import { CredentialFormat, ISimpleLogger } from '@sphereon/ssi-types'; import { CreateDPoPClientOpts, JWK } from '@sphereon/oid4vc-common'; import * as _sphereon_oid4vci_common from '@sphereon/oid4vci-common'; import { AccessTokenRequestOpts, OpenIDResponse, AccessTokenResponse, DPoPResponseParams, AccessTokenRequest, TxCodeAndPinRequired, EndpointMetadata, AuthorizationServerOpts, IssuerOpts, RequestObjectOpts, PKCEOpts, EndpointMetadataResult as EndpointMetadataResult$1, AuthorizationRequestOpts, CredentialOfferRequestWithBaseUrl, CredentialConfigurationSupported, OpenId4VCIVersion, AuthorizationChallengeRequestOpts, AuthorizationChallengeCodeResponse, CommonAuthorizationChallengeRequest, ExperimentalSubjectIssuance, EndpointMetadataResultV1_0_15, UniformCredentialOfferRequest, CredentialIssuerMetadataV1_0_15, EndpointMetadataResultV1_0, CredentialIssuerMetadataV1_0, Jwt, ProofOfPossessionCallbacks, PoPMode, ProofOfPossession, Alg, Typ, AuthorizationDetailsV1_0_15, AuthorizationDetailsV1_0, OID4VCICredentialFormat, CredentialResponse, CredentialRequest, CredentialRequestV1_0_15, CredentialRequestV1_0, CredentialIssuerMetadata, NotificationRequest, NotificationResponseResult, WellKnownEndpoints, CredentialOfferPayload, SignedMetadataVerifyCallback, CredentialOfferPayloadV1_0_15, IssuerMetadataV1_0_15, CredentialOfferPayloadV1_0, IssuerMetadataV1_0, AuthorizationResponse, CredentialResponseV1_0_15, CredentialConfigurationSupportedV1_0_15, AuthzFlowType } from '@sphereon/oid4vci-common'; declare class AccessTokenClient { acquireAccessToken(opts: AccessTokenRequestOpts): Promise>; acquireAccessTokenUsingRequest({ accessTokenRequest, pinMetadata, metadata, asOpts, issuerOpts, createDPoPOpts, }: { accessTokenRequest: AccessTokenRequest; pinMetadata?: TxCodeAndPinRequired; metadata?: EndpointMetadata; asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; createDPoPOpts?: CreateDPoPClientOpts; }): Promise>; createAccessTokenRequest(opts: Omit): Promise; private assertPreAuthorizedGrantType; private assertAuthorizationGrantType; private getPinMetadata; private assertAlphanumericPin; private assertNonEmptyPreAuthorizedCode; private assertNonEmptyCodeVerifier; private assertNonEmptyCode; private validate; private sendAuthCode; static determineTokenURL({ asOpts, issuerOpts, metadata, }: { asOpts?: AuthorizationServerOpts; issuerOpts?: IssuerOpts; metadata?: EndpointMetadata; }): string; private static creatTokenURLFromURL; private throwNotSupportedFlow; } declare function createSignedAuthRequestWhenNeeded(requestObject: Record, opts: RequestObjectOpts & { aud?: string; }): Promise; declare const createAuthorizationRequestUrl: ({ pkce, endpointMetadata, authorizationRequest, credentialOffer, credentialConfigurationSupported, clientId, version, }: { pkce: PKCEOpts; endpointMetadata: EndpointMetadataResult$1; authorizationRequest: AuthorizationRequestOpts; credentialOffer?: CredentialOfferRequestWithBaseUrl; credentialConfigurationSupported?: Record; clientId?: string; version?: OpenId4VCIVersion; }) => Promise; declare const acquireAuthorizationChallengeAuthCode: (opts: AuthorizationChallengeRequestOpts) => Promise>; declare const acquireAuthorizationChallengeAuthCodeUsingRequest: (opts: { authorizationChallengeRequest: CommonAuthorizationChallengeRequest; metadata?: EndpointMetadata; issuerOpts?: IssuerOpts; }) => Promise>; declare const createAuthorizationChallengeRequest: (opts: AuthorizationChallengeRequestOpts) => Promise; declare const sendAuthorizationChallengeRequest: (authorizationChallengeCodeUrl: string, authorizationChallengeRequest: CommonAuthorizationChallengeRequest, opts?: { headers?: Record; }) => Promise>; declare class CredentialRequestClientBuilderV1_0_15 { credentialEndpoint?: string; deferredCredentialEndpoint?: string; nonceEndpoint?: string; deferredCredentialAwait: boolean; deferredCredentialIntervalInMS: number; credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string[]; token?: string; version?: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialConfigurationId, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadataResultV1_0_15; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilderV1_0_15; static fromURI({ uri, metadata, }: { uri: string; metadata?: EndpointMetadataResultV1_0_15; }): Promise; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilderV1_0_15; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilderV1_0_15; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withCredentialEndpoint(credentialEndpoint: string): this; withIssuerState(issuerState?: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withNonceEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withNonceEndpoint(nonceEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withCredentialConfigurationId(credentialConfigurationId: