fix: Make sure we use 'JWT' as typ instead of the lower case version …

…as suggested in the JWT RFC.

packages/callback-example/lib/__tests__/issuerCallback.spec.ts

@@ -264,7 +264,7 @@ describe('issuerCallback', () => {
  // format: 'jwt_vc_json',
  proof: {
  jwt: expect.stringContaining('eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFj'),
- proof_type: 'jwt',
+ proof_type: 'JWT',
  },
  credential_identifier: 'VerifiableCredential',
  })

packages/client/lib/AccessTokenClient.ts

@@ -50,6 +50,7 @@ export class AccessTokenClient {
  redirectUri,
  pin,
  pinMetadata,
+ credentialIssuer: issuer,
  }),
  pinMetadata,
  metadata,
@@ -95,7 +96,8 @@ export class AccessTokenClient {
  if (asOpts?.clientOpts?.clientId) {
  request.client_id = asOpts.clientOpts.clientId;
  }
- await createJwtBearerClientAssertion(request, opts);
+ const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;
+ await createJwtBearerClientAssertion(request, { ...opts, credentialIssuer });
 
  if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
  this.assertAlphanumericPin(opts.pinMetadata, pin);

packages/client/lib/AccessTokenClientV1_0_11.ts

@@ -95,11 +95,12 @@ export class AccessTokenClientV1_0_11 {
  ? await toUniformCredentialOfferRequest(opts.credentialOffer as CredentialOfferV1_0_11 | CredentialOfferV1_0_13)
  : undefined;
  const request: Partial<AccessTokenRequest> = { ...opts.additionalParams };
+ const credentialIssuer = opts.credentialIssuer ?? credentialOfferRequest?.credential_offer?.credential_issuer;
 
  if (asOpts?.clientOpts?.clientId) {
  request.client_id = asOpts.clientOpts.clientId;
  }
- await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11 });
+ await createJwtBearerClientAssertion(request, { ...opts, version: OpenId4VCIVersion.VER_1_0_11, credentialIssuer });
 
  if (credentialOfferRequest?.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
  this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);

packages/client/lib/AuthorizationCodeClient.ts

@@ -52,14 +52,14 @@ export async function createSignedAuthRequestWhenNeeded(requestObject: Record<st
  const iss = requestObject.iss ?? opts.iss ?? requestObject.client_id;
 
  const jwt: Jwt = {
- header: { alg: 'ES256', kid: opts.kid, typ: 'jwt' },
+ header: { alg: 'ES256', kid: opts.kid, typ: 'JWT' },
  payload: { ...requestObject, iss, authorization_details, ...(client_metadata && { client_metadata }) },
  };
  const pop = await ProofOfPossessionBuilder.fromJwt({
  jwt,
  callbacks: opts.signCallbacks,
  version: OpenId4VCIVersion.VER_1_0_11,
- mode: 'jwt',
+ mode: 'JWT',
  }).build();
  requestObject['request'] = pop.jwt;
  }

packages/client/lib/ProofOfPossessionBuilder.ts

@@ -53,7 +53,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
  if (jwt) {
  this.withJwt(jwt);
  } else {
- this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt');
+ this.withTyp(version < OpenId4VCIVersion.VER_1_0_11 || mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt');
  }
  if (accessTokenResponse) {
  this.withAccessTokenResponse(accessTokenResponse);
@@ -64,7 +64,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
  jwt,
  callbacks,
  version,
- mode = 'jwt',
+ mode = 'JWT',
  }: {
  jwt?: Jwt;
  callbacks: ProofOfPossessionCallbacks<DIDDoc>;
@@ -144,11 +144,11 @@ export class ProofOfPossessionBuilder<DIDDoc> {
  withTyp(typ: Typ): this {
  if (this.mode === 'pop' && this.version >= OpenId4VCIVersion.VER_1_0_11) {
  if (!!typ && typ !== 'openid4vci-proof+jwt') {
- throw Error('typ must be openid4vci-proof+jwt for version 1.0.11 and up');
+ throw Error(`typ must be openid4vci-proof+jwt for version 1.0.11 and up. Provided: ${typ}`);
  }
  } else {
- if (!!typ && typ !== 'jwt') {
- throw Error('typ must be jwt for version 1.0.10 and below');
+ if (!!typ && typ !== 'JWT') {
+ throw Error(`typ must be jwt for version 1.0.10 and below. Provided: ${typ}`);
  }
  }
  this.typ = typ;
@@ -216,7 +216,7 @@ export class ProofOfPossessionBuilder<DIDDoc> {
  this.mode,
  this.callbacks,
  {
- typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'jwt' ? 'jwt' : 'openid4vci-proof+jwt'),
+ typ: this.typ ?? (this.version < OpenId4VCIVersion.VER_1_0_11 || this.mode === 'JWT' ? 'JWT' : 'openid4vci-proof+jwt'),
  kid: this.kid,
  jwk: this.jwk,
  jti: this.jti,

