestMsoMdoc,
   CredentialRequestSdJwtVc,
@@ -26,3 +27,2 @@ CredentialsSupportedDisplay,
 export interface IssuerMetadataV1_0_13 {
-  issuer?: string;
   credential_configurations_supported: Record<string, CredentialConfigurationSupportedV1_0_13>; // REQUIRED. A JSON object containing a list of key value pairs, where the key is a string serving as an abstract identifier of the Credential. This identifier is RECOMMENDED to be collision resistant - it can be globally unique, but does not have to be when naming conflicts are unlikely to arise in a given use case. The value is a JSON object. The JSON object MUST conform to the structure of the Section 11.2.1.
@@ -32,3 +32,2 @@ credential_issuer: string; // A Credential Issuer is identified by a case sensitive URL using the https scheme that contains scheme, host and, optionally, port number and path components, but no query or fragment components.
   authorization_servers?: string[];
-  batch_credential_endpoint?: string;
   deferred_credential_endpoint?: string;
@@ -59,2 +58,3 @@ notification_endpoint?: string;
     | CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_13
+    | CredentialConfigurationSupportedMsoMdocV1_0_13
   );
@@ -82,2 +82,11 @@
 
+export interface CredentialConfigurationSupportedMsoMdocV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
+  format: 'mso_mdoc';
+
+  doctype: string;
+  claims?: IssuerCredentialSubject;
+
+  order?: string[]; //An array of claims.display.name values that lists them in the order they should be displayed by the Wallet.
+}
+
 export interface CredentialConfigurationSupportedJwtVcJsonV1_0_13 extends CredentialConfigurationSupportedCommonV1_0_13 {
@@ -111,5 +120,18 @@ format: 'jwt_vc_json' | 'jwt_vc';
     | CredentialRequestSdJwtVc
+    | CredentialRequestMsoMdoc
     | CredentialRequestV1_0_13CredentialIdentifier
   );
 
+/**
+ * Normally a proof always needs to be present. There are exceptions for certain issuers doing strong user binding part of presentation flows
+ */
+export type CredentialRequestWithoutProofV1_0_13 = Omit<CredentialRequestV1_0_13Common, 'proof'> &
+  (
+    | CredentialRequestJwtVcJsonV1_0_13
+    | CredentialRequestJwtVcJsonLdAndLdpVcV1_0_13
+    | CredentialRequestSdJwtVc
+    | CredentialRequestMsoMdoc
+    | CredentialRequestV1_0_13CredentialIdentifier
+  );
+
 export interface CredentialRequestV1_0_13CredentialIdentifier extends CredentialRequestV1_0_13Common {
@@ -194,2 +216,24 @@ // Format cannot be defined when credential_identifier is used
 
+// These can be used be a reducer
+export const credentialIssuerMetadataFieldNames: Array<keyof CredentialIssuerMetadataOptsV1_0_13> = [
+  // Required fields
+  'credential_issuer',
+  'credential_configurations_supported',
+  'credential_endpoint',
+
+  // Optional fields from CredentialIssuerMetadataOpts
+  'batch_credential_endpoint',
+  'deferred_credential_endpoint',
+  'notification_endpoint',
+  'credential_response_encryption',
+  'authorization_servers',
+  'token_endpoint',
+  'display',
+  'credential_supplier_config',
+
+  // Optional fields from v1.0.13
+  'credential_identifiers_supported',
+  'signed_metadata',
+] as const;
+
 export interface EndpointMetadataResultV1_0_13 extends EndpointMetadata {
@@ -196,0 +240,0 @@ // The EndpointMetadata are snake-case so they can easily be used in payloads/JSON.

package.json

 {
   "name": "@sphereon/oid4vci-common",
-  "version": "0.16.0",
+  "version": "0.16.1-feature.MWALL.715.232+2dff0df",
   "description": "OpenID 4 Verifiable Credential Issuance Common Types",
@@ -13,5 +13,6 @@ "source": "lib/index.ts",
   "dependencies": {
-    "@sphereon/oid4vc-common": "0.16.0",
-    "@sphereon/ssi-types": "0.28.0",
+    "@sphereon/oid4vc-common": "0.16.1-feature.MWALL.715.232+2dff0df",
+    "@sphereon/ssi-types": "0.30.2-feature.mdoc.funke2.367",
     "cross-fetch": "^3.1.8",
+    "debug": "^4.3.5",
     "jwt-decode": "^4.0.0",
@@ -22,2 +23,3 @@ "uint8arrays": "3.1.1",
   "devDependencies": {
+    "@types/debug": "^4.1.12",
     "@types/jest": "^29.5.12",
@@ -55,3 +57,3 @@ "@types/uuid": "^9.0.1",
   },
-  "gitHead": "7d938320eba5818dfe2bf6ae5291bb3c614085e1"
+  "gitHead": "2dff0df4f3d9c0943b9e93ea2c9666fab43747c2"
 }

New alerts

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

475616

increased by3.58%

Lines of code

7227

increased by4.05%

Worsened metrics

Dependency count

7

increased by16.67%

Dev dependency count

4

increased by33.33%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addeddebug@^4.3.5

• + Added@js-joda/core@5.6.3(transitive)

• + Added@js-joda/timezone@2.3.0(transitive)

• + Added@sd-jwt/decode@0.7.2(transitive)

• + Added@sd-jwt/types@0.7.2(transitive)

• + Added@sd-jwt/utils@0.7.2(transitive)

• + Added@sphereon/kmp-mdoc-core@0.2.0-SNAPSHOT.10(transitive)

• + Added@sphereon/ssi-types@0.30.2-feature.mdoc.funke2.367(transitive)

• + Addedformat-util@1.0.5(transitive)

• - Removed@sd-jwt/decode@0.6.1(transitive)

• - Removed@sd-jwt/types@0.6.1(transitive)

• - Removed@sd-jwt/utils@0.6.1(transitive)

• - Removed@sphereon/oid4vc-common@0.16.0(transitive)

• - Removed@sphereon/ssi-types@0.28.0(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• - Removedsha.js@2.4.11(transitive)

• Updated@sphereon/oid4vc-common@0.16.1-feature.MWALL.715.232+2dff0df

• Updated@sphereon/ssi-types@0.30.2-feature.mdoc.funke2.367