string): this; withCredentialType(credentialTypes: string | string[]): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } declare class CredentialRequestClientBuilderV1_0 { credentialEndpoint?: string; deferredCredentialEndpoint?: string; nonceEndpoint?: string; deferredCredentialAwait: boolean; deferredCredentialIntervalInMS: number; credentialIdentifiers?: string[]; credentialConfigurationId?: string; credentialTypes?: string[]; token?: string; version?: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifiers, credentialConfigurationId, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadataResultV1_0; version?: OpenId4VCIVersion; credentialIdentifiers?: string[]; credentialConfigurationId?: string; credentialTypes?: string | string[]; }): CredentialRequestClientBuilderV1_0; static fromURI({ uri, metadata, }: { uri: string; metadata?: EndpointMetadataResultV1_0; }): Promise; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadataResultV1_0; }): CredentialRequestClientBuilderV1_0; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadataResultV1_0; }): CredentialRequestClientBuilderV1_0; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0): this; withCredentialEndpoint(credentialEndpoint: string): this; withIssuerState(issuerState?: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withNonceEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0): this; withNonceEndpoint(nonceEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifiers(credentialIdentifiers: string[]): this; withCredentialConfigurationId(credentialConfigurationId: string): this; withCredentialType(credentialTypes: string | string[]): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } declare class ProofOfPossessionBuilder { private readonly proof?; private readonly callbacks?; private readonly mode; private kid?; private jwk?; private aud?; private clientId?; private issuer?; private jwt?; private alg?; private jti?; private cNonce?; private typ?; private proofType; private coseKey?; private constructor(); static manual({ jwt, callbacks, version, mode, }: { jwt?: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromJwt({ jwt, callbacks, version, mode, }: { jwt: Jwt; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromAccessTokenResponse({ accessTokenResponse, callbacks, version, mode, }: { accessTokenResponse: AccessTokenResponse; callbacks: ProofOfPossessionCallbacks; version: OpenId4VCIVersion; mode?: PoPMode; }): ProofOfPossessionBuilder; static fromProof(proof: ProofOfPossession, version: OpenId4VCIVersion): ProofOfPossessionBuilder; withAud(aud: string | string[]): this; withClientId(clientId: string): this; withKid(kid: string): this; withJWK(jwk: JWK): this; withIssuer(issuer: string): this; withAlg(alg: Alg | string): this; withJti(jti: string): this; withTyp(typ: Typ): this; withProofType(proofType: 'jwt' | 'cwt'): this; withCoseKey(coseKey: unknown): this; withAccessTokenNonce(cNonce: string): this; withAccessTokenResponse(accessToken: AccessTokenResponse): this; withEndpointMetadata(endpointMetadata: EndpointMetadata): this; withJwt(jwt: Jwt): this; build(): Promise; } interface CredentialRequestOpts { deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; credentialEndpoint: string; notificationEndpoint?: string; deferredCredentialEndpoint?: string; credentialTypes?: string[]; credentialIdentifier?: string; credentialIdentifiers?: string[]; credentialConfigurationId?: string; proof: ProofOfPossession; token: string; version: OpenId4VCIVersion; subjectIssuance?: ExperimentalSubjectIssuance; issuerState?: string; authorizationDetails?: (AuthorizationDetailsV1_0_15 | AuthorizationDetailsV1_0)[]; } type CreateCredentialRequestOpts = { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format?: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; version: OpenId4VCIVersion; credentialConfigurationId?: string; }; declare function buildProof(proofInput: ProofOfPossessionBuilder | ProofOfPossession, opts: { version: OpenId4VCIVersion; cNonce?: string; }): Promise; declare class CredentialRequestClient { private readonly _credentialRequestOpts; private _isDeferred; get credentialRequestOpts(): CredentialRequestOpts; isDeferred(): boolean; getCredentialEndpoint(): string; getDeferredCredentialEndpoint(): string | undefined; constructor(builder: CredentialRequestClientBuilderV1_0_15 | CredentialRequestClientBuilderV1_0); /** * Typically you should not use this method, as it omits a proof from the request. * There are certain issuers that in specific circumstances can do without this proof, because they have other means of user binding * like using DPoP