packages/client/lib/__tests__/CredentialRequestClient.spec.ts

@@ -29,7 +29,7 @@ import { getMockData } from './data/VciDataFixtures';
 const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 
 const jwt1_0_08: Jwt = {
- header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
@@ -184,7 +184,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
  },
  credentialTypes: 'OpenBadgeCredential',
@@ -208,7 +208,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('walt')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -231,7 +231,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('uniissuer')?.credential.request.proof.jwt as string,
  },
  credentialIdentifier: 'OpenBadgeCredential',
@@ -253,7 +253,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('mattr')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -276,7 +276,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -318,7 +318,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
  },
  credentialIdentifier: 'BevoegdheidUittreksel_jwt_vc_json',
@@ -337,7 +337,7 @@ describe('Credential Request Client with different issuers ', () => {
  expect(credentialRequest.credential_identifier).toEqual('BevoegdheidUittreksel_jwt_vc_json');
  expect(credentialRequest.proof).toEqual({
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
- proof_type: 'jwt',
+ proof_type: 'JWT',
  });
  });
 });

packages/client/lib/__tests__/CredentialRequestClientBuilder.spec.ts

@@ -20,7 +20,7 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';
 
 /*const jwtv1_0_08: Jwt = {
- header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };*/
 

packages/client/lib/__tests__/CredentialRequestClientV1_0_11.spec.ts

@@ -31,12 +31,12 @@ const partialJWT = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmN';
 const partialJWT_withoutDid = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJlYmZlYjFmNzEyZWJjNmYxYzI3N';
 
 const jwt: Jwt = {
- header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
 const jwt_withoutDid: Jwt = {
- header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL },
 };
 
@@ -305,7 +305,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('spruce')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -329,7 +329,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('walt')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -352,7 +352,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('uniissuer')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -374,7 +374,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('mattr')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],
@@ -397,7 +397,7 @@ describe('Credential Request Client with different issuers ', () => {
  .build()
  .createCredentialRequest({
  proofInput: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: getMockData('diwala')?.credential.request.proof.jwt as string,
  },
  credentialTypes: ['OpenBadgeCredential'],

packages/client/lib/__tests__/ProofOfPossessionBuilder.spec.ts

@@ -8,12 +8,12 @@ import { ProofOfPossessionBuilder } from '..';
 import { IDENTIPROOF_ISSUER_URL } from './MetadataMocks';
 
 const jwt: Jwt = {
- header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 
 const jwt_withoutDid: Jwt = {
- header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'jwt' },
+ header: { alg: Alg.ES256, kid: 'ebfeb1f712ebc6f1c276e12ec21/keys/1', typ: 'JWT' },
  payload: { iss: 'sphereon:wallet', nonce: 'tZignsnFbp', jti: 'tZignsnFbp223', aud: IDENTIPROOF_ISSUER_URL, iat: Date.now() / 1000 },
 };
 

