import * as _sphereon_ssi_types from '@sphereon/ssi-types'; import { ICredentialContextType, W3CVerifiableCredential, IVerifiableCredential, CredentialFormat, EventManager, Loggers } from '@sphereon/ssi-types'; import { DynamicRegistrationClientMetadata, SigningAlgo, JWK, BaseJWK, CreateDPoPClientOpts } from '@sphereon/oid4vc-common'; import { SupportedEncodings } from 'uint8arrays/to-string'; /** * Copied from openid-client */ type ClientResponseType = 'code' | 'id_token' | 'code id_token' | 'none' | string; type ClientAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'tls_client_auth' | 'self_signed_tls_client_auth' | 'none'; interface ClientMetadata { client_id: string; id_token_signed_response_alg?: string; token_endpoint_auth_method?: ClientAuthMethod; client_secret?: string; redirect_uris?: string[]; response_types?: ClientResponseType[]; post_logout_redirect_uris?: string[]; default_max_age?: number; require_auth_time?: boolean; tls_client_certificate_bound_access_tokens?: boolean; request_object_signing_alg?: string; id_token_encrypted_response_alg?: string; id_token_encrypted_response_enc?: string; introspection_endpoint_auth_method?: ClientAuthMethod; introspection_endpoint_auth_signing_alg?: string; request_object_encryption_alg?: string; request_object_encryption_enc?: string; revocation_endpoint_auth_method?: ClientAuthMethod; revocation_endpoint_auth_signing_alg?: string; token_endpoint_auth_signing_alg?: string; userinfo_encrypted_response_alg?: string; userinfo_encrypted_response_enc?: string; userinfo_signed_response_alg?: string; authorization_encrypted_response_alg?: string; authorization_encrypted_response_enc?: string; authorization_signed_response_alg?: string; [key: string]: unknown; } /** * Experimental support not following the VCI spec to have the holder actually (re)sign the issued credential and return it to the issuer */ declare const EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED: boolean; type SubjectProofMode = 'proof_chain' | 'proof_set' | 'proof_replace'; type SubjectProofNotificationEventsSupported = 'credential_accepted_holder_signed' | 'credential_deleted_holder_signed' | 'credential_accepted'; interface ExperimentalSubjectIssuance { credential_subject_issuance?: { subject_proof_mode: SubjectProofMode; notification_events_supported: Array; }; } type OAuthResponseType = 'code' | 'token' | 'id_token' | 'code token' | 'code id_token' | 'token id_token' | 'code token id_token'; type TokenEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none'; type TokenEndpointAuthSigningAlg = 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES384' | 'ES512' | 'PS256' | 'PS384' | 'PS512' | 'HS256' | 'HS384' | 'HS512'; type OAuthScope = 'openid' | 'profile' | 'email' | 'address' | 'phone' | 'offline_access'; type OAuthResponseMode = 'query' | 'fragment' | 'form_post'; type OAuthGrantType = 'authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:device_code' | 'urn:ietf:params:oauth:grant-type:saml2-bearer' | 'urn:ietf:params:oauth:grant-type:jwt-bearer'; type RevocationEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'none'; type RevocationEndpointAuthSigningAlg = 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES384' | 'ES512' | 'PS256' | 'PS384' | 'PS512' | 'HS256' | 'HS384' | 'HS512'; type PKCECodeChallengeMethod = 'plain' | 'S256'; interface AuthorizationServerMetadata extends DynamicRegistrationClientMetadata { issuer: string; authorization_endpoint?: string; authorization_challenge_endpoint?: string; token_endpoint?: string; token_endpoint_auth_methods_supported?: Array; token_endpoint_auth_signing_alg_values_supported?: Array; registration_endpoint?: string; scopes_supported?: Array; response_types_supported: Array; response_modes_supported?: Array; grant_types_supported?: Array; service_documentation?: string; ui_locales_supported?: string[]; op_policy_uri?: string; op_tos_uri?: string; revocation_endpoint?: string; revocation_endpoint_auth_methods_supported?: Array; revocation_endpoint_auth_signing_alg_values_supported?: Array; introspection_endpoint?: string; code_challenge_methods_supported?: Array; pushed_authorization_request_endpoint?: string; require_pushed_authorization_requests?: boolean; 'pre-authorized_grant_anonymous_access_supported'?: boolean; dpop_signing_alg_values_supported?: (string | SigningAlgo)[]; frontchannel_logout_supported?: boolean; frontchannel_logout_session_supported?: boolean; backchannel_logout_supported?: boolean; backchannel_logout_session_supported?: boolean; userinfo_endpoint?: string; check_session_iframe?: string; end_session_endpoint?: string; acr_values_supported?: string[]; subject_types_supported?: string[]; request_object_signing_alg_values_supported?: string[]; display_values_supported?: string[]; claim_types_supported?: string[]; claims_supported?: string[]; claims_parameter_supported?: boolean; credential_endpoint?: string; deferred_credential_endpoint?: string; nonce_endpoint?: string; [x: string]: any; } declare const authorizationServerMetadataFieldNames: Array; declare enum WellKnownEndpoints { OPENID_CONFIGURATION = "/.well-known/openid-configuration", OAUTH_AS = "/.well-known/oauth-authorization-server", OPENID4VCI_ISSUER = "/.well-known/openid-credential-issuer" } type AuthorizationServerType = 'OIDC' | 'OAuth 2.0' | 'OID4VCI'; interface EndpointMetadata { issuer: string; token_endpoint: string; credential_endpoint: string; deferred_credential_endpoint?: string; notification_endpoint?: string; authorization_server?: string; authorization_endpoint?: string; authorization_challenge_endpoint?: string; } interface ComponentOptions { /** * Component options for data/ECC. */ data?: { /** * Scale factor for data/ECC dots. * @default 1 */ scale?: number; }; /** * Component options for timing patterns. */ timing?: { /** * Scale factor for timing patterns. * @default 1 */ scale?: number; /** * Protector for timing patterns. * @default false */ protectors?: boolean; }; /** * Component options for alignment patterns. */ alignment?: { /** * Scale factor for alignment patterns. * @default 1 */ scale?: number; /** * Protector for alignment patterns. * @default false */ protectors?: boolean; }; /** * Component options for alignment pattern on the bottom-right corner. */ cornerAlignment?: { /** * Scale factor for alignment pattern on the bottom-right corner. * @default 1 */ scale?: number; /** * Protector for alignment pattern on the bottom-right corner. * @default true */ protectors?: boolean; }; } interface QRCodeOpts { /** * Size of the QR code in pixel. * * @defaultValue 400 */ size?: number; /** * Size of margins around the QR code body in pixel. * * @defaultValue 20 */ margin?: number; /** * Error correction level of the QR code. * * Accepts a value provided by _QRErrorCorrectLevel_. * * For more information, please refer to [https://www.qrcode.com/en/about/error_correction.html](https://www.qrcode.com/en/about/error_correction.html). * * @defaultValue 0 */ correctLevel?: number; /** * **This is an advanced option.** * * Specify the mask pattern to be used in QR code encoding. * * Accepts a value provided by _QRMaskPattern_. * * To find out all eight mask patterns, please refer to [https://en.wikipedia.org/wiki/File:QR_Code_Mask_Patterns.svg](https://en.wikipedia.org/wiki/File:QR_Code_Mask_Patterns.svg) * * For more information, please refer to [https://en.wikiversity.org/wiki/Reed%E2%80%93Solomon_codes_for_coders#Masking](https://en.wikiversity.org/wiki/Reed%E2%80%93Solomon_codes_for_coders#Masking). */ maskPattern?: number; /** * **This is an advanced option.** * * Specify the version to be used in QR code encoding. * * Accepts an integer in range [1, 40]. * * For more information, please refer to [https://www.qrcode.com/en/about/version.html](https://www.qrcode.com/en/about/version.html). */ version?: number; /** * Options to control components in the QR code. * * @deafultValue undefined */ components?: ComponentOptions; /** * Color of the blocks on the QR code. * * Accepts a CSS <color>. * * For more information about CSS <color>, please refer to [https://developer.mozilla.org/en-US/docs/Web/CSS/color_value](https://developer.mozilla.org/en-US/docs/Web/CSS/color_value). * * @defaultValue "#000000" */ colorDark?: string; /** * Color of the empty areas on the QR code. * * Accepts a CSS <color>. * * For more information about CSS <color>, please refer to [https://developer.mozilla.org/en-US/docs/Web/CSS/color_value](https://developer.mozilla.org/en-US/docs/Web/CSS/color_value). * * @defaultValue "#ffffff" */ colorLight?: string; /** * Automatically calculate the _colorLight_ value from the QR code's background. * * @defaultValue true */ autoColor?: boolean; /** * Background image to be used in the QR code. * * Accepts a `data:` string in web browsers or a Buffer in Node.js. * * @defaultValue undefined */ backgroundImage?: string | Buffer; /** * Color of the dimming mask above the background image. * * Accepts a CSS <color>. * * For more information about CSS <color>, please refer to [https://developer.mozilla.org/en-US/docs/Web/CSS/color_value](https://developer.mozilla.org/en-US/docs/Web/CSS/color_value). * * @defaultValue "rgba(0, 0, 0, 0)" */ backgroundDimming?: string; /** * GIF background image to be used in the QR code. * * @defaultValue undefined */ gifBackground?: ArrayBuffer; /** * Use a white margin instead of a transparent one which reveals the background of the QR