feat: inc feedback

Signed-off-by: Martin Auer <martin.auer97@gmail.com>

packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts

@@ -12,6 +12,7 @@ import type {
   OpenId4VciTokenRequestOptions,
 } from './OpenId4VciHolderServiceOptions'
 import type {
+  OpenId4VciCredentialConfigurationsSupported,
   OpenId4VciCredentialConfigurationSupported,
   OpenId4VciCredentialSupported,
   OpenId4VciIssuerMetadata,
@@ -65,7 +66,6 @@ import { OpenId4VciCredentialFormatProfile } from '../shared'
 import {
   getTypesFromCredentialSupported,
   getOfferedCredentials,
-  credentialsSupportedV13ToV11,
   credentialsSupportedV11ToV13,
 } from '../shared/issuerMetadataUtils'
 import { OpenId4VciCredentialSupportedWithId } from '../shared/models/index'
@@ -125,18 +125,18 @@ export class OpenId4VciHolderService {
       ? credentialOfferPayload.credential_configuration_ids
       : credentialOfferPayload.credentials
 
-    const offeredCredentialConfigurations = getOfferedCredentials(
+    const offeredCredentials = getOfferedCredentials(
       offeredCredentialsData,
       (credentialIssuerMetadata.credentials_supported as OpenId4VciCredentialSupportedWithId[] | undefined) ??
-        credentialIssuerMetadata.credential_configurations_supported
+        (credentialIssuerMetadata.credential_configurations_supported as OpenId4VciCredentialConfigurationsSupported)
     )
 
     return {
       metadata: {
         ...metadata,
         credentialIssuerMetadata: credentialIssuerMetadata,
       },
-      offeredCredentials: credentialsSupportedV13ToV11(offeredCredentialConfigurations),
+      offeredCredentials,
       credentialOfferPayload,
       credentialOfferRequestWithBaseUrl: client.credentialOffer,
       version: client.version(),
@@ -367,7 +367,7 @@ export class OpenId4VciHolderService {
           return true
         }) ?? offeredCredentials
 
-    const offeredCredentialConfigurations = credentialsSupportedV11ToV13(credentialsSupportedToRequest)
+    const offeredCredentialConfigurations = credentialsSupportedV11ToV13(agentContext, credentialsSupportedToRequest)
     for (const offeredCredentialConfiguration of Object.entries(offeredCredentialConfigurations)) {
       const offeredCredential = offeredCredentialConfiguration[1]
 

packages/openid4vc/src/openid4vc-issuer/OpenId4VcIssuerApi.ts

@@ -11,6 +11,10 @@ import { credentialsSupportedV13ToV11, type OpenId4VciCredentialRequest } from '
 
 import { OpenId4VcIssuerModuleConfig } from './OpenId4VcIssuerModuleConfig'
 import { OpenId4VcIssuerService } from './OpenId4VcIssuerService'
+import {
+  OpenId4VcIssuerRecordCredentialSupportedProps,
+  OpenId4VcIssuerRecordCredentialConfigurationsSupportedProps,
+} from './repository'
 
 /**
  * @public
@@ -59,13 +63,18 @@ export class OpenId4VcIssuerApi {
   }
 
   public async updateIssuerMetadata(
-    options: Pick<OpenId4VcIssuerRecordProps, 'issuerId' | 'credentialsSupported' | 'display'>
+    options: Pick<OpenId4VcIssuerRecordProps, 'issuerId' | 'display'> &
+      (OpenId4VcIssuerRecordCredentialSupportedProps | OpenId4VcIssuerRecordCredentialConfigurationsSupportedProps)
   ) {
     const issuer = await this.openId4VcIssuerService.getIssuerByIssuerId(this.agentContext, options.issuerId)
 
-    issuer.credentialsSupported = Array.isArray(options.credentialsSupported)
-      ? options.credentialsSupported
-      : credentialsSupportedV13ToV11(options.credentialsSupported)
+    if (options.credentialConfigurationsSupported) {
+      issuer.credentialConfigurationsSupported = options.credentialConfigurationsSupported
+      issuer.credentialsSupported = credentialsSupportedV13ToV11(options.credentialConfigurationsSupported)
+    } else {
+      issuer.credentialsSupported = options.credentialsSupported
+      issuer.credentialConfigurationsSupported = undefined
+    }
     issuer.display = options.display
 
     return this.openId4VcIssuerService.updateIssuer(this.agentContext, issuer)

packages/openid4vc/src/openid4vc-issuer/OpenId4VcIssuerService.ts

@@ -51,8 +51,11 @@ import {
 } from '@credo-ts/core'
 import { VcIssuerBuilder } from '@sphereon/oid4vci-issuer'
 
