v0.20.1

0.20.1 (2026-01-30)

Note: Version bump only for package @sphereon/oid4vci-workspace

v0.20.0

0.20.0 (2025-11-19)

IMPORTANT:

This release removed support for Presentation Exchange in OID4VP. This is because upstream support in the specification has been removed!. We also removed legacy draft versions now we are nearing at final versions. This means OID4VP Draft 28 (DIIPv4 profile) and 1.0 final are supported only and OID4VCI Draft 15 only (1.0 final will follow soon).

If you need to retain legacy support you will have to stay at version 0.19.x

Bug Fixes

• added verified data types (73d688d)
• DIIPv4 fixes (012b87c)

Features

• added callback support when creating auth requests (daddf2d)
• support draft 28 OID4VP (ab84e8b)
• use dcql queries only based on v1 of openid4vp spec (2ea4e37)

v0.19.0

0.19.0 (2025-05-22)

Features

• add biome (b8ff6cb)
• add biome (d92e50e)
• Add intuit/auto for release management (088b085)
• move from jest to vitest (6188f4a)
• Project is now ESM by default, bundled as CJS as well (af84cc5)

v0.17.0

0.17.0 (2025-03-14)

Bug Fixes

• access token client_id not always set (4b09936)
• access token client_id not always set (a3ef03e)
• add a test file to jarm (1309fb7)
• changes for oid4vc conformance tests (aa56dbf)
• check if oid4vp defined (c654a7b)
• client_id_scheme & default scope handling (c559618)
• Codecov (36c7e09)
• dcql alpha (6ff3355)
• Disable token endpoint in case asClientMetadata is found (362da1a)
• feedback (413ecb9)
• feedback (b119275)
• Fix disabled AS assertion by looking at configured AS (1e5b251)
• Fix for when credential_configuration_ids is being used together with credentials_supported (f696867)
• Fix for when credential_configuration_ids is being used together with credentials_supported (c9ff2fc)
• fix single vp_token being send is an array (e496ca2)
• fixed LanguageTagUtils tests (2a5e3a6)
• fixed LanguageTagUtils to only process field names if it has a mapping (e0c592e)
• format (688fb6d)
• jwk thumbprint digest (c9220ee)
• missing export (e520711)
• offer creation improvements (a0f5326)
• pnpm-lock (5513f07)
• remove mdoc (4d8859e)
• session and state to correlationId mapping bugfixes (c9b4d6f)
• small fixes for siop-oid4vp package (8584d76)
• small fixes for siop-oid4vp package (5aeff03)
• small fixes for siop-oid4vp package (5ccb87c)
• some nits (ac9ead6)
• test (2c1a354)
• test for nonce (f9b1bdf)
• update (9ff62bd)
• update dcql and incorporate feedback (76be4cc)
• update deps (ca61afe)
• update jarm (7b54fae)
• use error reason if provided (5f2b3f2)
• workflows (b3acdfb)

Features

• add aud/response_uri to request object, and client_id to the request (400df29)
• Add expiration to offers (bbd8d7e)
• add jarm package (4cb9259)
• add jarm package (9d6f07a)
• Add support for mDL / mdoc to the OID4VCI client (6556cc0)
• add things (6ad4d89)
• added DynamicRegistrationClientMetadata type and extended existing metadata for issuer and rp (97b8779)
• added support for first party applications (9c273b9)
• allow additional claims in access token (1f73783)
• Allow REST API and client to set client_id and other params (16a7a2c)
• Allow to acquire credentials without using a proof for V13. This is rare and has to be supported by the issuer. For instance when using DPop and authorization code (2f1fcee)
• changed the default uri scheme to openid4vp (e9dd686)
• dcql alpha (dc1c318)
• dcql alpha (4b7e8ae)
• Expose DPoP support also to main clients, instead of only to the access token client and credential request client (e2cc7f6)
• Improve create jarm response callback to also include clientMetadata, to make it easier for implementers to extract the enc jwks themselves (e71cd2d)
• Improvements to by reference offers. Also allow setting a correlationId on an offer (1020d26)
• jarm alpha (cc55d5e)
• jarm alpha (703e09e)
• mdoc credential issuance (86f6d4a)
• mso mdoc handling (d88df4f)
• MWALL-715 Add support for external AS (914d198)
• MWALL-715 Create notification endpoint logic in Issuer (2dff0df)
• OID4VCI Rest API session improvements and delete endpoint (0936d5d)
• Pass in issuer_state to regular state in auth code flow, so we get a better integration with any external OIDC solution (5b1178d)
• Pass in issuer_state to regular state in auth code flow, so we get a better integration with any external OIDC solution (09cbd0d)
• Pass in issuer_state to regular state in auth code flow, so we get a better integration with any external OIDC solution (e6222ff)
• support exchanges with multiple vps (5d5b0d7)
• Update CI to build branch named unstable releases, fixing duplicate versions when multiple feature branches exist simultaneously ([be5ceef](https://g...

v0.16.0

0.16.0 (2024-08-02)