code on margins. * * @defaultValue true */ whiteMargin?: boolean; /** * Logo image to be displayed at the center of the QR code. * * Accepts a `data:` string in web browsers or a Buffer in Node.js. * * When set to `undefined` or `null`, the logo is disabled. * * @defaultValue undefined */ logoImage?: string | Buffer; /** * Ratio of the logo size to the QR code size. * * @defaultValue 0.2 */ logoScale?: number; /** * Size of margins around the logo image in pixels. * * @defaultValue 6 */ logoMargin?: number; /** * Corner radius of the logo image in pixels. * * @defaultValue 8 */ logoCornerRadius?: number; /** * @deprecated * * Ratio of the real size to the full size of the blocks. * * This can be helpful when you want to make more parts of the background visible. * * @deafultValue 0.4 */ dotScale?: number; } interface IssuerMetadataV1_0_15 { credential_configurations_supported: Record; credential_issuer: string; credential_endpoint: string; nonce_endpoint?: string; authorization_servers?: string[]; deferred_credential_endpoint?: string; notification_endpoint?: string; credential_response_encryption?: ResponseEncryption; batch_credential_issuance?: BatchCredentialIssuance; token_endpoint?: string; display?: MetadataDisplay[]; authorization_challenge_endpoint?: string; signed_metadata?: string; [x: string]: unknown; } interface BatchCredentialIssuance { batch_size: number; } type CredentialDefinitionJwtVcJsonV1_0_15 = { type: string[]; credentialSubject?: IssuerCredentialSubject; }; type CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 = { '@context': string[]; type: string[]; credentialSubject?: IssuerCredentialSubject; }; type CredentialConfigurationSupportedV1_0_15 = CredentialConfigurationSupportedCommonV1_0_15 & (CredentialConfigurationSupportedSdJwtVcV1_0_15 | CredentialConfigurationSupportedJwtVcJsonV1_0_15 | CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15 | CredentialConfigurationSupportedMsoMdocV1_0_15); type CredentialConfigurationSupportedCommonV1_0_15 = { format: OID4VCICredentialFormat | string; scope?: string; cryptographic_binding_methods_supported?: string[]; credential_signing_alg_values_supported?: string[]; proof_types_supported?: ProofTypesSupported; display?: CredentialsSupportedDisplay[]; [x: string]: unknown; }; interface CredentialConfigurationSupportedSdJwtVcV1_0_15 extends CredentialConfigurationSupportedCommonV1_0_15 { format: 'dc+sd-jwt' | 'vc+sd-jwt'; vct: string; claims?: ClaimsDescriptionV1_0_15[]; order?: string[]; } interface CredentialConfigurationSupportedMsoMdocV1_0_15 extends CredentialConfigurationSupportedCommonV1_0_15 { format: 'mso_mdoc'; doctype: string; claims?: ClaimsDescriptionV1_0_15[]; order?: string[]; } interface CredentialConfigurationSupportedJwtVcJsonV1_0_15 extends CredentialConfigurationSupportedCommonV1_0_15 { format: 'jwt_vc_json' | 'jwt_vc'; credential_definition: CredentialDefinitionJwtVcJsonV1_0_15; claims?: ClaimsDescriptionV1_0_15[]; order?: string[]; } interface CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15 extends CredentialConfigurationSupportedCommonV1_0_15 { format: 'ldp_vc' | 'jwt_vc_json-ld'; credential_definition: CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15; claims?: ClaimsDescriptionV1_0_15[]; order?: string[]; } interface ClaimsDescriptionV1_0_15 { path: (string | number | null)[]; mandatory?: boolean; display?: CredentialsSupportedDisplay[]; } type CredentialRequestV1_0_15ResponseEncryption = { jwk: JWK; alg: AlgValue; enc: EncValue; }; interface CredentialRequestV1_0_15Common extends ExperimentalSubjectIssuance { credential_response_encryption?: CredentialRequestV1_0_15ResponseEncryption; proof?: ProofOfPossession; proofs?: ProofOfPossessionMap; issuer_state?: string; } interface ProofOfPossessionMap { [proofType: string]: ProofOfPossession[]; } type CredentialRequestV1_0_15 = CredentialRequestV1_0_15Common & (CredentialRequestV1_0_15CredentialIdentifier | CredentialRequestV1_0_15CredentialConfigurationId); interface CredentialRequestV1_0_15CredentialIdentifier extends CredentialRequestV1_0_15Common { credential_identifier: string; credential_configuration_id?: undefined; } interface CredentialRequestV1_0_15CredentialConfigurationId extends CredentialRequestV1_0_15Common { credential_configuration_id: string; credential_identifier?: undefined; } interface CredentialOfferV1_0_15 { credential_offer?: CredentialOfferPayloadV1_0_15; credential_offer_uri?: string; } interface CredentialOfferRESTRequestV1_0_15 extends Partial { redirectUri?: string; baseUri?: string; scheme?: string; correlationId?: string; sessionLifeTimeInSec?: number; pinLength?: number; qrCodeOpts?: QRCodeOpts; client_id?: string; credentialDataSupplierInput?: CredentialDataSupplierInput; statusListOpts?: Array; offerMode?: CredentialOfferMode; } interface CredentialOfferPayloadV1_0_15 { /** * REQUIRED. The URL of the Credential Issuer, as defined in Section 11.2.1, from which the Wallet is requested to * obtain one or more Credentials. The Wallet uses it to obtain the Credential Issuer's Metadata following the steps * defined in Section 11.2.2. */ credential_issuer: string; /** * REQUIRED. Array of unique strings that each identify one of the keys in the name/value pairs stored in * the credential_configurations_supported Credential Issuer metadata. The Wallet uses these string values * to obtain the respective object that contains information about the Credential being offered as defined * in Section 11.2.3. For example, these string values can be used to obtain scope values to be used in * the Authorization Request. */ credential_configuration_ids: string[]; /** * OPTIONAL. Object indicating to the Wallet the Grant Types the Credential Issuer's Authorization Server is prepared * to process for this Credential Offer. Every grant is represented by a name/value pair. The name is the Grant Type identifier; * the value is an object that contains parameters either determining the way the Wallet MUST use the particular grant and/or * parameters the Wallet MUST send with the respective request(s). If grants is not present or is empty, the Wallet MUST determine * the Grant Types the Credential Issuer's Authorization Server supports using the respective metadata. When multiple grants are present, * it is at the Wallet's discretion which one to use. */ grants?: Grant; /** * OPTIONAL. Some implementations might include a client_id in the offer. For instance EBSI in a same-device flow. (Cross-device tucks it in the state JWT) */ client_id?: string; } interface CredentialResponseV1_0_15 extends ExperimentalSubjectIssuance { credentials?: CredentialResponseCredentialV1_0_15[]; transaction_id?: string; notification_id?: string; } interface CredentialResponseCredentialV1_0_15 { credential: string | object; } interface DeferredCredentialResponseV1_0_15 { credentials: CredentialResponseCredentialV1_0_15[]; notification_id?: string; } interface TokenResponseV1_0_15 { access_token: string; token_type: string; expires_in?: number; refresh_token?: string; scope?: string; authorization_details?: AuthorizationDetailsV1_0_15[]; } interface AuthorizationDetailsV1_0_15 { type: 'openid_credential'; credential_configuration_id?: string; credential_identifiers?: string[]; locations?: string[]; [x: string]: unknown; } interface NonceRequestV1_0_15 { } interface NonceResponseV1_0_15 { c_nonce: string; } interface CredentialErrorResponseV1_0_15 { error: string; error_description?: string; error_uri?: string; } interface ProofTypesV1_0_15 { jwt?: ProofTypeV1_0_15; ldp_vp?: ProofTypeV1_0_15; attestation?: ProofTypeV1_0_15; } interface ProofTypeV1_0_15 { proof_signing_alg_values_supported: string[]; key_attestations_required?: KeyAttestationsRequiredV1_0_15; } interface KeyAttestationsRequiredV1_0_15 { key_storage?: string[]; user_authentication?: string[]; } interface KeyAttestationJWT { alg: string; typ: 'keyattestation+jwt'; kid?: string; x5c?: string[]; trust_chain?: string[]; iss?: string; iat: number; exp?: number; attested_keys: JWK[]; key_storage?: string[]; user_authentication?: string[]; certification?: string; nonce?: string; status?: object; } interface WalletAttestationJWT { typ: 'oauth-client-attestation+jwt'; alg: string; kid?: string; iss: string; sub: string; wallet_name?: string; wallet_link?: string; nbf?: number; exp?: number; cnf: { jwk: JWK; }; status?: object; } interface CredentialIssuerMetadataOptsV1_0_15 { credential_endpoint: string; nonce_endpoint?: string; deferred_credential_endpoint?: string; notification_endpoint?: string; credential_response_encryption?: ResponseEncryption; batch_credential_issuance?: BatchCredentialIssuance; credential_identifiers_supported?: boolean; credential_configurations_supported: Record; credential_issuer: string; authorization_servers?: string[]; signed_metadata?: string; display?: MetadataDisplay[]; authorization_challenge_endpoint?: string; token_endpoint?: string; credential_supplier_config?: CredentialSupplierConfig; } declare const credentialIssuerMetadataFieldNamesV1_0_15: Array; interface EndpointMetadataResultV1_0_15 extends EndpointMetadata { authorizationServerType: AuthorizationServerType; authorizationServerMetadata?: AuthorizationServerMetadata; credentialIssuerMetadata?: Partial & IssuerMetadataV1_0_15; } interface CredentialIssuerMetadataV1_0_15 extends CredentialIssuerMetadataOptsV1_0_15, Partial { authorization_servers?: string[]; credential_endpoint: string; credential_configurations_supported: Record; credential_issuer: string; credential_response_encryption_alg_values_supported?: string; credential_response_encryption_enc_values_supported?: string; require_credential_response_encryption?: boolean; credential_identifiers_supported?: boolean; nonce_endpoint?: string; } interface NotificationResponseV1_0_15 { } interface NotificationErrorResponseV1_0_15 { error: 'invalid_notification_id' | 'invalid_notification_request'; error_description?: string; } interface AuthorizationServerMetadataV1_0_15 extends AuthorizationServerMetadata { 'pre-authorized_grant_anonymous_access_supported'?: boolean; } interface StateType { createdAt: number; expiresAt?: number; } interface CredentialOfferSession extends StateType { clientId?: string; credentialOffer: AssertedUniformCredentialOffer; credentialDataSupplierInput?: CredentialDataSupplierInput; txCode?: string; status: IssueStatus; error?: string; lastUpdatedAt: number; notification_id: string; notification?: NotificationRequest; issuerState?: string; preAuthorizedCode?: string; authorizationCode?: string; redirectUri?: string; statusLists?: Array; authorizationDetails?: AuthorizationDetailsV1_0_15[]; } declare enum IssueStatus { OFFER_CREATED = "OFFER_CREATED",// An offer is created. This is the initial state ACCESS_TOKEN_REQUESTED = "ACCESS_TOKEN_REQUESTED",// Optional state, given the token endpoint could also be on a separate AS ACCESS_TOKEN_CREATED = "ACCESS_TOKEN_CREATED",// Optional state, given the token endpoint could also be on a separate AS CREDENTIAL_REQUEST_RECEIVED = "CREDENTIAL_REQUEST_RECEIVED",// Credential request received. Next state would either be error or issued CREDENTIAL_ISSUED = "CREDENTIAL_ISSUED",// The credential iss issued from the issuer's perspective NOTIFICATION_CREDENTIAL_ACCEPTED = "NOTIFICATION_CREDENTIAL_ACCEPTED",// The holder/user stored the credential in the wallet (If notifications are enabled) NOTIFICATION_CREDENTIAL_DELETED = "NOTIFICATION_CREDENTIAL_DELETED",// The holder/user did not store the credential in the wallet (If notifications are enabled) NOTIFICATION_CREDENTIAL_FAILURE = "NOTIFICATION_CREDENTIAL_FAILURE",// The holder/user encountered an error (If notifications are enabled) ERROR = "ERROR" } interface CNonceState extends StateType { cNonce: string; } interface URIState extends StateType { issuerState?: string; preAuthorizedCode?: string; uri: string; correlationId?: string; } interface IssueStatusResponse { createdAt: number; lastUpdatedAt: number; expiresAt?: number; status: IssueStatus; error?: string; clientId?: string; statusLists?: Array; } interface IStateManager { set(id: string, stateValue: T): Promise; get(id: string): Promise; has(id: string): Promise; delete(id: string): Promise; clearExpired(timestamp?: number): Promise; clearAll(): Promise; getAsserted(id: string): Promise; startCleanupRoutine(timeout?: number): Promise; stopCleanupRoutine(): Promise; } type InputCharSet = 'numeric' | 'text'; type KeyProofType = 'jwt' | 'cwt' | 'ldp_vp'; type PoPMode = 'pop' | 'JWT'; type CredentialOfferMode = 'VALUE' | 'REFERENCE'; /** * Important Note: please be aware that these Common interfaces are based on versions v1_0.11 and v1_0.09 */ interface ImageInfo { uri?: string; alt_text?: string; [key: string]: unknown; } type OID4VCICredentialFormat = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc' | 'dc+sd-jwt' | 'vc+sd-jwt' | 'jwt_vc' | 'mso_mdoc'; declare const supportedOID4VCICredentialFormat: readonly (OID4VCICredentialFormat | string)[]; interface NameAndLocale { name?: string; locale?: string; [key: string]: unknown; } interface LogoAndColor { logo?: ImageInfo; description?: string; background_color?: string; text_color?: string; } type CredentialsSupportedDisplay = NameAndLocale & LogoAndColor & { name: string; background_image?: ImageInfo; }; type MetadataDisplay = NameAndLocale & LogoAndColor & { name?: string; }; interface CredentialSupplierConfig { [key: string]: any; } interface CredentialIssuerMetadataOpts { credential_endpoint?: string; batch_credential_endpoint?: string; credentials_supported: CredentialsSupportedLegacy[]; credential_issuer: string; authorization_server?: string; token_endpoint?: string; notification_endpoint?: string; authorization_challenge_endpoint?: string; display?: MetadataDisplay[]; credential_supplier_config?: CredentialSupplierConfig; } type AlgValue = 'RS256' | 'ES256' | 'PS256' | 'HS256' | string; type EncValue = 'A128GCM' | 'A256GCM' | 'A128CBC-HS256' | 'A256CBC-HS512' | string; interface ResponseEncryption { /** * REQUIRED. Array containing a list of the JWE [RFC7516] encryption algorithms * (alg values) [RFC7518] supported by the Credential and Batch Credential Endpoint to encode the * Credential or Batch Credential Response in a JWT */ alg_values_supported: AlgValue[]; /** * REQUIRED. Array containing a list of the JWE [RFC7516] encryption algorithms * (enc values) [RFC7518] supported by the Credential and Batch Credential Endpoint to encode the * Credential or Batch Credential Response in a JWT */ enc_values_supported: EncValue[]; /** * REQUIRED. Boolean value specifying whether the Credential Issuer requires the * additional encryption on top of TLS for the Credential Response. If the value is true, the Credential * Issuer requires encryption for every Credential Response and therefore the Wallet MUST provide * encryption keys in the Credential Request. If the value is false, the Wallet MAY chose whether it * provides encryption keys or not. */ encryption_required: boolean; } interface CredentialIssuerMetadata extends CredentialIssuerMetadataOpts, Partial { authorization_servers?: string[]; credential_endpoint: string; credential_configurations_supported: Record; credential_issuer: string; credential_response_encryption_alg_values_supported?: string; credential_response_encryption_enc_values_supported?: string; require_credential_response_encryption?: boolean; credential_identifiers_supported?: boolean; } interface CredentialSupportedBrief { cryptographic_binding_methods_supported?: string[]; cryptographic_suites_supported?: string[]; } interface ProofType { proof_signing_alg_values_supported: string[]; } type ProofTypesSupported = { [key in KeyProofType]?: ProofType; }; type CommonCredentialSupported = CredentialSupportedBrief & ExperimentalSubjectIssuance & { format: OID4VCICredentialFormat | string; id?: string; display?: CredentialsSupportedDisplay[]; scope?: string; proof_types_supported?: ProofTypesSupported; }; interface CredentialSupportedJwtVcJsonLdAndLdpVc extends CommonCredentialSupported { types: string[]; '@context': ICredentialContextType[]; credentialSubject?: IssuerCredentialSubject; order?: string[]; format: 'ldp_vc' | 'jwt_vc_json-ld'; } interface CredentialSupportedJwtVcJson extends CommonCredentialSupported { types: string[]; credentialSubject?: IssuerCredentialSubject; order?: string[]; format: 'jwt_vc_json' | 'jwt_vc'; } interface CredentialSupportedSdJwtVc extends CommonCredentialSupported { format: 'dc+sd-jwt' | 'vc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; order?: string[]; } interface CredentialSupportedSdJwtVcV13 extends CommonCredentialSupported { format: 'vc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; order?: string[]; } interface CredentialSupportedMsoMdoc extends CommonCredentialSupported { format: 'mso_mdoc'; doctype: string; claims?: IssuerCredentialSubject; order?: string[]; } type CredentialConfigurationSupported = CredentialConfigurationSupportedV1_0_15 | (CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedMsoMdoc)); type CredentialsSupportedLegacy = CommonCredentialSupported & (CredentialSupportedJwtVcJson | CredentialSupportedJwtVcJsonLdAndLdpVc | CredentialSupportedSdJwtVc | CredentialSupportedSdJwtVcV13 | CredentialSupportedMsoMdoc); interface CommonCredentialOfferFormat { format: OID4VCICredentialFormat | string; } interface CredentialOfferFormatJwtVcJsonLdAndLdpVc extends CommonCredentialOfferFormat { format: 'ldp_vc' | 'jwt_vc_json-ld'; credential_definition: JsonLdIssuerCredentialDefinition; } interface CredentialOfferFormatJwtVcJson extends CommonCredentialOfferFormat { format: 'jwt_vc_json' | 'jwt_vc'; types: string[]; } interface CredentialOfferFormatSdJwtVc extends CommonCredentialOfferFormat { format: 'dc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; } interface CredentialOfferFormatSdJwtVcv13 extends CommonCredentialOfferFormat { format: 'vc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; } interface CredentialOfferFormatMsoMdoc extends CommonCredentialOfferFormat { format: 'mso_mdoc'; doctype: string; claims?: IssuerCredentialSubject; } type CredentialOfferFormatV1_0_11 = CommonCredentialOfferFormat & (CredentialOfferFormatJwtVcJsonLdAndLdpVc | CredentialOfferFormatJwtVcJson | CredentialOfferFormatSdJwtVcv13 | CredentialOfferFormatMsoMdoc); /** * Optional storage that can help the credential Data Supplier. For instance to store credential input data during offer creation, if no additional data can be supplied later on */ type CredentialDataSupplierInput = any; type CreateCredentialOfferURIResult = { uri: string; correlationId: string; qrCodeDataUri?: string; session: CredentialOfferSession; userPin?: string; txCode?: TxCode; }; interface JsonLdIssuerCredentialDefinition { '@context': ICredentialContextType[]; types: string[]; credentialSubject?: IssuerCredentialSubject; } interface ErrorResponse { error: string; error_description?: string; error_uri?: string; state?: string; } type CredentialRequest = CredentialRequestV1_0_15; interface CommonCredentialRequest extends ExperimentalSubjectIssuance { format: OID4VCICredentialFormat; proof?: ProofOfPossession; } interface CredentialRequestJwtVcJson extends CommonCredentialRequest { format: 'jwt_vc_json' | 'jwt_vc'; types: string[]; credentialSubject?: IssuerCredentialSubject; } interface CredentialRequestJwtVcJsonLdAndLdpVc extends CommonCredentialRequest { format: 'ldp_vc' | 'jwt_vc_json-ld'; credential_definition: JsonLdIssuerCredentialDefinition; } interface CredentialRequestSdJwtVc extends CommonCredentialRequest { format: 'dc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; } interface CredentialRequestMsoMdoc extends CommonCredentialRequest { format: 'mso_mdoc'; doctype: string; claims?: IssuerCredentialSubject; } interface CommonCredentialResponse extends ExperimentalSubjectIssuance { credential?: W3CVerifiableCredential; acceptance_token?: string; c_nonce?: string; c_nonce_expires_in?: string; } interface CredentialResponseLdpVc extends CommonCredentialResponse { credential: IVerifiableCredential; } interface CredentialResponseJwtVc { credential: string; } interface CredentialResponseSdJwtVc { credential: string; } type IssuerCredentialSubjectDisplay = CredentialSubjectDisplay & { [key: string]: CredentialSubjectDisplay; }; interface CredentialSubjectDisplay { mandatory?: boolean; value_type?: string; display?: NameAndLocale[]; } interface IssuerCredentialSubject { [key: string]: IssuerCredentialSubjectDisplay; } interface Grant { authorization_code?: GrantAuthorizationCode; [PRE_AUTH_GRANT_LITERAL]?: GrantUrnIetf; } interface GrantAuthorizationCode { /** * OPTIONAL. String value created by the Credential Issuer and opaque to the Wallet that is used to bind the subsequent * Authorization Request with the Credential Issuer to a context set up during previous steps. */ issuer_state?: string; /** * OPTIONAL string that the Wallet can use to identify the Authorization Server to use with this grant type when authorization_servers parameter in the Credential Issuer metadata has multiple entries. MUST NOT be used otherwise. The value of this parameter MUST match with one of the values in the authorization_servers array obtained from the Credential Issuer metadata */ authorization_server?: string; } interface TxCode { /** * OPTIONAL. String specifying the input character set. Possible values are numeric (only digits) and text (any characters). The default is numeric. */ input_mode?: InputCharSet; /** * OPTIONAL. Integer specifying the length of the Transaction Code. This helps the Wallet to render the input screen and improve the user experience. */ length?: number; /** * OPTIONAL. String containing guidance for the Holder of the Wallet on how to obtain the Transaction Code, e.g., * describing over which communication channel it is delivered. The Wallet is RECOMMENDED to display this description * next to the Transaction Code input screen to improve the user experience. The length of the string MUST NOT exceed * 300 characters. The description does not support internationalization, however the Issuer MAY detect the Holder's * language by previous communication or an HTTP Accept-Language header within an HTTP GET request for a Credential Offer URI. */ description?: string; } interface GrantUrnIetf { /** * REQUIRED. The code representing the Credential Issuer's authorization for the Wallet to obtain Credentials of a certain type. */ 'pre-authorized_code': string; /** * OPTIONAL. Object specifying whether the Authorization Server expects presentation of a Transaction Code by the * End-User along with the Token Request in a Pre-Authorized Code Flow. If the Authorization Server does not expect a * Transaction Code, this object is absent; this is the default. The Transaction Code is intended to bind the Pre-Authorized * Code to a certain transaction to prevent replay of this code by an attacker that, for example, scanned the QR code while * standing behind the legitimate End-User. It is RECOMMENDED to send the Transaction Code via a separate channel. If the Wallet * decides to use the Pre-Authorized Code Flow, the Transaction Code value MUST be sent in the tx_code parameter with * the respective Token Request as defined in Section 6.1. If no length or description is given, this object may be empty, * indicating that a Transaction Code is required. */ tx_code?: TxCode; /** * OPTIONAL. The minimum amount of time in seconds that the Wallet SHOULD wait between polling requests to the token endpoint (in case the Authorization Server responds with error code authorization_pending - see Section 6.3). If no value is provided, Wallets MUST use 5 as the default. */ interval?: number; /** * OPTIONAL string that the Wallet can use to identify the Authorization Server to use with this grant type when authorization_servers parameter in the Credential Issuer metadata has multiple entries. MUST NOT be used otherwise. The value of this parameter MUST match with one of the values in the authorization_servers array obtained from the Credential Issuer metadata */ authorization_server?: string; /** * OPTIONAL. Boolean value specifying whether the AS * expects presentation of the End-User PIN along with the Token Request * in a Pre-Authorized Code Flow. Default is false. This PIN is intended * to bind the Pre-Authorized Code to a certain transaction to prevent * replay of this code by an attacker that, for example, scanned the QR * code while standing behind the legitimate End-User. It is RECOMMENDED * to send a PIN via a separate channel. If the Wallet decides to use * the Pre-Authorized Code Flow, a PIN value MUST be sent in * the user_pin parameter with the respective Token Request. */ user_pin_required?: boolean; } declare const PRE_AUTH_CODE_LITERAL = "pre-authorized_code"; declare const PRE_AUTH_GRANT_LITERAL = "urn:ietf:params:oauth:grant-type:pre-authorized_code"; type EndpointMetadataResult = EndpointMetadataResultV1_0_15; type IssuerMetadata = IssuerMetadataV1_0_15; type NotificationEventType = 'credential_accepted' | 'credential_failure' | 'credential_deleted'; interface NotificationRequest { notification_id: string; event: NotificationEventType | string; event_description?: string; credential?: any; } type NotificationError = 'invalid_notification_id' | 'invalid_notification_request'; type NotificationResponseResult = { error: boolean; response?: NotificationErrorResponse; }; interface NotificationErrorResponse { error: NotificationError | string; } interface StatusListOpts { statusListId?: string; statusListCorrelationId?: string; statusListIndex?: number; statusEntryCorrelationId?: string; } declare enum OpenId4VCIVersion { VER_1_0_15 = 1015, VER_UNKNOWN } declare enum DefaultURISchemes { INITIATE_ISSUANCE = "openid-initiate-issuance", CREDENTIAL_OFFER = "openid-credential-offer" } interface CredentialResponse extends ExperimentalSubjectIssuance { credentials?: Array; format?: OID4VCICredentialFormat; transaction_id?: string; acceptance_token?: string; c_nonce?: string; c_nonce_expires_in?: number; notification_id?: string; } interface CredentialOfferRequestWithBaseUrl extends UniformCredentialOfferRequest { scheme: string; clientId?: string; baseUrl: string; txCode?: TxCode; issuerState?: string; preAuthorizedCode?: string; userPinRequired: boolean; } type CredentialOffer = CredentialOfferV1_0_15; type CredentialOfferPayloadLatest = CredentialOfferPayloadV1_0_15; type CredentialOfferPayload = CredentialOfferPayloadV1_0_15 & { [x: string]: any; }; interface AssertedUniformCredentialOffer extends UniformCredentialOffer { credential_offer: UniformCredentialOfferPayload; } interface UniformCredentialOffer { credential_offer?: UniformCredentialOfferPayload; credential_offer_uri?: string; } interface UniformCredentialOfferRequest extends AssertedUniformCredentialOffer { original_credential_offer: CredentialOfferPayload; version: OpenId4VCIVersion; supportedFlows: AuthzFlowType[]; } type UniformCredentialOfferPayload = CredentialOfferPayloadV1_0_15; interface ProofOfPossession { proof_type: 'jwt'; jwt: string; [x: string]: unknown; } type SearchValue = { [Symbol.replace](string: string, replacer: (substring: string, ...args: any[]) => string): string; }; declare enum JsonURIMode { JSON_STRINGIFY = 0, X_FORM_WWW_URLENCODED = 1 } type EncodeJsonAsURIOpts = { uriTypeProperties?: string[]; arrayTypeProperties?: string[]; baseUrl?: string; param?: string; mode?: JsonURIMode; version?: OpenId4VCIVersion; }; type DecodeURIAsJsonOpts = { requiredProperties?: string[]; arrayTypeProperties?: string[]; }; interface Jwt { header: JWTHeader; payload: JWTPayload; } interface ProofOfPossessionCallbacks { signCallback: JWTSignerCallback; verifyCallback?: JWTVerifyCallback; } /** * Signature algorithms. * * TODO: Move towards string literal unions and string type, given we do not provide signature/key implementations in this library to begin with * @See: https://github.com/Sphereon-Opensource/OID4VC/issues/88 */ declare enum Alg { EdDSA = "EdDSA", ES256 = "ES256", ES256K = "ES256K", PS256 = "PS256", PS384 = "PS384", PS512 = "PS512", RS256 = "RS256", RS384 = "RS384", RS512 = "RS512" } type Typ = 'JWT' | 'openid4vci-proof+jwt'; interface JoseHeaderParameters { kid?: string; x5t?: string; x5c?: string[]; x5u?: string; jku?: string; jwk?: BaseJWK; typ?: string; cty?: string; } interface JWSHeaderParameters extends JoseHeaderParameters { alg?: Alg | string; b64?: boolean; crit?: string[]; [propName: string]: unknown; } interface CompactJWSHeaderParameters extends JWSHeaderParameters { alg: string; } interface JWTHeaderParameters extends CompactJWSHeaderParameters { b64?: true; } type JWTHeader = JWTHeaderParameters; interface JWTPayload { iss?: string; aud?: string | string[]; iat?: number; nonce?: string; jti?: string; exp?: number; client_id?: string; [s: string]: unknown; } type JWTSignerCallback = (jwt: Jwt, kid?: string, noIssPayloadUpdate?: boolean) => Promise; type JWTVerifyCallback = (args: { jwt: string; kid?: string; }) => Promise; interface JwtVerifyResult { jwt: Jwt; kid?: string; alg?: string; did?: string; didDocument?: Record; x5c?: string[]; jwk?: BaseJWK; } interface CommonAuthorizationRequest { /** * REQUIRED. Value MUST be set to "code". for Authorization Code Grant */ response_type: ResponseType.AUTH_CODE; /** * The authorization server issues the registered client a client * identifier -- a unique string representing the registration * information provided by the client. */ client_id: string; /** * If the "code_challenge_method" from Section 4.3 was "S256", the * received "code_verifier" is hashed by SHA-256, base64url-encoded, and * then compared to the "code_challenge", i.e.: * BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge * * If the "code_challenge_method" from Section 4.3 was "plain", they are * compared directly, i.e.: * code_verifier == code_challenge. */ code_challenge: string; /** * value must be set either to "S256" or a value defined by a cryptographically secure */ code_challenge_method: CodeChallengeMethod; /** * The redirection endpoint URI MUST be an absolute URI as defined by: absolute-URI = scheme ":" hier-part [ "?" query ] */ redirect_uri: string; /** * The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. */ scope?: string; /** * There are two possible ways to request issuance of a specific Credential type in an Authorization Request. * One way is to use of the authorization_details request parameter as defined in [I-D.ietf-oauth-rar] * with one or more authorization details objects of type openid_credential Section 5.1.1. * (The other is through the use of scopes as defined in Section 5.1.2.) */ authorization_details?: AuthorizationDetailsV1_0_15[] | AuthorizationDetailsV1_0_15; /** * OPTIONAL. JSON string containing the Wallet's OpenID Connect issuer URL. The Credential Issuer will use the discovery process as defined in * [SIOPv2] to determine the Wallet's capabilities and endpoints. RECOMMENDED in Dynamic Credential Request. */ wallet_issuer?: string; /** * OPTIONAL. JSON string containing an opaque user hint the Wallet MAY use in subsequent callbacks to optimize the user's experience. * RECOMMENDED in Dynamic Credential Request. */ user_hint?: string; /** * OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in * an issuance initation request from the Credential Issuer to the Wallet (see (Section 4.1). This request parameter is used to pass the * issuer_state value back to the Credential Issuer. */ issuer_state?: string; } interface CommonAuthorizationChallengeRequest { /** * REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included.. */ client_id?: string; /** * OPTIONAL. String value identifying a certain processing context at the Credential Issuer. A value for this parameter is typically passed in * an issuance initation request from the Credential Issuer to the Wallet. This request parameter is used to pass the * issuer_state value back to the Credential Issuer. */ issuer_state?: string; /** * The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. */ scope?: string; /** * OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent * requests by this client with an ongoing authorization request sequence. The client MUST include the * auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with * the error response. */ auth_session?: string; /** * OPTIONAL. If the "code_challenge_method" from Section 4.3 was "S256", the * received "code_verifier" is hashed by SHA-256, base64url-encoded, and * then compared to the "code_challenge", i.e.: * BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge * * If the "code_challenge_method" from Section 4.3 was "plain", they are * compared directly, i.e.: * code_verifier == code_challenge. */ code_challenge?: string; /** * OPTIONAL. value must be set either to "S256" or a value defined by a cryptographically secure */ code_challenge_method?: CodeChallengeMethod; /** * OPTIONAL. String containing information about the session when credential presentation is happening during issuance of another * credential. The content of this parameter is opaque to the wallet. When this parameter is present the Wallet MUST use this parameter in * the subsequent Authorization Challenge Request. This allows the Issuer to determine which it can be used by to prevent session * fixation attacks. The Response URI MAY return this parameter in response to successful Authorization Responses or for Error * Responses. */ presentation_during_issuance_session?: string; } interface AuthorizationChallengeRequestOpts { clientId?: string; issuerState?: string; authSession?: string; scope?: string; codeChallenge?: string; codeChallengeMethod?: CodeChallengeMethod; presentationDuringIssuanceSession?: string; metadata?: EndpointMetadata; credentialIssuer?: string; } interface AuthorizationChallengeErrorResponse { /** * A single ASCII error code of type AuthorizationChallengeError. */ error: AuthorizationChallengeError; /** * OPTIONAL. OPTIONAL. Human-readable ASCII text providing additional information, used * to assist the client developer in understanding the error that occurred. Values for the error_description * parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E. */ error_description?: string; /** * OPTIONAL. A URI identifying a human-readable web page with information about the error, used * to provide the client developer with additional information about the error. Values for the error_uri * parameter MUST conform to the URI-reference syntax and thus MUST NOT include characters outside the * set %x21 / %x23-5B / %x5D-7E. */ error_uri?: string; /** * OPTIONAL. A random string or a JWE. The auth session allows the authorization server to associate subsequent * requests by this client with an ongoing authorization request sequence. The client MUST include the * auth_session in follow-up requests to the authorization challenge endpoint if it receives one along with * the error response. */ auth_session?: string; /** * OPTIONAL. The request URI corresponding to the authorization request posted. This URI is a single-use reference * to the respective request data in the subsequent authorization request. */ request_uri?: string; /** * OPTIONAL. A JSON number that represents the lifetime of the request URI in seconds as a positive integer. */ expires_in?: number; /** * String containing the OID4VP request URI. The Wallet will use this URI to start the OID4VP flow. */ presentation?: string; } interface AuthorizationChallengeCodeResponse { /** * The authorization code issued by the authorization server. */ authorization_code: string; state?: string; } declare enum AuthorizationChallengeError { invalid_request = "invalid_request", invalid_client = "invalid_client", unauthorized_client = "unauthorized_client", invalid_session = "invalid_session", invalid_scope = "invalid_scope", insufficient_authorization = "insufficient_authorization", redirect_to_web = "redirect_to_web" } /** * string type added for conformity with our previous code in the client */ type credential_identifiers = (CommonAuthorizationDetails & (AuthorizationDetailsJwtVcJson | AuthorizationDetailsJwtVcJsonLdAndLdpVc | AuthorizationDetailsSdJwtVc | AuthorizationDetailsMsoMdoc)) | string; type AuthorizationRequest = AuthorizationRequestJwtVcJson | AuthorizationRequestJwtVcJsonLdAndLdpVc | AuthorizationRequestSdJwtVc | AuthorizationRequestMsoMdoc; interface AuthorizationRequestJwtVcJson extends CommonAuthorizationRequest { authorization_details?: AuthorizationDetailsJwtVcJson[]; } interface AuthorizationRequestJwtVcJsonLdAndLdpVc extends CommonAuthorizationRequest { authorization_details?: AuthorizationDetailsJwtVcJsonLdAndLdpVc[]; } interface AuthorizationRequestSdJwtVc extends CommonAuthorizationRequest { authorization_details?: AuthorizationDetailsSdJwtVc[]; } interface AuthorizationRequestMsoMdoc extends CommonAuthorizationRequest { authorization_details?: AuthorizationDetailsMsoMdoc[]; } interface CommonAuthorizationDetails { /** * REQUIRED. JSON string that determines the authorization details type. * MUST be set to openid_credential for the purpose of this specification. */ type: 'openid_credential'; /** * REQUIRED when format parameter is not present. String specifying a unique identifier of the Credential being described in the credential_configurations_supported map in the Credential Issuer Metadata as defined in Section 11.2.3. The referenced object in the credential_configurations_supported map conveys the details, such as the format, for issuance of the requested Credential. This specification defines Credential Format specific Issuer Metadata in Appendix A. It MUST NOT be present if format parameter is present. */ credential_configuration_id?: string; /** * REQUIRED. JSON string representing