packages/client/lib/__tests__/data/VciDataFixtures.ts

@@ -51,7 +51,7 @@ export interface IssuerMockData {
  type?: string;
  format: 'jwt_vc' | 'ldp_vc' | 'jwt_vc_json-ld' | string;
  proof: {
- proof_type: 'jwt' | string;
+ proof_type: 'JWT' | string;
  jwt: string;
  };
  };
@@ -119,7 +119,7 @@ const mockData: VciMockDataStructure = {
  type: 'OpenBadgeCredential',
  format: 'jwt_vc',
  proof: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL25naS1vaWRjNHZjaS10ZXN0LnNwcnVjZWlkLnh5eiIsImlhdCI6MTY4MTkxMTA2MC45NDIsImV4cCI6MTY4MTkxMTcyMC45NDIsImlzcyI6InNwaGVyZW9uOnNzaS13YWxsZXQiLCJqdGkiOiJhNjA4MzMxZi02ZmE0LTQ0ZjAtYWNkZWY5NmFjMjdmNmQ3MCJ9.NwF3_41gwnlIdd_6Uk9CczeQHzIQt6UcvTT5Cxv72j9S1vNwiY9annA2kLsjsTiR5-WMBdUhJCO7wYCtZ15mxw',
  },
  },
@@ -365,7 +365,7 @@ const mockData: VciMockDataStructure = {
  types: ['OpenBadgeCredential'],
  format: 'jwt_vc',
  proof: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL2pmZi53YWx0LmlkL2lzc3Vlci1hcGkvZGVmYXVsdC9vaWRjLyIsImlhdCI6MTY4MTkxMTk0Mi4yMzgsImV4cCI6MTY4MTkxMjYwMi4yMzgsIm5vbmNlIjoiZjA2YTMxMDUtYTJlZC00NGZjLTk1NGItNGEyNTk3MDM0OTNiIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjA1OWM3ODA5LTlmOGYtNGE3ZS1hZDI4YTNhMTNhMGIzNmViIn0.RfiWyybxpe3nkx3b0yIsqDHQtvB1WwhDW4t0X-kijy2dsSfv2cYhSEmAzs1shg7OV4EW8fSzt_Te79xiVl6jCw',
  },
  },
@@ -483,7 +483,7 @@ const mockData: VciMockDataStructure = {
  types: ['OpenBadgeCredential'],
  format: 'jwt_vc',
  proof: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lKclpuVmpTa0V0VEhKck9VWjBPRmx5TFVkMlQzSmpia3N3YjNkc2RqUlhNblUwU3pJeFNHZHZTVlIzSWl3aWVTSTZJalozY0ZCUE1rOUNRVXBTU0ZFMVRXdEtXVlJaV0dsQlJFUXdOMU5OTlV0amVXcDNYMkUzVUUxWmVGa2lmUSMwIn0.eyJhdWQiOiJodHRwczovL29pZGM0dmMudW5paXNzdWVyLmlvLyIsImlhdCI6MTY4MTkxMjgzNy40MTQsImV4cCI6MTY4MTkxMzQ5Ny40MTQsIm5vbmNlIjoiMzhkMzZmM2ItNzJlMy00ODg2LWI2MGMtMzZiNzcwZDBlNGVhIiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImIzYWEyMmFkLWExZTItNDJjOC1iMGI4ZTdjNDgzZDg4M2U4In0.awwIJ0422HSdOsCIe8k7zjxqY6RVaHK2ItUFqbmVjqLXxWt-Mp7cXF84n9HGgC8fgGOKmjlgXdNLr_Jiio_e3g',
  },
  },
@@ -582,7 +582,7 @@ const mockData: VciMockDataStructure = {
  type: 'OpenBadgeCredential',
  format: 'ldp_vc',
  proof: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL2xhdW5jaHBhZC5tYXR0cmxhYnMuY29tIiwiaWF0IjoxNjgxOTE0NDgyLjUxOSwiZXhwIjoxNjgxOTE1MTQyLjUxOSwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6ImI5NDY1ZGE5LTY4OGYtNDdjNi04MjUwNDA0ZGNiOWI5Y2E5In0.uQ8ewOfIjy_1p_Gk6PjeEWccBJnjOca1pwbTWiCAFMQX9wlIsfeUdGtXUoHjH5_PQtpwytodx7WU456_CT9iBQ',
  },
  },
@@ -696,7 +696,7 @@ const mockData: VciMockDataStructure = {
  type: 'OpenBadgeCredential',
  format: 'ldp_vc',
  proof: {
- proof_type: 'jwt',
+ proof_type: 'JWT',
  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa3AxM3N6QUFMVFN0cDV1OGtMcnl5YW5vYWtrVWtFUGZXazdvOHY3dms0RW1KI3o2TWtwMTNzekFBTFRTdHA1dThrTHJ5eWFub2Fra1VrRVBmV2s3bzh2N3ZrNEVtSiJ9.eyJhdWQiOiJodHRwczovL29pZGM0dmMuZGl3YWxhLmlvIiwiaWF0IjoxNjgxOTE1MDk1LjIwMiwiZXhwIjoxNjgxOTE1NzU1LjIwMiwiaXNzIjoic3BoZXJlb246c3NpLXdhbGxldCIsImp0aSI6IjYxN2MwM2EzLTM3MTUtNGJlMy1hYjkxNzM4MTlmYzYxNTYzIn0.KA-cHjecaYp9FSaWHkz5cqtNyhBIVT_0I7cJnpHn03T4UWFvdhjhn8Hpe-BU247enFyWOWJ6v3NQZyZgle7xBA',
  },
  },