together with an authorization code flow. These are however rare, so you should be using the acquireCredentialsUsingProof normally * @param opts */ acquireCredentialsWithoutProof(opts: { credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; format: CredentialFormat | OID4VCICredentialFormat; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise & { access_token: string; }>; acquireCredentialsUsingProof(opts: { proofInput: ProofOfPossessionBuilder | ProofOfPossession; format: CredentialFormat | OID4VCICredentialFormat; credentialIdentifier?: string; credentialTypes?: string | string[]; context?: string[]; subjectIssuance?: ExperimentalSubjectIssuance; createDPoPOpts?: CreateDPoPClientOpts; }): Promise & { access_token: string; }>; acquireCredentialsUsingRequestWithoutProof(uniformRequest: CredentialRequest, format: OID4VCICredentialFormat, createDPoPOpts?: CreateDPoPClientOpts): Promise & { access_token: string; }>; acquireCredentialsUsingRequest(uniformRequest: CredentialRequest, format: OID4VCICredentialFormat, createDPoPOpts?: CreateDPoPClientOpts): Promise & { access_token: string; }>; private acquireCredentialsUsingRequestImpl; acquireDeferredCredential(response: Pick, opts?: { bearerToken?: string; }): Promise & { access_token: string; }>; createCredentialRequestWithoutProof(opts: CreateCredentialRequestOpts): Promise; createCredentialRequest(opts: CreateCredentialRequestOpts & { proofInput: ProofOfPossessionBuilder | ProofOfPossession; }): Promise; private createCredentialRequestImpl; private version; } declare class CredentialOfferClient { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialOfferClientV1_0_15 { static fromURI(uri: string, opts?: { resolve?: boolean; }): Promise; static toURI(requestWithBaseUrl: CredentialOfferRequestWithBaseUrl, opts?: { version?: OpenId4VCIVersion; }): string; } declare class CredentialRequestClientBuilder { private _builder; private constructor(); static fromCredentialIssuer({ credentialIssuer, metadata, version, credentialIdentifier, credentialIdentifiers, credentialTypes, }: { credentialIssuer: string; metadata?: EndpointMetadata; version?: OpenId4VCIVersion; credentialIdentifier?: string; credentialIdentifiers?: string[]; credentialTypes?: string | string[]; }): CredentialRequestClientBuilder; static fromURI({ uri, metadata, }: { uri: string; metadata?: EndpointMetadataResultV1_0_15; }): Promise; static fromCredentialOfferRequest(opts: { request: UniformCredentialOfferRequest; scheme?: string; baseUrl?: string; version?: OpenId4VCIVersion; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilder; static fromCredentialOffer({ credentialOffer, metadata, }: { credentialOffer: CredentialOfferRequestWithBaseUrl; metadata?: EndpointMetadataResultV1_0_15; }): CredentialRequestClientBuilder; getVersion(): OpenId4VCIVersion | undefined; withCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadata | CredentialIssuerMetadataV1_0_15): this; withCredentialEndpoint(credentialEndpoint: string): this; withDeferredCredentialEndpointFromMetadata(metadata: CredentialIssuerMetadataV1_0_15): this; withDeferredCredentialEndpoint(deferredCredentialEndpoint: string): this; withDeferredCredentialAwait(deferredCredentialAwait: boolean, deferredCredentialIntervalInMS?: number): this; withCredentialIdentifier(credentialIdentifier: string): this; withCredentialIdentifiers(credentialIdentifiers: string[]): this; withIssuerState(issuerState?: string): this; withCredentialType(credentialTypes: string | string[]): this; withSubjectIssuance(subjectIssuance: ExperimentalSubjectIssuance): this; withToken(accessToken: string): this; withTokenFromResponse(response: AccessTokenResponse): this; withVersion(version: OpenId4VCIVersion): this; build(): CredentialRequestClient; } declare const generateMissingPKCEOpts: (pkce: PKCEOpts) => PKCEOpts; declare function sendNotification(credentialRequestOpts: Partial, request: NotificationRequest, accessToken?: string): Promise; /** * Allows to retrieve information from a well-known location * * @param host The host * @param endpointType The endpoint type, currently supports OID4VCI, OIDC and OAuth2 endpoint types * @param opts Options, like for instance whether an error should be thrown in case the endpoint doesn't exist */ declare const retrieveWellknown: (host: string, endpointType: WellKnownEndpoints, opts?: { errorOnNotFound?: boolean; }) => Promise>; declare const createJwtBearerClientAssertion: (request: Partial, opts: AccessTokenRequestOpts & { version?: OpenId4VCIVersion; }) => Promise; declare function isUriEncoded(str: string): boolean; declare function handleCredentialOfferUri(uri: string): Promise<{ credential_offer: unknown; }>; declare function constructBaseResponse(request: UniformCredentialOfferRequest, scheme: string, baseUrl: string): { txCode?: _sphereon_oid4vci_common.TxCode | undefined; preAuthorizedCode?: string | undefined; issuerState?: string | undefined; original_credential_offer: _sphereon_oid4vci_common.CredentialOfferPayload; version: _sphereon_oid4vci_common.OpenId4VCIVersion; supportedFlows: _sphereon_oid4vci_common.AuthzFlowType[]; credential_offer: _sphereon_oid4vci_common.UniformCredentialOfferPayload; credential_offer_uri?: string; clientId?: string | undefined; scheme: string; baseUrl: string; }; declare class MetadataClient { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayload): Promise; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound?: boolean; signedMetadataVerifyCallback?: SignedMetadataVerifyCallback; }): Promise; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise | undefined>; } declare class MetadataClientV1_0_15 { /** * Retrieve metadata using the Initiation obtained from a previous step * * @param credentialOffer */ static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise; /** * Retrieve the metada using the initiation request obtained from a previous step * @param request */ static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayloadV1_0_15): Promise; /** * Retrieve all metadata from an issuer * @param issuer The issuer URL * @param opts */ static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound?: boolean; signedMetadataVerifyCallback?: SignedMetadataVerifyCallback; }): Promise; /** * Retrieve only the OID4VCI metadata for the issuer. So no OIDC/OAuth2 metadata * * @param issuerHost The issuer hostname * @param opts */ static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise | undefined>; } declare class MetadataClientV1_0 { static retrieveAllMetadataFromCredentialOffer(credentialOffer: CredentialOfferRequestWithBaseUrl): Promise; static retrieveAllMetadataFromCredentialOfferRequest(request: CredentialOfferPayloadV1_0): Promise; static retrieveAllMetadata(issuer: string, opts?: { errorOnNotFound?: boolean; signedMetadataVerifyCallback?: SignedMetadataVerifyCallback; }): Promise; static retrieveOpenID4VCIServerMetadata(issuerHost: string, opts?: { errorOnNotFound?: boolean; }): Promise | undefined>; } interface OpenID4VCIClientStateV1_0_15 { credentialIssuer: string; credentialOffer?: CredentialOfferRequestWithBaseUrl; clientId?: string; kid?: string; jwk?: JWK; alg?: Alg | string; endpointMetadata?: EndpointMetadataResultV1_0_15; accessTokenResponse?: AccessTokenResponse; dpopResponseParams?: DPoPResponseParams; authorizationRequestOpts?: AuthorizationRequestOpts; authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse; pkce: PKCEOpts; accessToken?: string; authorizationURL?: string; cachedCNonce?: string; keyAttestation?: string; } declare class OpenID4VCIClientV1_0_15 { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, keyAttestation, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; keyAttestation?: string; }): Promise; static fromState({ state, }: { state: OpenID4VCIClientStateV1_0_15 | string; }): Promise; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, keyAttestation, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; keyAttestation?: string; }): Promise; createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise; retrieveServerMetadata(): Promise; acquireNonce(): Promise; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise; acquireAccessToken(opts?: Omit & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record; }): Promise; acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; createDPoPOpts?: CreateDPoPClientOpts; }): Promise; exportState(): Promise; getCredentialsSupported(restrictToInitiationTypes?: boolean, format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record; sendNotification(credentialRequestOpts: Partial, request: NotificationRequest, accessToken?: string): Promise; getCredentialOfferConfigurationIds(): string[]; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResultV1_0_15; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; get state(): OpenID4VCIClientStateV1_0_15; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; getNonceEndpoint(): string | undefined; hasNonceEndpoint(): boolean; getAuthorizationChallengeEndpoint(): string | undefined; hasAuthorizationChallengeEndpoint(): boolean; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string | undefined; isEBSI(): any; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; } type OpenID4VCIClientState = OpenID4VCIClientStateV1_0_15; type EndpointMetadataResult = EndpointMetadataResultV1_0_15; declare class OpenID4VCIClient { private readonly _state; private constructor(); static fromCredentialIssuer({ kid, alg, retrieveServerMetadata, clientId, credentialIssuer, pkce, authorizationRequest, createAuthorizationRequestURL, endpointMetadata, }: { credentialIssuer: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; clientId?: string; createAuthorizationRequestURL?: boolean; authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; endpointMetadata?: EndpointMetadataResult; }): Promise; static fromState({ state }: { state: OpenID4VCIClientState | string; }): Promise; static fromURI({ uri, kid, alg, retrieveServerMetadata, clientId, pkce, createAuthorizationRequestURL, authorizationRequest, resolveOfferUri, endpointMetadata, }: { uri: string; kid?: string; alg?: Alg | string; retrieveServerMetadata?: boolean; createAuthorizationRequestURL?: boolean; resolveOfferUri?: boolean; pkce?: PKCEOpts; clientId?: string; authorizationRequest?: AuthorizationRequestOpts; endpointMetadata?: EndpointMetadataResult; }): Promise; /** * Allows you to create an Authorization Request URL when using an Authorization Code flow. This URL needs to be accessed using the front channel (browser) * * The Identity provider would present a login screen typically; after you authenticated, it would redirect to the provided redirectUri; which can be same device or cross-device * @param opts */ createAuthorizationRequestUrl(opts?: { authorizationRequest?: AuthorizationRequestOpts; pkce?: PKCEOpts; }): Promise; retrieveServerMetadata(): Promise; private calculatePKCEOpts; acquireAuthorizationChallengeCode(opts?: AuthorizationChallengeRequestOpts): Promise; acquireAccessToken(opts?: Omit & { clientId?: string; authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; additionalRequestParams?: Record; }): Promise; acquireCredentials({ credentialIdentifier, credentialConfigurationId, credentialTypes, context, proofCallbacks, format, kid, jwk, alg, jti, deferredCredentialAwait, deferredCredentialIntervalInMS, createDPoPOpts, }: { credentialIdentifier?: string; credentialConfigurationId?: string; credentialTypes?: string | string[]; context?: string[]; proofCallbacks: ProofOfPossessionCallbacks; format: CredentialFormat | OID4VCICredentialFormat; kid?: string; jwk?: JWK; alg?: Alg | string; jti?: string; deferredCredentialAwait?: boolean; deferredCredentialIntervalInMS?: number; experimentalHolderIssuanceSupported?: boolean; createDPoPOpts?: CreateDPoPClientOpts; }): Promise; exportState(): Promise; getCredentialsSupported(format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): Record | Array; sendNotification(credentialRequestOpts: Partial, request: NotificationRequest, accessToken?: string): Promise; issuerSupportedFlowTypes(): AuthzFlowType[]; isFlowTypeSupported(flowType: AuthzFlowType): boolean; get authorizationURL(): string | undefined; hasAuthorizationURL(): boolean; get credentialOffer(): CredentialOfferRequestWithBaseUrl | undefined; version(): OpenId4VCIVersion; get endpointMetadata(): EndpointMetadataResult; get kid(): string; get alg(): string; set clientId(value: string | undefined); get clientId(): string | undefined; hasAccessTokenResponse(): boolean; get accessTokenResponse(): AccessTokenResponse; get dpopResponseParams(): DPoPResponseParams | undefined; getIssuer(): string; getAccessTokenEndpoint(): string; getCredentialEndpoint(): string; getAuthorizationChallengeEndpoint(): string | undefined; hasAuthorizationChallengeEndpoint(): boolean; hasDeferredCredentialEndpoint(): boolean; getDeferredCredentialEndpoint(): string; /** * Too bad we need a method like this, but EBSI is not exposing metadata */ isEBSI(): any; private assertIssuerData; private assertServerMetadata; private assertAccessToken; private syncAuthorizationRequestOpts; private getAuthorizationCode; private hasNonceEndpoint; private acquireNonceViaV15Delegate; private shouldRetryWithFreshNonce; } declare const LOG: ISimpleLogger; export { AccessTokenClient, type CreateCredentialRequestOpts, CredentialOfferClient, CredentialOfferClientV1_0_15, CredentialRequestClient, CredentialRequestClientBuilder, CredentialRequestClientBuilderV1_0, CredentialRequestClientBuilderV1_0_15, type CredentialRequestOpts, type EndpointMetadataResult, LOG, MetadataClient, MetadataClientV1_0, MetadataClientV1_0_15, OpenID4VCIClient, type OpenID4VCIClientState, type OpenID4VCIClientStateV1_0_15, OpenID4VCIClientV1_0_15, ProofOfPossessionBuilder, acquireAuthorizationChallengeAuthCode, acquireAuthorizationChallengeAuthCodeUsingRequest, buildProof, constructBaseResponse, createAuthorizationChallengeRequest, createAuthorizationRequestUrl, createJwtBearerClientAssertion, createSignedAuthRequestWhenNeeded, generateMissingPKCEOpts, handleCredentialOfferUri, isUriEncoded, retrieveWellknown, sendAuthorizationChallengeRequest, sendNotification };