the format in which the Credential is requested to be issued. * This Credential format identifier determines further claims in the authorization details object * specifically used to identify the Credential type to be issued. This specification defines * Credential Format Profiles in Appendix E. */ format?: OID4VCICredentialFormat; /** * If the Credential Issuer metadata contains an authorization_server parameter, * the authorization detail's locations common data field MUST be set to the Credential Issuer Identifier value. */ locations?: string[]; [key: string]: any; } interface AuthorizationDetailsJwtVcJson extends CommonAuthorizationDetails { format: 'jwt_vc_json' | 'jwt_vc'; /** * A JSON object containing a list of key value pairs, where the key identifies the claim offered in the Credential. * The value MAY be a dictionary, which allows to represent the full (potentially deeply nested) structure of the * verifiable credential to be issued. This object indicates the claims the Wallet would like to turn up in the * credential to be issued. */ credentialSubject?: IssuerCredentialSubject; types: string[]; } interface AuthorizationDetailsJwtVcJsonLdAndLdpVc extends CommonAuthorizationDetails { format: 'ldp_vc' | 'jwt_vc_json-ld'; /** * REQUIRED. JSON object containing (and isolating) the detailed description of the credential type. * This object MUST be processed using full JSON-LD processing. It consists of the following sub-claims: * - @context: REQUIRED. JSON array as defined in Appendix E.1.3.2 * - types: REQUIRED. JSON array as defined in Appendix E.1.3.2. * This claim contains the type values the Wallet shall request in the subsequent Credential Request */ credential_definition: JsonLdIssuerCredentialDefinition; } interface AuthorizationDetailsSdJwtVc extends CommonAuthorizationDetails { format: 'dc+sd-jwt' | 'vc+sd-jwt'; vct: string; claims?: IssuerCredentialSubject; } interface AuthorizationDetailsMsoMdoc extends CommonAuthorizationDetails { format: 'mso_mdoc'; doctype: string; claims?: IssuerCredentialSubject; } declare enum GrantTypes { AUTHORIZATION_CODE = "authorization_code", PRE_AUTHORIZED_CODE = "urn:ietf:params:oauth:grant-type:pre-authorized_code", PASSWORD = "password" } declare enum Encoding { FORM_URL_ENCODED = "application/x-www-form-urlencoded", UTF_8 = "UTF-8" } declare enum ResponseType { AUTH_CODE = "code" } declare enum CodeChallengeMethod { plain = "plain", S256 = "S256" } interface AuthorizationServerOpts { allowInsecureEndpoints?: boolean; as?: string; tokenEndpoint?: string; clientOpts?: AuthorizationServerClientOpts; } type AuthorizationServerClientOpts = { clientId: string; clientAssertionType?: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; kid?: string; alg?: Alg; signCallbacks?: ProofOfPossessionCallbacks; }; interface IssuerOpts { issuer: string; tokenEndpoint?: string; fetchMetadata?: boolean; } interface AccessTokenFromAuthorizationResponseOpts extends AccessTokenRequestOpts { authorizationResponse: AuthorizationResponse; } type TxCodeAndPinRequired = { isPinRequired?: boolean; txCode?: TxCode; }; interface AccessTokenRequestOpts { credentialOffer?: UniformCredentialOffer; credentialIssuer?: string; asOpts?: AuthorizationServerOpts; metadata?: EndpointMetadata; codeVerifier?: string; code?: string; redirectUri?: string; pin?: string; pinMetadata?: TxCodeAndPinRequired; createDPoPOpts?: CreateDPoPClientOpts; additionalParams?: Record; } /** * Determinse whether PAR should be used when supported * * REQUIRE: Require PAR, if AS does not support it throw an error * AUTO: Use PAR is the AS supports it, otherwise construct a reqular URI, * NEVER: Do not use PAR even if the AS supports it (not recommended) */ declare enum PARMode { REQUIRE = 0, AUTO = 1, NEVER = 2 } /** * Optional options to provide PKCE params like code verifier and challenge yourself, or to disable PKCE altogether. If not provide PKCE will still be used! If individual params are not provide, they will be generated/calculated */ interface PKCEOpts { /** * PKCE is enabled by default even if you do not provide these options. Set this to true to disable PKCE */ disabled?: boolean; /** * Provide a code_challenge, otherwise it will be calculated using the code_verifier and method */ codeChallenge?: string; /** * The code_challenge_method, should always by S256 */ codeChallengeMethod?: CodeChallengeMethod; /** * Provide a code_verifier, otherwise it will be generated */ codeVerifier?: string; } declare enum CreateRequestObjectMode { NONE = 0, REQUEST_OBJECT = 1, REQUEST_URI = 2 } type RequestObjectOpts = { requestObjectMode?: CreateRequestObjectMode; signCallbacks?: ProofOfPossessionCallbacks; clientMetadata?: Record; iss?: string; jwksUri?: string; kid?: string; }; interface AuthorizationRequestOpts { clientId?: string; pkce?: PKCEOpts; parMode?: PARMode; authorizationDetails?: AuthorizationDetailsV1_0_15 | AuthorizationDetailsV1_0_15[]; redirectUri?: string; scope?: string; requestObjectOpts?: RequestObjectOpts; holderPreferredAuthzFlowTypeOrder?: AuthzFlowType[]; } interface AuthorizationResponse { code: string; scope?: string; state?: string; } interface AuthorizationGrantResponse extends AuthorizationResponse { grant_type: string; } interface AccessTokenRequest { client_id?: string; code?: string; code_verifier?: string; grant_type: GrantTypes; 'pre-authorized_code': string; redirect_uri?: string; scope?: string; user_pin?: string; tx_code?: string; [s: string]: unknown; } interface OpenIDResponse { origResponse: Response; successBody?: T; errorBody?: ErrorResponse; params?: P; } interface DPoPResponseParams { dpop?: { dpopNonce: string; }; } interface AccessTokenResponse { access_token: string; scope?: string; token_type?: string; expires_in?: number; c_nonce?: string; c_nonce_expires_in?: number; authorization_pending?: boolean; interval?: number; authorization_details?: AuthorizationDetailsV1_0_15[]; } declare enum AuthzFlowType { AUTHORIZATION_CODE_FLOW = "Authorization Code Flow", PRE_AUTHORIZED_CODE_FLOW = "Pre-Authorized Code Flow" } declare namespace AuthzFlowType { function valueOf(request: CredentialOfferPayload): AuthzFlowType; } interface PushedAuthorizationResponse { request_uri: string; expires_in: number; } declare const BAD_PARAMS = "Wrong parameters provided"; declare const URL_NOT_VALID = "Request url is not valid"; declare const JWS_NOT_VALID = "JWS is not valid"; declare const PROOF_CANT_BE_CONSTRUCTED = "Proof can't be constructed."; declare const NO_JWT_PROVIDED = "No JWT provided"; declare const TYP_ERROR = "Typ must be \"openid4vci-proof+jwt\""; declare const ALG_ERROR: string; declare const KID_JWK_X5C_ERROR = "Only one must be present: x5c should not present when kid and/or jwk is already present"; declare const KID_DID_NO_DID_ERROR = "A DID value needs to be returned when kid is present"; declare const DID_NO_DIDDOC_ERROR = "A DID Document needs to be resolved when a DID is encountered"; declare const AUD_ERROR = "aud must be the URL of the credential issuer"; declare const IAT_ERROR = "iat must be the time at which the proof was issued"; declare const NONCE_ERROR = "nonce must be c_nonce provided by the credential issuer"; declare const JWT_VERIFY_CONFIG_ERROR = "JWT verify callback not configured correctly."; declare const ISSUER_CONFIG_ERROR = "Issuer not configured correctly."; declare const UNKNOWN_CLIENT_ERROR = "The client is not known by the issuer"; declare const NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT = "iss missing in authorization-code context"; declare const ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT = "iss should be omitted in pre-authorized-code context"; declare const ISS_MUST_BE_CLIENT_ID = "iss must be the client id"; declare const GRANTS_MUST_NOT_BE_UNDEFINED = "Grants must not be undefined"; declare const STATE_MISSING_ERROR = "issuer state or pre-authorized key not found"; declare const CREDENTIAL_MISSING_ERROR = "Credential must be present in response"; declare const UNSUPPORTED_GRANT_TYPE_ERROR = "unsupported grant_type"; declare const PRE_AUTHORIZED_CODE_REQUIRED_ERROR = "pre-authorized_code is required"; declare const USER_PIN_REQUIRED_ERROR = "User pin is required"; declare const USER_PIN_TX_CODE_SPEC_ERROR = "user_pin is mixed with tx_code, indicating a spec mismatch"; declare const USER_PIN_NOT_REQUIRED_ERROR = "User pin is not required"; declare const PIN_VALIDATION_ERROR = "PIN must consist the following amount of characters:"; declare const PIN_NOT_MATCH_ERROR = "PIN is invalid"; declare const INVALID_PRE_AUTHORIZED_CODE = "pre-authorized_code is invalid"; declare const EXPIRED_PRE_AUTHORIZED_CODE = "pre-authorized_code is expired"; declare const JWT_SIGNER_CALLBACK_REQUIRED_ERROR = "JWT signer callback function is required"; declare const STATE_MANAGER_REQUIRED_ERROR = "StateManager instance is required"; declare const NONCE_STATE_MANAGER_REQUIRED_ERROR = "NonceStateManager instance is required"; declare const ACCESS_TOKEN_ISSUER_REQUIRED_ERROR = "access token issuer is required"; declare const WRONG_METADATA_FORMAT = "Wrong metadata format"; declare enum TokenErrorResponse { invalid_request = "invalid_request", invalid_grant = "invalid_grant", invalid_client = "invalid_client",// this code has been added only in v1_0-11, but I've added this to the common interface. @nklomp is this ok? invalid_scope = "invalid_scope", invalid_dpop_proof = "invalid_dpop_proof" } declare class TokenError