chore: move openid-client exports to vci-issuer level instead of vci-…

…issuer-rest level. Still exposing them from there as well
Sphereon-Opensource · Jan 21, 2025 · 276cac5 · 276cac5
1 parent 1e5b251
commit 276cac5
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 48 deletions.
diff --git a/packages/issuer-rest/lib/OID4VCIServer.ts b/packages/issuer-rest/lib/OID4VCIServer.ts
@@ -173,7 +173,7 @@ export class OID4VCIServer<DIDDoc extends object> {
       }
       console.log('Token endpoint disabled by configuration')
     } else {
-      if (authServer && authServer.some(as => as !== this.issuer.issuerMetadata.credential_issuer)) {
+      if (authServer && authServer.some((as) => as !== this.issuer.issuerMetadata.credential_issuer)) {
         throw Error(
           `An external Authorization Server (AS) was already enabled in the issuer metadata (${authServer}). Cannot both have an AS and enable the token endpoint at the same time `,
         )

diff --git a/packages/issuer-rest/lib/index.ts b/packages/issuer-rest/lib/index.ts
@@ -1,49 +1,4 @@
 export * from './OID4VCIServer'
 export * from './oid4vci-api-functions'
 export * from './expressUtils'
-
-/**
- * Copied from openid-client
- */
-export type ResponseType = 'code' | 'id_token' | 'code id_token' | 'none' | string
-export type ClientAuthMethod =
-  | 'client_secret_basic'
-  | 'client_secret_post'
-  | 'client_secret_jwt'
-  | 'private_key_jwt'
-  | 'tls_client_auth'
-  | 'self_signed_tls_client_auth'
-  | 'none'
-export interface ClientMetadata {
-  // important
-  client_id: string
-  id_token_signed_response_alg?: string
-  token_endpoint_auth_method?: ClientAuthMethod
-  client_secret?: string
-  redirect_uris?: string[]
-  response_types?: ResponseType[]
-  post_logout_redirect_uris?: string[]
-  default_max_age?: number
-  require_auth_time?: boolean
-  tls_client_certificate_bound_access_tokens?: boolean
-  request_object_signing_alg?: string
-
-  // less important
-  id_token_encrypted_response_alg?: string
-  id_token_encrypted_response_enc?: string
-  introspection_endpoint_auth_method?: ClientAuthMethod
-  introspection_endpoint_auth_signing_alg?: string
-  request_object_encryption_alg?: string
-  request_object_encryption_enc?: string
-  revocation_endpoint_auth_method?: ClientAuthMethod
-  revocation_endpoint_auth_signing_alg?: string
-  token_endpoint_auth_signing_alg?: string
-  userinfo_encrypted_response_alg?: string
-  userinfo_encrypted_response_enc?: string
-  userinfo_signed_response_alg?: string
-  authorization_encrypted_response_alg?: string
-  authorization_encrypted_response_enc?: string
-  authorization_signed_response_alg?: string
-
-  [key: string]: unknown
-}
+export * from '@sphereon/oid4vci-issuer/dist/types/index'
diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts
@@ -93,7 +93,7 @@ export function accessTokenEndpoint<DIDDoc extends object>(
 ) {
   const tokenEndpoint = issuer.issuerMetadata.token_endpoint
   const externalAS = isExternalAS(issuer.issuerMetadata)
-  if (externalAS) {
+  if (externalAS || (opts.accessTokenProvider && opts.accessTokenProvider !== 'internal')) {
     LOG.log(`[OID4VCI] External Authorization Server ${tokenEndpoint} is being used. Not enabling issuer token endpoint`)
     return
   } else if (opts?.enabled === false) {

diff --git a/packages/issuer/lib/types/index.ts b/packages/issuer/lib/types/index.ts
@@ -1,3 +1,5 @@
+export * from './openid-client'
+
 import {
   AssertedUniformCredentialOffer,
   CNonceState,

diff --git a/packages/issuer/lib/types/openid-client.ts b/packages/issuer/lib/types/openid-client.ts
@@ -0,0 +1,45 @@
+/**
+ * Copied from openid-client
+ */
+export type ResponseType = 'code' | 'id_token' | 'code id_token' | 'none' | string
+export type ClientAuthMethod =
+  | 'client_secret_basic'
+  | 'client_secret_post'
+  | 'client_secret_jwt'
+  | 'private_key_jwt'
+  | 'tls_client_auth'
+  | 'self_signed_tls_client_auth'
+  | 'none'
+export interface ClientMetadata {
+  // important
+  client_id: string
+  id_token_signed_response_alg?: string
+  token_endpoint_auth_method?: ClientAuthMethod
+  client_secret?: string
+  redirect_uris?: string[]
+  response_types?: ResponseType[]
+  post_logout_redirect_uris?: string[]
+  default_max_age?: number
+  require_auth_time?: boolean
+  tls_client_certificate_bound_access_tokens?: boolean
+  request_object_signing_alg?: string
+
+  // less important
+  id_token_encrypted_response_alg?: string
+  id_token_encrypted_response_enc?: string
+  introspection_endpoint_auth_method?: ClientAuthMethod
+  introspection_endpoint_auth_signing_alg?: string
+  request_object_encryption_alg?: string
+  request_object_encryption_enc?: string
+  revocation_endpoint_auth_method?: ClientAuthMethod
+  revocation_endpoint_auth_signing_alg?: string
+  token_endpoint_auth_signing_alg?: string
+  userinfo_encrypted_response_alg?: string
+  userinfo_encrypted_response_enc?: string
+  userinfo_signed_response_alg?: string
+  authorization_encrypted_response_alg?: string
+  authorization_encrypted_response_enc?: string
+  authorization_signed_response_alg?: string
+
+  [key: string]: unknown
+}