Bug Fixes

• add some dpop unit tests (c24a898)
• ensure correct token_type in response (668c53f)
• header casing (b696dba)
• headers for error response (4c8319e)
• incorrect usage of errorBody (f25b7d6)
• jwk thumprint using crypto.subtle (56a291c)
• nits (1a54e69)
• prettier + eslint (57c7592)
• redirect uri should not be set with direct_post (42c8ddd)
• remove bug for txCode (57ca020)
• rename common to oid4vc-common (d89ac4f)
• scope and par fixes (71e72aa)
• some imports (5034468)
• some last nits (3c71599)
• v11 metadata type (0a8470b)
• varname (f92b2b9)

Features

• add additional dpop retry mechanisms (a102854)
• address feedback part 2 (01f6d4d)
• create common package (d5b4b75)
• dpop support (9202667)
• incorporate feedback and fix tests (c7c6af4)
• incorporate feedback part1 (f30475a)
• rename common to oid4vci-common (9efbf32)

v0.15.1

0.15.1 (2024-07-23)

Bug Fixes

• oid4vci draft 13 typing (6d0bfc9)
• txCode fixes #117 (7d17d13)

v0.15.0

0.15.0 (2024-07-15)

Bug Fixes

• add openid federation jwtVerifier (a5755ff)
• build (2da9205)
• build (84aba5e)
• remove outdated docs (31731e7)
• siop-oid4vp build order (dacf629)

Features

• add siop-oid4vp package (6bc76dd)
• did-auth-siop-adapter (32ec2fc)
• update pnpm-lock.yaml (158fb23)

v0.14.0

0.14.0 (2024-07-06)

Bug Fixes

• hasher dependency and token request assert vci11/13 (81bf769)
• undo tx_code changes (7888a14)
• update tx_code check (3b0971d)

Features

• Enable tx_code support for the issuer, and properly handle both the old userPin and tx_code on the client side. fixes #117 (e54071c)

v0.13.0

0.13.0 (2024-07-03)

Bug Fixes

• Make sure we use 'JWT' as typ instead of the lower case version as suggested in the JWT RFC. (1ff4e40)
• test added (f655bf0)
• test added (19b0704)

Features

• add get types from offer function to get the types from multiple versions of credential offers (b966d8c)
• Add support for jwt-bearer client assertions in access token (ab4905c)
• added a facade for CredentialRequestClientBuilder and adjusted the tests (30cddd3)
• added mock data for metadata draft 13 and added some tests for it (5439a02)
• added x5c support and made sure that we support request-responses without dids (27bc1d9)
• Allow to pass in custom access token request params (1a469f9)

v0.12.0

0.12.0 (2024-06-19)

This release introduces support for OID4VCI Draft 13, also known as Implementors Draft 1.
The current libraries support version 8,9, 11 and 13. Please be aware that that in an upcoming 1.x.x release we will drop everything below version 13!. This parties that rely on the version discovery for the client side, should stick to the 0.x.x releases

Bug Fixes

• (WIP) refactored and fixed parts of the logic for v1_0_13. (06117c0)
• (WIP) skipped failing tests and made comment to fix them (16f1673)
• added generic union types for frequently used types (72474d6)
• added generic union types for frequently used types (f10d0b2)
• allow to set client_id (d51bf25)
• changed the accepting type in VcIssuer (125cb81)
• changed the if param in the assertAlphanumericPin (5655859)
• changed the logic for pin validation (b8bb359)
• Comparison of request subject signing with response was not normalized for a comparison (cd72dc6)
• Ensure we have a single client that handles both v13 and v11 and lower (eadbba0)
• fixed ClientIssuerIT.spec (c5be065)
• fixed createCredentialOfferURI signature (2856644)
• fixed failing test cases (690b02b)
• fixed sd jwt test with version 13 (dcf7439)
• fixed some issue in the IssuerMetadataUtils (8a6c16f)
• fixed some issue in the IssuerMetadataUtils plus added some unittests for it (d348641)
• fixed some test cases (ccac046)
• fixed test type mismatch (215227e)
• fixed test type mismatch (ca32202)
• fixed tests plus prettier (fc8cdf0)
• fixed the failing test for the credentialOfferUri (a8ac2e3)
• fixed the logic in creating credentialOffer uri (53bce06)
• fixed the regex for pin (d3b2f0c)
• fixed type mismatch in some files (a2b3c22)
• fixes after merge with CWALL-199 (af967a9)
• fixes for PAR. Several things were missing, wrong. Higly likely this is a problem for non PAR flows as well (9ed5064)
• for pin in IssuerTokenServer (354e8ad)
• MetadataClient for version 13 and added better type distinction. added credential_definition to credential metadata of v13 (e39bf71)
• No response type set on authz code after using PAR (5da243e)
• set client_id on authorization url (599ca9e)
• set client_id on authorization url (04e7cb8)

Features

• Add wallet signing support to VCI and notification support (c4d3483)
• added setDefaultTokenEndpoint to VcIssuer constructor (f16affc)
• added setDefaultTokenEndpoint to VcIssuerBuilder (96608ec)
• added token_endpoint to the metadata (72f2988)
• created special type for CredentialRequest v1_0_13 and fixed the tests for it (25a6051)
• expose functions for experimental subject issuer support (c4adecc)
• Unify how we get types from different spec versions (449364b)