-import { credentialsSupportedV11ToV13, getOfferedCredentials, OpenId4VciCredentialFormatProfile } from '../shared'
-import { credentialsSupportedV13ToV11, getProofTypesSupported } from '../shared/issuerMetadataUtils'
+import { credentialsSupportedV11ToV13, OpenId4VciCredentialFormatProfile } from '../shared'
+import {
+  credentialsSupportedV13ToV11,
+  getOfferedCredentialConfigurationsSupported,
+} from '../shared/issuerMetadataUtils'
 import { storeActorIdForContextCorrelationId } from '../shared/router'
 import { getSphereonVerifiableCredential } from '../shared/transform'
 import { getProofTypeFromKey, isCredentialOfferV1Draft13 } from '../shared/utils'
@@ -118,7 +121,11 @@ export class OpenId4VcIssuerService {
 
     // this checks if the structure of the credentials is correct
     // it throws an error if a offered credential cannot be found in the credentialsSupported
-    getOfferedCredentials(options.offeredCredentials, vcIssuer.issuerMetadata.credential_configurations_supported)
+    getOfferedCredentialConfigurationsSupported(
+      agentContext,
+      options.offeredCredentials,
+      vcIssuer.issuerMetadata.credential_configurations_supported
+    )
     const uniqueOfferedCredentials = Array.from(new Set(options.offeredCredentials))
     if (uniqueOfferedCredentials.length !== offeredCredentials.length) {
       throw new CredoError('All offered credentials must have unique ids.')
@@ -371,13 +378,13 @@ export class OpenId4VcIssuerService {
   private getVcIssuer(agentContext: AgentContext, issuer: OpenId4VcIssuerRecord) {
     const issuerMetadata = this.getIssuerMetadata(agentContext, issuer)
 
-    const proofTypesSupported = getProofTypesSupported(agentContext)
     const builder = new VcIssuerBuilder()
       .withCredentialIssuer(issuerMetadata.issuerUrl)
       .withCredentialEndpoint(issuerMetadata.credentialEndpoint)
       .withTokenEndpoint(issuerMetadata.tokenEndpoint)
       .withCredentialConfigurationsSupported(
-        credentialsSupportedV11ToV13(issuer.credentialsSupported, { proofTypesSupported })
+        issuer.credentialConfigurationsSupported ??
+          credentialsSupportedV11ToV13(agentContext, issuer.credentialsSupported)
       )
       .withCNonceStateManager(new OpenId4VcCNonceStateManager(agentContext, issuer.issuerId))
       .withCredentialOfferStateManager(new OpenId4VcCredentialOfferSessionStateManager(agentContext, issuer.issuerId))
@@ -426,10 +433,11 @@ export class OpenId4VcIssuerService {
       ? credentialOffer.credential_configuration_ids
       : credentialOffer.credentials
 
-    const proofTypesSupported = getProofTypesSupported(agentContext)
-    const offeredCredentials = getOfferedCredentials(offeredCredentialsData, credentialsSupported, {
-      proofTypesSupported,
-    })
+    const offeredCredentials = getOfferedCredentialConfigurationsSupported(
+      agentContext,
+      offeredCredentialsData,
+      credentialsSupported
+    )
 
     if ('credential_identifier' in credentialRequest && typeof credentialRequest.credential_identifier === 'string') {
       const offeredCredential = offeredCredentials[credentialRequest.credential_identifier]

packages/openid4vc/src/openid4vc-issuer/OpenId4VcIssuerServiceOptions.ts

@@ -59,9 +59,9 @@ export interface OpenId4VciCreateCredentialOfferOptions {
   issuanceMetadata?: Record<string, unknown>
 
   /**
-   * @default v11
+   * @default v1.draft11-13
    */
-  version?: 'v1.draft11' | 'v1.draft13'
+  version?: 'v1.draft11-13' | 'v1.draft13'
 }
 
 export interface OpenId4VciCreateCredentialResponseOptions {

packages/openid4vc/src/openid4vc-issuer/repository/OpenId4VcIssuerRecord.ts

@@ -1,16 +1,31 @@
+import type {
+  OpenId4VciCredentialSupportedWithId,
+  OpenId4VciCredentialConfigurationsSupported,
+  OpenId4VciIssuerMetadataDisplay,
+} from '../../shared'
 import type { RecordTags, TagsBase } from '@credo-ts/core'
 
 import { BaseRecord, utils } from '@credo-ts/core'
 
