import { ICredential, SdJwtDecodedVerifiableCredentialPayload, SdJwtDisclosureFrame, W3CVerifiableCredential, CompactSdJwtVc, ISimpleLogger } from '@sphereon/ssi-types'; import { OID4VCICredentialFormat, CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15, CredentialDefinitionJwtVcJsonV1_0_15, ProofTypesSupported, CredentialsSupportedDisplay, ClaimsDescriptionV1_0_15, KeyProofType, ProofType, CredentialConfigurationSupportedV1_0_15, GrantAuthorizationCode, GrantUrnIetf, CredentialIssuerMetadataOptsV1_0_15, CredentialOfferPayloadV1_0_15, AssertedUniformCredentialOffer, CredentialOfferV1_0_15, UniformCredentialOffer, CredentialOfferMode, IssuerMetadataV1_0_15, CredentialOfferSession, AuthorizationDetailsV1_0_15, ClientMetadata, JWTVerifyCallback, CredentialRequestV1_0_15, JwtVerifyResult, StatusListOpts, CNonceState, CredentialRequest, CredentialSupplierConfig, CredentialDataSupplierInput, AuthorizationServerMetadata, TxCode, IStateManager, URIState, NotificationRequest, JsonLdIssuerCredentialDefinition, QRCodeOpts, CreateCredentialOfferURIResult, CredentialResponse, ImageInfo, MetadataDisplay, BatchCredentialIssuance, ResponseEncryption, IssuerMetadata, ClientResponseType, TokenEndpointAuthMethod, TokenEndpointAuthSigningAlg, OAuthScope, OAuthResponseType, OAuthResponseMode, OAuthGrantType, RevocationEndpointAuthMethod, RevocationEndpointAuthSigningAlg, PKCECodeChallengeMethod, StateType, JWTSignerCallback, Alg, AccessTokenRequest, AccessTokenResponse } from '@sphereon/oid4vci-common'; import { SigningAlgo, JWK } from '@sphereon/oid4vc-common'; declare class CredentialSupportedBuilderV1_15 { format?: OID4VCICredentialFormat; scope?: string; credentialName?: string; credentialDefinition?: CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 | CredentialDefinitionJwtVcJsonV1_0_15; cryptographicBindingMethodsSupported?: ('jwk' | 'cose_key' | 'did' | string)[]; credentialSigningAlgValuesSupported?: string[]; proofTypesSupported?: ProofTypesSupported; display?: CredentialsSupportedDisplay[]; claims?: ClaimsDescriptionV1_0_15[]; vct?: string; doctype?: string; withFormat(credentialFormat: OID4VCICredentialFormat): CredentialSupportedBuilderV1_15; withCredentialName(credentialName: string): CredentialSupportedBuilderV1_15; withCredentialDefinition(credentialDefinition: CredentialDefinitionJwtVcJsonLdAndLdpVcV1_0_15 | CredentialDefinitionJwtVcJsonV1_0_15): CredentialSupportedBuilderV1_15; withScope(scope: string): CredentialSupportedBuilderV1_15; withVct(vct: string): CredentialSupportedBuilderV1_15; withDoctype(doctype: string): CredentialSupportedBuilderV1_15; addCryptographicBindingMethod(method: string | string[]): CredentialSupportedBuilderV1_15; withCryptographicBindingMethod(method: string | string[]): CredentialSupportedBuilderV1_15; addCredentialSigningAlgValuesSupported(algValues: string | string[]): CredentialSupportedBuilderV1_15; withCredentialSigningAlgValuesSupported(algValues: string | string[]): CredentialSupportedBuilderV1_15; addProofTypesSupported(keyProofType: KeyProofType, proofType: ProofType): CredentialSupportedBuilderV1_15; withProofTypesSupported(proofTypesSupported: ProofTypesSupported): CredentialSupportedBuilderV1_15; addCredentialSupportedDisplay(credentialDisplay: CredentialsSupportedDisplay | CredentialsSupportedDisplay[]): CredentialSupportedBuilderV1_15; withCredentialSupportedDisplay(credentialDisplay: CredentialsSupportedDisplay | CredentialsSupportedDisplay[]): CredentialSupportedBuilderV1_15; withClaims(claims: ClaimsDescriptionV1_0_15[]): CredentialSupportedBuilderV1_15; addClaim(claim: ClaimsDescriptionV1_0_15): CredentialSupportedBuilderV1_15; build(): Record; } interface