extends Error { private readonly _statusCode; private readonly _responseError; constructor(statusCode: number, responseError: TokenErrorResponse, message: string); get statusCode(): number; get responseError(): TokenErrorResponse; getDescription(): string; } declare function isDeferredCredentialResponse(credentialResponse: OpenIDResponse): boolean; declare function isDeferredCredentialIssuancePending(credentialResponse: OpenIDResponse): string | boolean; declare function acquireDeferredCredential({ bearerToken, transactionId, deferredCredentialEndpoint, deferredCredentialIntervalInMS, deferredCredentialAwait, }: { bearerToken: string; transactionId?: string; deferredCredentialIntervalInMS?: number; deferredCredentialAwait?: boolean; deferredCredentialEndpoint: string; }): Promise & { access_token: string; }>; declare function determineSpecVersionFromURI(uri: string): OpenId4VCIVersion; declare function determineSpecVersionFromScheme(credentialOfferURI: string, openId4VCIVersion: OpenId4VCIVersion): OpenId4VCIVersion; declare function getScheme(credentialOfferURI: string): string; declare function getIssuerFromCredentialOfferPayload(request: CredentialOfferPayload): string | undefined; declare const getClientIdFromCredentialOfferPayload: (credentialOffer?: CredentialOfferPayload) => string | undefined; declare const getStateFromCredentialOfferPayload: (credentialOffer: CredentialOfferPayload) => string | undefined; declare function determineSpecVersionFromOffer(offer: CredentialOfferPayload | CredentialOffer): OpenId4VCIVersion; declare function isCredentialOfferVersion(offer: CredentialOfferPayload | CredentialOffer, min: OpenId4VCIVersion, max?: OpenId4VCIVersion): boolean; declare function toUniformCredentialOfferRequest(offer: CredentialOffer, opts?: { resolve?: boolean; version?: OpenId4VCIVersion; }): Promise; declare function isPreAuthCode(request: UniformCredentialOfferPayload | UniformCredentialOffer): boolean; declare function assertedUniformCredentialOffer(origCredentialOffer: UniformCredentialOffer, opts?: { resolve?: boolean; }): Promise; declare function resolveCredentialOfferURI(uri?: string): Promise; declare function toUniformCredentialOfferPayload(rawOffer: CredentialOfferPayload, opts?: { version?: OpenId4VCIVersion; }): UniformCredentialOfferPayload; declare function determineFlowType(suppliedOffer: AssertedUniformCredentialOffer | UniformCredentialOfferPayload, version: OpenId4VCIVersion): AuthzFlowType[]; declare function getCredentialOfferPayload(offer: AssertedUniformCredentialOffer | UniformCredentialOfferPayload): UniformCredentialOfferPayload; declare function determineGrantTypes(offer: AssertedUniformCredentialOffer | UniformCredentialOfferPayload | ({ grants: Grant; } & Record)): GrantTypes[]; declare function getCredentialConfigurationIdsFromOfferV1_0_15(offer: CredentialOfferPayloadV1_0_15): string[]; declare function normalizeOfferInput(input: unknown): T; /** * @type {(json: {[s:string]: never} | ArrayLike | string | object, opts?: EncodeJsonAsURIOpts)} encodes a Json object into a URI * @param { {[s:string]: never} | ArrayLike | string | object } json * @param {EncodeJsonAsURIOpts} [opts] Option to encode json as uri * - urlTypeProperties: a list of properties of which the value is a URL * - arrayTypeProperties: a list of properties which are an array */ declare function convertJsonToURI(json: { [s: string]: never; } | ArrayLike | string | object, opts?: EncodeJsonAsURIOpts): string; /** * @type {(uri: string, opts?: DecodeURIAsJsonOpts): unknown} convertURIToJsonObject converts an URI into a Json object decoding its properties * @param {string} uri * @param {DecodeURIAsJsonOpts} [opts] * - requiredProperties: the required properties * - arrayTypeProperties: properties that can show up more that once * @returns JSON object */ declare function convertURIToJsonObject(uri: string, opts?: DecodeURIAsJsonOpts): unknown; declare function decodeJsonProperties(parts: string[] | string[][]): unknown; /** * @function get URI Components as Array * @param {string} uri uri * @param {string[]} [arrayTypes] array of string containing array like keys */ declare function getURIComponentsAsArray(uri: string, arrayTypes?: string[]): string[] | string[][]; declare function isW3cCredentialSupported(supported: CredentialConfigurationSupported | CredentialsSupportedLegacy): supported is Exclude; declare const getNumberOrUndefined: (input?: string) => number | undefined; /** * The specs had many places where types could be expressed. This method ensures we get them in any way possible * @param subject */ declare function getTypesFromObject(subject: CredentialConfigurationSupported | CredentialOfferFormatV1_0_11 | CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 | CredentialDefinitionJwtVcJsonV1_0_15 | JsonLdIssuerCredentialDefinition | string): string[] | undefined; declare function getTypesFromAuthorizationDetails(authDetails: AuthorizationDetailsV1_0_15, opts?: { configIdAsType?: boolean; }): string[] | undefined; declare function getTypesFromCredentialSupported(credentialSupported: CredentialConfigurationSupported, opts?: { filterVerifiableCredential: boolean; }): string[]; declare function getSupportedCredentials(opts?: { issuerMetadata?: CredentialIssuerMetadata | IssuerMetadata; version: OpenId4VCIVersion; types?: string[][]; format?: OID4VCICredentialFormat | string | (OID4VCICredentialFormat | string)[]; }): Record | Array; declare function determineVersionsFromIssuerMetadata(issuerMetadata: CredentialIssuerMetadata | IssuerMetadata): Array; declare function getSupportedCredential(opts?: { issuerMetadata?: CredentialIssuerMetadata | IssuerMetadata; version: OpenId4VCIVersion; types?: string | string[]; format?: OID4VCICredentialFormat | string | (OID4VCICredentialFormat | string)[]; }): Record | Array; declare function getIssuerDisplays(metadata: CredentialIssuerMetadata | IssuerMetadata, opts?: { prefLocales: string[]; }): MetadataDisplay[]; /** * TODO check again when WAL-617 is done to replace how we get the issuer name. */ declare function getIssuerName(url: string, credentialIssuerMetadata?: Partial & (CredentialIssuerMetadata | IssuerMetadata)): string; declare function isFormat(formatObject: T, format: Format): formatObject is T & { format: Format; }; declare function isNotFormat(formatObject: T, format: Format): formatObject is T & { format: Exclude; }; declare function getUniformFormat(format: string | OID4VCICredentialFormat | CredentialFormat): OID4VCICredentialFormat; declare function getFormatForVersion(format: string, version: OpenId4VCIVersion): OID4VCICredentialFormat; declare const getJson: (URL: string, opts?: { bearerToken?: (() => Promise) | string; contentType?: string; accept?: string; customHeaders?: Record; exceptionOnHttpErrorStatus?: boolean; }) => Promise>; declare const formPost: (url: string, body: BodyInit, opts?: { bearerToken?: (() => Promise) | string; contentType?: string; accept?: string; customHeaders?: Record; exceptionOnHttpErrorStatus?: boolean; }) => Promise>; declare const post: (url: string, body?: BodyInit, opts?: { bearerToken?: (() => Promise) | string; contentType?: string; accept?: string; customHeaders?: Record; exceptionOnHttpErrorStatus?: boolean; }) => Promise>; declare const isValidURL: (url: string) => boolean; declare const trimBoth: (value: string, trim: string) => string; declare const trimEnd: (value: string, trim: string) => string; declare const trimStart: (value: string, trim: string) => string; declare const adjustUrl: (urlOrPath: T, opts?: { stripSlashEnd?: boolean; stripSlashStart?: boolean; prepend?: string; append?: string; }) => T; /** * * - proofOfPossessionCallback: JWTSignerCallback * Mandatory if you want to create (sign) ProofOfPossession * - proofOfPossessionVerifierCallback?: JWTVerifyCallback * If exists, verifies the ProofOfPossession * - proofOfPossessionCallbackArgs: ProofOfPossessionCallbackArgs * arguments needed for signing ProofOfPossession * - proofOfPossessionCallback: JWTSignerCallback * Mandatory to create (sign) ProofOfPossession * - proofOfPossessionVerifierCallback?: JWTVerifyCallback * If exists, verifies the ProofOfPossession * @param popMode * @param callbacks * @param jwtProps * @param existingJwt * - Optional, clientId of the party requesting the credential */ declare const createProofOfPossession: (popMode: PoPMode, callbacks: ProofOfPossessionCallbacks, jwtProps?: JwtProps, existingJwt?: Jwt) => Promise; declare const isJWS: (token: string) => boolean; declare const extractBearerToken: (authorizationHeader?: string) => string | undefined; declare const validateJWT: (jwt?: string, opts?: { kid?: string; accessTokenVerificationCallback?: JWTVerifyCallback; }) => Promise; interface JwtProps { typ?: Typ; kid?: string; jwk?: JWK; x5c?: string[]; aud?: string | string[]; issuer?: string; clientId?: string; alg?: string; jti?: string; nonce?: string; } declare const toAuthorizationResponsePayload: (input: AuthorizationResponse | AuthorizationChallengeCodeResponse | string) => AuthorizationResponse | AuthorizationChallengeCodeResponse; declare const CODE_VERIFIER_DEFAULT_LENGTH = 128; declare const NONCE_LENGTH = 32; declare const generateRandomString: (length: number, encoding?: SupportedEncodings) => string; declare const generateNonce: (length?: number) => string; declare const generateCodeVerifier: (length?: number) => string; declare const createCodeChallenge: (codeVerifier: string, codeChallengeMethod?: CodeChallengeMethod) => string; declare const assertValidCodeVerifier: (codeVerifier: string) => void; type EventNames = CredentialOfferEventNames | NotificationStatusEventNames | LogEvents | CredentialEventNames; declare enum CredentialOfferEventNames { OID4VCI_OFFER_CREATED = "OID4VCI_OFFER_CREATED", OID4VCI_OFFER_EXPIRED = "OID4VCI_OFFER_EXPIRED", OID4VCI_OFFER_DELETED = "OID4VCI_OFFER_DELETED" } declare enum CredentialEventNames { OID4VCI_CREDENTIAL_ISSUED = "OID4VCI_CREDENTIAL_ISSUED" } declare enum NotificationStatusEventNames { OID4VCI_NOTIFICATION_RECEIVED = "OID4VCI_NOTIFICATION_RECEIVED", OID4VCI_NOTIFICATION_PROCESSED = "OID4VCI_NOTIFICATION_PROCESSED", OID4VCI_NOTIFICATION_ERROR = "OID4VCI_NOTIFICATION_ERROR" } type LogEvents = 'oid4vciLog'; declare const EVENTS: EventManager; declare const VCI_LOGGERS: Loggers; declare const VCI_LOG_COMMON: _sphereon_ssi_types.ISimpleLogger; export { ACCESS_TOKEN_ISSUER_REQUIRED_ERROR, ALG_ERROR, AUD_ERROR, type AccessTokenFromAuthorizationResponseOpts, type AccessTokenRequest, type AccessTokenRequestOpts, type AccessTokenResponse, Alg, type AlgValue, type AssertedUniformCredentialOffer, type AuthorizationChallengeCodeResponse, AuthorizationChallengeError, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequestOpts, type AuthorizationDetailsJwtVcJson, type AuthorizationDetailsJwtVcJsonLdAndLdpVc, type AuthorizationDetailsMsoMdoc, type AuthorizationDetailsSdJwtVc, type AuthorizationDetailsV1_0_15, type AuthorizationGrantResponse, type AuthorizationRequest, type AuthorizationRequestJwtVcJson, type AuthorizationRequestJwtVcJsonLdAndLdpVc, type AuthorizationRequestMsoMdoc, type AuthorizationRequestOpts, type AuthorizationRequestSdJwtVc, type AuthorizationResponse, type AuthorizationServerClientOpts, type AuthorizationServerMetadata, type AuthorizationServerMetadataV1_0_15, type AuthorizationServerOpts, type AuthorizationServerType, AuthzFlowType, BAD_PARAMS, type BatchCredentialIssuance, type CNonceState, CODE_VERIFIER_DEFAULT_LENGTH, CREDENTIAL_MISSING_ERROR, type ClaimsDescriptionV1_0_15, type ClientAuthMethod, type ClientMetadata, type ClientResponseType, CodeChallengeMethod, type CommonAuthorizationChallengeRequest, type CommonAuthorizationDetails, type CommonAuthorizationRequest, type CommonCredentialOfferFormat, type CommonCredentialRequest, type CommonCredentialResponse, type CommonCredentialSupported, type CompactJWSHeaderParameters, type ComponentOptions, type CreateCredentialOfferURIResult, CreateRequestObjectMode, type CredentialConfigurationSupported, type CredentialConfigurationSupportedCommonV1_0_15, type CredentialConfigurationSupportedJwtVcJsonLdAndLdpVcV1_0_15, type CredentialConfigurationSupportedJwtVcJsonV1_0_15, type CredentialConfigurationSupportedMsoMdocV1_0_15, type CredentialConfigurationSupportedSdJwtVcV1_0_15, type CredentialConfigurationSupportedV1_0_15, type CredentialDataSupplierInput, type CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15, type CredentialDefinitionJwtVcJsonV1_0_15, type CredentialErrorResponseV1_0_15, CredentialEventNames, type CredentialIssuerMetadata, type CredentialIssuerMetadataOpts, type CredentialIssuerMetadataOptsV1_0_15, type CredentialIssuerMetadataV1_0_15, type CredentialOffer, CredentialOfferEventNames, type CredentialOfferFormatJwtVcJson, type CredentialOfferFormatJwtVcJsonLdAndLdpVc, type CredentialOfferFormatMsoMdoc, type CredentialOfferFormatSdJwtVc, type CredentialOfferFormatSdJwtVcv13, type CredentialOfferFormatV1_0_11, type CredentialOfferMode, type CredentialOfferPayload, type CredentialOfferPayloadLatest, type CredentialOfferPayloadV1_0_15, type CredentialOfferRESTRequestV1_0_15, type CredentialOfferRequestWithBaseUrl, type CredentialOfferSession, type CredentialOfferV1_0_15, type CredentialRequest, type CredentialRequestJwtVcJson, type CredentialRequestJwtVcJsonLdAndLdpVc, type CredentialRequestMsoMdoc, type CredentialRequestSdJwtVc, type CredentialRequestV1_0_15, type CredentialRequestV1_0_15Common, type CredentialRequestV1_0_15CredentialConfigurationId, type CredentialRequestV1_0_15CredentialIdentifier, type CredentialRequestV1_0_15ResponseEncryption, type CredentialResponse, type CredentialResponseCredentialV1_0_15, type CredentialResponseJwtVc, type CredentialResponseLdpVc, type CredentialResponseSdJwtVc, type CredentialResponseV1_0_15, type CredentialSubjectDisplay, type CredentialSupplierConfig, type CredentialSupportedBrief, type CredentialSupportedJwtVcJson, type CredentialSupportedJwtVcJsonLdAndLdpVc, type CredentialSupportedMsoMdoc, type CredentialSupportedSdJwtVc, type CredentialSupportedSdJwtVcV13, type CredentialsSupportedDisplay, type CredentialsSupportedLegacy, DID_NO_DIDDOC_ERROR, type DPoPResponseParams, type DecodeURIAsJsonOpts, DefaultURISchemes, type DeferredCredentialResponseV1_0_15, EVENTS, EXPERIMENTAL_SUBJECT_PROOF_MODE_ENABLED, EXPIRED_PRE_AUTHORIZED_CODE, type EncValue, type EncodeJsonAsURIOpts, Encoding, type EndpointMetadata, type EndpointMetadataResult, type EndpointMetadataResultV1_0_15, type ErrorResponse, type EventNames, type ExperimentalSubjectIssuance, GRANTS_MUST_NOT_BE_UNDEFINED, type Grant, type GrantAuthorizationCode, GrantTypes, type GrantUrnIetf, IAT_ERROR, INVALID_PRE_AUTHORIZED_CODE, ISSUER_CONFIG_ERROR, ISS_MUST_BE_CLIENT_ID, ISS_PRESENT_IN_PRE_AUTHORIZED_CODE_CONTEXT, type IStateManager, type ImageInfo, type InputCharSet, IssueStatus, type IssueStatusResponse, type IssuerCredentialSubject, type IssuerCredentialSubjectDisplay, type IssuerMetadata, type IssuerMetadataV1_0_15, type IssuerOpts, type JWSHeaderParameters, JWS_NOT_VALID, type JWTHeader, type JWTHeaderParameters, type JWTPayload, type JWTSignerCallback, type JWTVerifyCallback, JWT_SIGNER_CALLBACK_REQUIRED_ERROR, JWT_VERIFY_CONFIG_ERROR, type JoseHeaderParameters, type JsonLdIssuerCredentialDefinition, JsonURIMode, type Jwt, type JwtProps, type JwtVerifyResult, KID_DID_NO_DID_ERROR, KID_JWK_X5C_ERROR, type KeyAttestationJWT, type KeyAttestationsRequiredV1_0_15, type KeyProofType, type LogEvents, type LogoAndColor, type MetadataDisplay, NONCE_ERROR, NONCE_LENGTH, NONCE_STATE_MANAGER_REQUIRED_ERROR, NO_ISS_IN_AUTHORIZATION_CODE_CONTEXT, NO_JWT_PROVIDED, type NameAndLocale, type NonceRequestV1_0_15, type NonceResponseV1_0_15, type NotificationError, type NotificationErrorResponse, type NotificationErrorResponseV1_0_15, type NotificationEventType, type NotificationRequest, type NotificationResponseResult, type NotificationResponseV1_0_15, NotificationStatusEventNames, type OAuthGrantType, type OAuthResponseMode, type OAuthResponseType, type OAuthScope, type OID4VCICredentialFormat, type OpenIDResponse, OpenId4VCIVersion, PARMode, PIN_NOT_MATCH_ERROR, PIN_VALIDATION_ERROR, type PKCECodeChallengeMethod, type PKCEOpts, PRE_AUTHORIZED_CODE_REQUIRED_ERROR, PRE_AUTH_CODE_LITERAL, PRE_AUTH_GRANT_LITERAL, PROOF_CANT_BE_CONSTRUCTED, type PoPMode, type ProofOfPossession, type ProofOfPossessionCallbacks, type ProofOfPossessionMap, type ProofType, type ProofTypeV1_0_15, type ProofTypesSupported, type ProofTypesV1_0_15, type PushedAuthorizationResponse, type QRCodeOpts, type RequestObjectOpts, type ResponseEncryption, ResponseType, type RevocationEndpointAuthMethod, type RevocationEndpointAuthSigningAlg, STATE_MANAGER_REQUIRED_ERROR, STATE_MISSING_ERROR, type SearchValue, type StateType, type StatusListOpts, type SubjectProofMode, type SubjectProofNotificationEventsSupported, TYP_ERROR, type TokenEndpointAuthMethod, type TokenEndpointAuthSigningAlg, TokenError, TokenErrorResponse, type TokenResponseV1_0_15, type TxCode, type TxCodeAndPinRequired, type Typ, UNKNOWN_CLIENT_ERROR, UNSUPPORTED_GRANT_TYPE_ERROR, type URIState, URL_NOT_VALID, USER_PIN_NOT_REQUIRED_ERROR, USER_PIN_REQUIRED_ERROR, USER_PIN_TX_CODE_SPEC_ERROR, type UniformCredentialOffer, type UniformCredentialOfferPayload, type UniformCredentialOfferRequest, VCI_LOGGERS, VCI_LOG_COMMON, WRONG_METADATA_FORMAT, type WalletAttestationJWT, WellKnownEndpoints, acquireDeferredCredential, adjustUrl, assertValidCodeVerifier, assertedUniformCredentialOffer, authorizationServerMetadataFieldNames, convertJsonToURI, convertURIToJsonObject, createCodeChallenge, createProofOfPossession, credentialIssuerMetadataFieldNamesV1_0_15, type credential_identifiers, decodeJsonProperties, determineFlowType, determineGrantTypes, determineSpecVersionFromOffer, determineSpecVersionFromScheme, determineSpecVersionFromURI, determineVersionsFromIssuerMetadata, extractBearerToken, formPost, generateCodeVerifier, generateNonce, generateRandomString, getClientIdFromCredentialOfferPayload, getCredentialConfigurationIdsFromOfferV1_0_15, getCredentialOfferPayload, getFormatForVersion, getIssuerDisplays, getIssuerFromCredentialOfferPayload, getIssuerName, getJson, getNumberOrUndefined, getScheme, getStateFromCredentialOfferPayload, getSupportedCredential, getSupportedCredentials, getTypesFromAuthorizationDetails, getTypesFromCredentialSupported, getTypesFromObject, getURIComponentsAsArray, getUniformFormat, isCredentialOfferVersion, isDeferredCredentialIssuancePending, isDeferredCredentialResponse, isFormat, isJWS, isNotFormat, isPreAuthCode, isValidURL, isW3cCredentialSupported, normalizeOfferInput, post, resolveCredentialOfferURI, supportedOID4VCICredentialFormat, toAuthorizationResponsePayload, toUniformCredentialOfferPayload, toUniformCredentialOfferRequest, trimBoth, trimEnd, trimStart, validateJWT };