-import { type OpenId4VciCredentialSupportedWithId, type OpenId4VciIssuerMetadataDisplay } from '../../shared'
+import { credentialsSupportedV13ToV11 } from '../../shared/issuerMetadataUtils'
 
 export type OpenId4VcIssuerRecordTags = RecordTags<OpenId4VcIssuerRecord>
 
 export type DefaultOpenId4VcIssuerRecordTags = {
   issuerId: string
 }
 
-export interface OpenId4VcIssuerRecordProps {
+export interface OpenId4VcIssuerRecordCredentialSupportedProps {
+  credentialsSupported: OpenId4VciCredentialSupportedWithId[]
+  credentialConfigurationsSupported?: never
+}
+
+export interface OpenId4VcIssuerRecordCredentialConfigurationsSupportedProps {
+  credentialsSupported?: never
+  credentialConfigurationsSupported: OpenId4VciCredentialConfigurationsSupported
+}
+
+export type OpenId4VcIssuerRecordProps = {
   id?: string
   createdAt?: Date
   tags?: TagsBase
@@ -23,9 +38,8 @@ export interface OpenId4VcIssuerRecordProps {
    */
   accessTokenPublicKeyFingerprint: string
 
-  credentialsSupported: OpenId4VciCredentialSupportedWithId[]
   display?: OpenId4VciIssuerMetadataDisplay[]
-}
+} & (OpenId4VcIssuerRecordCredentialSupportedProps | OpenId4VcIssuerRecordCredentialConfigurationsSupportedProps)
 
 /**
  * For OID4VC you need to expos metadata files. Each issuer needs to host this metadata. This is not the case for DIDComm where we can just have one /didcomm endpoint.
@@ -40,6 +54,7 @@ export class OpenId4VcIssuerRecord extends BaseRecord<DefaultOpenId4VcIssuerReco
   public accessTokenPublicKeyFingerprint!: string
 
   public credentialsSupported!: OpenId4VciCredentialSupportedWithId[]
+  public credentialConfigurationsSupported?: OpenId4VciCredentialConfigurationsSupported
   public display?: OpenId4VciIssuerMetadataDisplay[]
 
   public constructor(props: OpenId4VcIssuerRecordProps) {
@@ -52,8 +67,9 @@ export class OpenId4VcIssuerRecord extends BaseRecord<DefaultOpenId4VcIssuerReco
 
       this.issuerId = props.issuerId
       this.accessTokenPublicKeyFingerprint = props.accessTokenPublicKeyFingerprint
-      this.credentialsSupported = props.credentialsSupported
-
+      this.credentialsSupported =
+        props.credentialsSupported ?? credentialsSupportedV13ToV11(props.credentialConfigurationsSupported)
+      this.credentialConfigurationsSupported = props.credentialConfigurationsSupported
       this.display = props.display
     }
   }

packages/openid4vc/src/openid4vc-issuer/router/metadataEndpoint.ts

@@ -2,7 +2,7 @@ import type { OpenId4VcIssuanceRequest } from './requestContext'
 import type { CredentialIssuerMetadata } from '@sphereon/oid4vci-common'
 import type { Router, Response } from 'express'
 
-import { credentialsSupportedV11ToV13, getProofTypesSupported } from '../../shared/issuerMetadataUtils'
+import { credentialsSupportedV11ToV13 } from '../../shared/issuerMetadataUtils'
 import { getRequestContext, sendErrorResponse } from '../../shared/router'
 import { OpenId4VcIssuerService } from '../OpenId4VcIssuerService'
 
@@ -11,8 +11,6 @@ export function configureIssuerMetadataEndpoint(router: Router) {
     '/.well-known/openid-credential-issuer',
     (_request: OpenId4VcIssuanceRequest, response: Response, next) => {
       const { agentContext, issuer } = getRequestContext(_request)
-
-      const proofTypesSupported = getProofTypesSupported(agentContext)
       try {
         const openId4VcIssuerService = agentContext.dependencyManager.resolve(OpenId4VcIssuerService)
         const issuerMetadata = openId4VcIssuerService.getIssuerMetadata(agentContext, issuer)
@@ -23,9 +21,9 @@ export function configureIssuerMetadataEndpoint(router: Router) {
           authorization_server: issuerMetadata.authorizationServer,
           authorization_servers: issuerMetadata.authorizationServer ? [issuerMetadata.authorizationServer] : undefined,
           credentials_supported: issuerMetadata.credentialsSupported,
-          credential_configurations_supported: credentialsSupportedV11ToV13(issuerMetadata.credentialsSupported, {
-            proofTypesSupported,
-          }),
+          credential_configurations_supported:
+            issuer.credentialConfigurationsSupported ??
+            credentialsSupportedV11ToV13(agentContext, issuerMetadata.credentialsSupported),
           display: issuerMetadata.issuerDisplay,
         } satisfies CredentialIssuerMetadata