CredentialOfferGrantInput { authorization_code?: Partial; 'urn:ietf:params:oauth:grant-type:pre-authorized_code'?: Partial; } declare function createCredentialOfferObject(issuerMetadata?: CredentialIssuerMetadataOptsV1_0_15, opts?: { credentialOffer?: CredentialOfferPayloadV1_0_15; credentialOfferUri?: string; grants?: CredentialOfferGrantInput; client_id?: string; }): AssertedUniformCredentialOffer; declare function createCredentialOfferURIFromObject(credentialOffer: CredentialOfferV1_0_15 | UniformCredentialOffer, offerMode: CredentialOfferMode, opts?: { scheme?: string; baseUri?: string; }): string; declare function createCredentialOfferURI(offerMode: CredentialOfferMode, issuerMetadata?: IssuerMetadataV1_0_15, opts?: { credentialOffer?: CredentialOfferPayloadV1_0_15; credentialOfferUri?: string; scheme?: string; baseUri?: string; grants?: CredentialOfferGrantInput; }): string; declare const isPreAuthorizedCodeExpired: (state: CredentialOfferSession, expirationDurationInSeconds: number) => boolean; declare const assertValidPinNumber: (pin?: string, pinLength?: number) => void; /** * Generates unique credential identifiers for authorization details * Each identifier represents a specific credential instance that can be issued */ declare const generateCredentialIdentifiers: (authDetail: AuthorizationDetailsV1_0_15, session: CredentialOfferSession) => string[]; declare function oidcAccessTokenVerifyCallback(opts: { credentialIssuer: string; authorizationServer: string; clientMetadata?: ClientMetadata; }): JWTVerifyCallback; type CredentialSignerCallback = (opts: { credentialRequest: CredentialRequestV1_0_15; credential: CredentialIssuanceInput; format?: OID4VCICredentialFormat; /** * We use object since we don't want to expose the DID Document TS type to too many interfaces. * An implementation that wants to look into the DIDDoc would have to do a cast in the signer callback implementation */ jwtVerifyResult: JwtVerifyResult; statusLists?: Array; }) => Promise; interface CredentialDataSupplierArgs extends CNonceState { credentialRequest: CredentialRequest; credentialOffer: AssertedUniformCredentialOffer; format: OID4VCICredentialFormat; clientId?: string; credentialSupplierConfig?: CredentialSupplierConfig; credentialDataSupplierInput?: CredentialDataSupplierInput; } type CredentialIssuanceInput = ICredential | (SdJwtDecodedVerifiableCredentialPayload & { __disclosureFrame?: SdJwtDisclosureFrame; }); interface CredentialDataSupplierResult { credential: CredentialIssuanceInput; format?: OID4VCICredentialFormat; signCallback?: CredentialSignerCallback; } type CredentialDataSupplier = (args: CredentialDataSupplierArgs) => Promise; type IssuerCorrelation = { issuerState?: string; preAuthorizedCode?: string; authorizationDetails?: AuthorizationDetailsV1_0_15[]; }; declare class VcIssuer { private _issuerMetadata; private readonly _authorizationServerMetadata; private readonly _defaultCredentialOfferBaseUri?; private readonly _credentialSignerCallback?; private readonly _jwtVerifyCallback?; private readonly _credentialDataSupplier?; private readonly _credentialOfferSessions; private readonly _cNonces; private readonly _uris; private readonly _cNonceExpiresIn; private readonly _asClientOpts?; constructor(issuerMetadata: CredentialIssuerMetadataOptsV1_0_15, authorizationServerMetadata: AuthorizationServerMetadata, args: { txCode?: TxCode; baseUri?: string; credentialOfferSessions: IStateManager; defaultCredentialOfferBaseUri?: string; cNonces: IStateManager; uris?: IStateManager; credentialSignerCallback?: CredentialSignerCallback; jwtVerifyCallback?: JWTVerifyCallback; credentialDataSupplier?: CredentialDataSupplier; cNonceExpiresIn?: number | undefined; asClientOpts?: ClientMetadata; }); getCredentialOfferSessionById(id: string, lookups?: Array<'uri' | 'preAuthorizedCode' | 'issuerState' | 'correlationId'>): Promise; deleteCredentialOfferSessionById(id: string, lookups?: Array<'uri' | 'preAuthorizedCode' | 'issuerState' | 'correlationId'>): Promise; processNotification({ preAuthorizedCode, issuerState, notification, }: { preAuthorizedCode?: string; issuerState?: string; notification: NotificationRequest; }): Promise; createCredentialOfferURI(opts: { offerMode?: CredentialOfferMode; grants?: CredentialOfferGrantInput; client_id?: string; redirectUri?: string; credential_configuration_ids?: Array; credentialDefinition?: JsonLdIssuerCredentialDefinition; credentialOfferUri?: string; credentialDataSupplierInput?: CredentialDataSupplierInput; baseUri?: string; scheme?: string; pinLength?: number; qrCodeOpts?: QRCodeOpts; correlationId?: string; statusListOpts?: Array; sessionLifeTimeInSec?: number; }): Promise; /** * issueCredentialFromIssueRequest * @param opts issuerRequestParams * - issueCredentialsRequest the credential request * - issuerState the state of the issuer * - jwtVerifyCallback callback that verifies the Proof of Possession JWT * - issuerCallback callback to issue a Verifiable Credential * - cNonce an existing c_nonce */ issueCredential(opts: { credentialRequest: CredentialRequest; issuerCorrelation: IssuerCorrelation; credential?: CredentialIssuanceInput; credentialDataSupplier?: CredentialDataSupplier; credentialDataSupplierInput?: CredentialDataSupplierInput; newCNonce?: string; cNonceExpiresIn?: number; tokenExpiresIn?: number; jwtVerifyCallback?: JWTVerifyCallback; credentialSignerCallback?: CredentialSignerCallback; responseCNonce?: string; }): Promise; private lookupCredentialFormat; private updateSession; private validateCredentialRequestProof; private issueCredentialImpl; get credentialSignerCallback(): CredentialSignerCallback | undefined; get jwtVerifyCallback(): JWTVerifyCallback | undefined; get credentialDataSupplier(): CredentialDataSupplier | undefined; get uris(): IStateManager; get cNonceExpiresIn(): number; get credentialOfferSessions(): IStateManager; get cNonces(): IStateManager; get defaultCredentialOfferBaseUri(): string | undefined; get issuerMetadata(): CredentialIssuerMetadataOptsV1_0_15; set issuerMetadata(value: CredentialIssuerMetadataOptsV1_0_15); get authorizationServerMetadata(): AuthorizationServerMetadata; get asClientOpts(): ClientMetadata | undefined; } declare class DisplayBuilder { name?: string; locale?: string; additionalProperties: Record; logo?: ImageInfo; backgroundColor?: string; textColor?: string; withName(name: string): this; withLocale(locale: string): this; withLogo(logo: ImageInfo): this; withBackgroundColor(backgroundColor: string): this; withTextColor(textColor: string): this; withAdditionalProperties(properties: Record): this; addAdditionalProperty(key: string, value: unknown): this; build(): MetadataDisplay; } declare class IssuerMetadataBuilderV1_15 { credentialEndpoint?: string; nonceEndpoint?: string; credentialIssuer?: string; supportedBuilders: CredentialSupportedBuilderV1_15[]; credentialConfigurationsSupported: Record; displayBuilders: DisplayBuilder[]; display: MetadataDisplay[]; batchCredentialIssuance?: BatchCredentialIssuance; authorizationServers?: string[]; tokenEndpoint?: string; authorizationChallengeEndpoint?: string; credentialResponseEncryption?: ResponseEncryption; signedMetadata?: string; credentialIdentifiersSupported?: boolean; withBatchCredentialIssuance(batchCredentialIssuance: BatchCredentialIssuance): this; withAuthorizationServers(authorizationServers: string[]): this; withAuthorizationServer(authorizationServer: string): this; withAuthorizationChallengeEndpoint(authorizationChallengeEndpoint: string): this; withTokenEndpoint(tokenEndpoint: string): this; withCredentialEndpoint(credentialEndpoint: string): IssuerMetadataBuilderV1_15; withNonceEndpoint(nonceEndpoint: string): IssuerMetadataBuilderV1_15; withCredentialIssuer(credentialIssuer: string): IssuerMetadataBuilderV1_15; withCredentialResponseEncryption(credentialResponseEncryption: ResponseEncryption): IssuerMetadataBuilderV1_15; withSignedMetadata(signedMetadata: string): IssuerMetadataBuilderV1_15; withCredentialIdentifiersSupported(credentialIdentifiersSupported: boolean): IssuerMetadataBuilderV1_15; newSupportedCredentialBuilder(): CredentialSupportedBuilderV1_15; addSupportedCredentialBuilder(supportedCredentialBuilder: CredentialSupportedBuilderV1_15): this; addCredentialConfigurationsSupported(id: string, supportedCredential: CredentialConfigurationSupportedV1_0_15): this; withIssuerDisplay(issuerDisplay: MetadataDisplay[] | MetadataDisplay): IssuerMetadataBuilderV1_15; addDisplay(display: MetadataDisplay): void; addDisplayBuilder(displayBuilder: DisplayBuilder): void; newDisplayBuilder(): DisplayBuilder; build(): IssuerMetadataV1_0_15; } declare class VcIssuerBuilder { issuerMetadataBuilder?: IssuerMetadataBuilderV1_15; issuerMetadata: Partial; authorizationServerMetadata: Partial; asClientOpts?: ClientMetadata; txCode?: TxCode; defaultCredentialOfferBaseUri?: string; userPinRequired?: boolean; cNonceExpiresIn?: number; credentialOfferStateManager?: IStateManager; credentialOfferURIManager?: IStateManager; cNonceStateManager?: IStateManager; credentialSignerCallback?: CredentialSignerCallback; jwtVerifyCallback?: JWTVerifyCallback; credentialDataSupplier?: CredentialDataSupplier; withIssuerMetadata(issuerMetadata: IssuerMetadata): this; withASClientMetadata(clientMetadata: ClientMetadata): this; withASClientMetadataParams({ client_id, client_secret, redirect_uris, response_types, ...other }: { client_id: string; client_secret?: string; redirect_uris?: string[]; response_types?: ClientResponseType[]; } & ClientMetadata): this; withAuthorizationMetadata(authorizationServerMetadata: AuthorizationServerMetadata): this; withIssuerMetadataBuilder(builder: IssuerMetadataBuilderV1_15): this; withDefaultCredentialOfferBaseUri(baseUri: string): this; withCredentialIssuer(issuer: string): this; withAuthorizationServers(authorizationServers: string | string[]): this; withCredentialEndpoint(credentialEndpoint: string): this; withTokenEndpoint(tokenEndpoint: string): this; withNonceEndpoint(nonceEndpoint: string): this; withIssuerDisplay(issuerDisplay: MetadataDisplay[] | MetadataDisplay): this; addIssuerDisplay(issuerDisplay: MetadataDisplay): this; withCredentialConfigurationsSupported(credentialConfigurationsSupported: Record): this; addCredentialConfigurationsSupported(id: string, supportedCredential: CredentialConfigurationSupportedV1_0_15): this; withTXCode(txCode: TxCode): this; withCredentialOfferURIStateManager(credentialOfferURIManager: IStateManager): this; withInMemoryCredentialOfferURIState(): this; withCredentialOfferStateManager(credentialOfferManager: IStateManager): this; withInMemoryCredentialOfferState(): this; withCNonceStateManager(cNonceManager: IStateManager): this; withInMemoryCNonceState(): this; withCNonceExpiresIn(cNonceExpiresIn: number): this; withCredentialSignerCallback(cb: CredentialSignerCallback): this; withJWTVerifyCallback(verifyCallback: JWTVerifyCallback): this; withCredentialDataSupplier(credentialDataSupplier: CredentialDataSupplier): this; build(): VcIssuer; } declare