packages/client/lib/functions/AccessTokenUtil.ts

@@ -9,35 +9,38 @@ export const createJwtBearerClientAssertion = async (
  version?: OpenId4VCIVersion;
  },
 ): Promise<void> => {
- const { asOpts } = opts;
+ const { asOpts, credentialIssuer } = opts;
  if (asOpts?.clientOpts?.clientAssertionType === 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer') {
- if (!request.client_id) {
- throw Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`);
- } else if (!asOpts.clientOpts.kid) {
- throw Error(`No kid supplied, but client-assertion jwt-bearer requested.`);
- } else if (!asOpts.clientOpts.signCallbacks) {
- throw Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`);
+ const { kid, clientId = request.client_id, signCallbacks, alg } = asOpts.clientOpts;
+ if (!clientId) {
+ return Promise.reject(Error(`Not client_id supplied, but client-assertion jwt-bearer requested.`));
+ } else if (!kid) {
+ return Promise.reject(Error(`No kid supplied, but client-assertion jwt-bearer requested.`));
+ } else if (typeof signCallbacks !== 'function') {
+ return Promise.reject(Error(`No sign callback supplied, but client-assertion jwt-bearer requested.`));
+ } else if (!credentialIssuer) {
+ return Promise.reject(Error(`No credential issuer supplied, but client-assertion jwt-bearer requested.`));
  }
  const jwt: Jwt = {
  header: {
  typ: 'JWT',
- kid: asOpts.clientOpts.kid,
- alg: asOpts.clientOpts.alg ?? 'ES256',
+ kid: kid,
+ alg: alg ?? 'ES256',
  },
  payload: {
- iss: request.client_id,
- sub: request.client_id,
- aud: opts.credentialIssuer,
+ iss: clientId,
+ sub: clientId,
+ aud: credentialIssuer,
  jti: v4(),
  exp: Date.now() / 1000 + 60,
  iat: Date.now() / 1000 - 60,
  },
  };
  const pop = await ProofOfPossessionBuilder.fromJwt({
  jwt,
- callbacks: asOpts.clientOpts.signCallbacks,
+ callbacks: signCallbacks,
  version: opts.version ?? OpenId4VCIVersion.VER_1_0_13,
- mode: 'jwt',
+ mode: 'JWT',
  }).build();
  request.client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
  request.client_assertion = pop.jwt;

packages/common/lib/functions/FormatUtils.ts

@@ -27,7 +27,7 @@ export function getUniformFormat(format: string | OID4VCICredentialFormat | Cred
  }
 
  // Older formats
- if (format === 'jwt_vc' || format === 'jwt') {
+ if (format.toLocaleLowerCase() === 'jwt_vc' || format.toLocaleLowerCase() === 'jwt') {
  return 'jwt_vc';
  }
  if (format === 'ldp_vc' || format === 'ldp') {