class AuthorizationServerMetadataBuilder { private metadata; withIssuer(issuer: string): AuthorizationServerMetadataBuilder; withAuthorizationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withAuthorizationChallengeEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withTokenEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withNonceEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withTokenEndpointAuthMethodsSupported(methods: Array): AuthorizationServerMetadataBuilder; withTokenEndpointAuthSigningAlgValuesSupported(algs: Array): AuthorizationServerMetadataBuilder; withRegistrationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withScopesSupported(scopes: Array): AuthorizationServerMetadataBuilder; withResponseTypesSupported(types: Array): AuthorizationServerMetadataBuilder; withResponseModesSupported(modes: Array): AuthorizationServerMetadataBuilder; withGrantTypesSupported(types: Array): AuthorizationServerMetadataBuilder; withServiceDocumentation(url: string): AuthorizationServerMetadataBuilder; withUILocalesSupported(locales: string[]): AuthorizationServerMetadataBuilder; withOpPolicyUri(uri: string): AuthorizationServerMetadataBuilder; withOpTosUri(uri: string): AuthorizationServerMetadataBuilder; withRevocationEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withRevocationEndpointAuthMethodsSupported(methods: Array): AuthorizationServerMetadataBuilder; withRevocationEndpointAuthSigningAlgValuesSupported(algs: Array): AuthorizationServerMetadataBuilder; withIntrospectionEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withCodeChallengeMethodsSupported(methods: Array): AuthorizationServerMetadataBuilder; withPushedAuthorizationRequestEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withRequirePushedAuthorizationRequests(required: boolean): AuthorizationServerMetadataBuilder; withPreAuthorizedGrantAnonymousAccessSupported(supported: boolean): AuthorizationServerMetadataBuilder; withDPoPSigningAlgValuesSupported(algs: (string | SigningAlgo)[]): AuthorizationServerMetadataBuilder; withFrontchannelLogoutSupported(supported: boolean): AuthorizationServerMetadataBuilder; withFrontchannelLogoutSessionSupported(supported: boolean): AuthorizationServerMetadataBuilder; withBackchannelLogoutSupported(supported: boolean): AuthorizationServerMetadataBuilder; withBackchannelLogoutSessionSupported(supported: boolean): AuthorizationServerMetadataBuilder; withUserinfoEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withCheckSessionIframe(url: string): AuthorizationServerMetadataBuilder; withEndSessionEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withAcrValuesSupported(values: string[]): AuthorizationServerMetadataBuilder; withSubjectTypesSupported(types: string[]): AuthorizationServerMetadataBuilder; withRequestObjectSigningAlgValuesSupported(algs: string[]): AuthorizationServerMetadataBuilder; withDisplayValuesSupported(values: string[]): AuthorizationServerMetadataBuilder; withClaimTypesSupported(types: string[]): AuthorizationServerMetadataBuilder; withClaimsSupported(claims: string[]): AuthorizationServerMetadataBuilder; withClaimsParameterSupported(supported: boolean): AuthorizationServerMetadataBuilder; withCredentialEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; withDeferredCredentialEndpoint(endpoint: string): AuthorizationServerMetadataBuilder; build(): AuthorizationServerMetadata; } declare class MemoryStates implements IStateManager { private readonly expiresInMS; private readonly states; private cleanupIntervalId?; constructor(opts?: { expiresInSec?: number; }); clearAll(): Promise; clearExpired(timestamp?: number): Promise; delete(id: string): Promise; getAsserted(id: string): Promise; get(id: string): Promise; has(id: string): Promise; set(id: string, stateValue: T): Promise; startCleanupRoutine(timeout?: number): Promise; stopCleanupRoutine(): Promise; } declare function lookupStateManagerMultiGetAsserted(args: { id: string; lookups: string[]; keyValueMapper: IStateManager; valueStateManager: IStateManager; }): Promise; declare function lookupStateManagerMultiGet({ id, lookups, keyValueMapper, valueStateManager, }: { id: string; lookups: string[]; keyValueMapper: IStateManager; valueStateManager: IStateManager; }): Promise; declare class LookupStateManager implements IStateManager { private keyValueMapper; private valueStateManager; private lookup; constructor(keyValueMapper: IStateManager, valueStateManager: IStateManager, lookup: string); startCleanupRoutine(timeout?: number | undefined): Promise; stopCleanupRoutine(): Promise; clearAll(): Promise; clearExpired(timestamp?: number): Promise; private assertedValueId; private valueId; delete(id: string): Promise; get(id: string): Promise; has(id: string): Promise; set(_id: string, _stateValue: V): Promise; setMapped(valueKey: string, keyObject: K, stateValue: V): Promise; getAsserted(id: string): Promise; } declare class CredentialOfferStateBuilder { private readonly credentialOfferState; constructor(); credentialOffer(credentialOffer: AssertedUniformCredentialOffer): CredentialOfferStateBuilder; createdAt(timestamp: number): CredentialOfferStateBuilder; build(): CredentialOfferSession; } interface ITokenEndpointOpts { tokenEndpointDisabled?: boolean; tokenPath?: string; interval?: number; cNonceExpiresIn?: number; tokenExpiresIn?: number; preAuthorizedCodeExpirationDuration?: number; accessTokenSignerCallback?: JWTSignerCallback; accessTokenVerificationCallback?: JWTVerifyCallback; accessTokenIssuer?: string; accessTokenProvider?: AccessTokenProvider; } type AccessTokenProvider = 'internal' | 'oidc' | 'oauth2'; declare const generateAccessToken: (opts: Required> & { additionalClaims?: Record; preAuthorizedCode?: string; alg?: Alg; dPoPJwk?: JWK; }) => Promise; declare const isValidGrant: (assertedState: CredentialOfferSession, grantType: string) => boolean; declare const assertValidAccessTokenRequest: (request: AccessTokenRequest, opts: { credentialOfferSessions: IStateManager; expirationDuration: number; authRequestsData?: Map; }) => Promise<{ preAuthSession: CredentialOfferSession; }>; declare const createAccessTokenResponse: (request: AccessTokenRequest, opts: { credentialOfferSessions: IStateManager; cNonces: IStateManager; cNonce?: string; cNonceExpiresIn?: number; tokenExpiresIn: number; accessTokenSignerCallback: JWTSignerCallback; accessTokenIssuer: string; accessTokenProvider?: AccessTokenProvider; interval?: number; dPoPJwk?: JWK; }) => Promise; declare const LOG: ISimpleLogger; export { type AccessTokenProvider, AuthorizationServerMetadataBuilder, type CredentialDataSupplier, type CredentialDataSupplierArgs, type CredentialDataSupplierResult, type CredentialIssuanceInput, type CredentialOfferGrantInput, CredentialOfferStateBuilder, type CredentialSignerCallback, CredentialSupportedBuilderV1_15, DisplayBuilder, type ITokenEndpointOpts, type IssuerCorrelation, IssuerMetadataBuilderV1_15, LOG, LookupStateManager, MemoryStates, VcIssuer, VcIssuerBuilder, assertValidAccessTokenRequest, assertValidPinNumber, createAccessTokenResponse, createCredentialOfferObject, createCredentialOfferURI, createCredentialOfferURIFromObject, generateAccessToken, generateCredentialIdentifiers, isPreAuthorizedCodeExpired, isValidGrant, lookupStateManagerMultiGet, lookupStateManagerMultiGetAsserted, oidcAccessTokenVerifyCallback };