integrating support for SD-JWT into an RP setup

packages/contact-manager/src/types/IContactManager.ts

@@ -21,7 +21,7 @@ import {
   PartyTypeType as ContactTypeType,
   PhysicalAddress,
 } from '@sphereon/ssi-sdk.data-store'
-import { contextHasPlugin } from '../../../agent-config/src/agentContextUtils'
+import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 
 export interface IContactManager extends IPluginMethodMap {
   cmGetContact(args: GetContactArgs, context: RequiredContext): Promise<Contact>

packages/data-store/package.json

@@ -15,8 +15,8 @@
   },
   "dependencies": {
     "@sphereon/pex": "^4.0.1",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-sdk.agent-config": "workspace:*",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",

packages/ebsi-support/package.json

@@ -15,13 +15,14 @@
   },
   "dependencies": {
     "@ethersproject/random": "^5.7.0",
-    "@sphereon/did-auth-siop": "0.6.4",
+    "@sphereon/did-auth-siop": "0.16.1-next.13",
+    "@sphereon/did-auth-siop-adapter": "0.16.1-next.13",
     "@sphereon/pex": "^4.0.1",
     "@sphereon/pex-models": "^2.2.4",
-    "@sphereon/ssi-sdk-ext.did-resolver-ebsi": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-resolver-ebsi": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-sdk.contact-manager": "workspace:*",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.oid4vci-holder": "workspace:*",
@@ -42,11 +43,11 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vci-client": "0.16.1-next.7",
-    "@sphereon/oid4vci-common": "0.16.1-next.7",
+    "@sphereon/oid4vci-client": "0.16.1-next.13",
+    "@sphereon/oid4vci-common": "0.16.1-next.13",
     "@sphereon/ssi-express-support": "workspace:*",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-next.96",
     "@sphereon/ssi-sdk.agent-config": "workspace:*",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.public-key-hosting": "workspace:*",

packages/ebsi-support/src/agent/EbsiSupport.ts

@@ -1,4 +1,4 @@
-import { CheckLinkedDomain, PresentationDefinitionLocation, PresentationDefinitionWithLocation, SupportedVersion } from '@sphereon/did-auth-siop'
+import { PresentationDefinitionLocation, PresentationDefinitionWithLocation, SupportedVersion } from '@sphereon/did-auth-siop'
 import { CreateRequestObjectMode } from '@sphereon/oid4vci-common'
 import { IPEXFilterResult } from '@sphereon/ssi-sdk.presentation-exchange'
 import { CredentialMapper, PresentationSubmission } from '@sphereon/ssi-types'
@@ -29,6 +29,7 @@ import {
 } from '../types/IEbsiSupport'
 
 import { v4 } from 'uuid'
+import { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'
 
 export const ebsiSupportMethods: Array<string> = [
   'ebsiCreateDidOnLedger',
@@ -201,13 +202,13 @@ export class EbsiSupport implements IAgentPlugin {
       op: { checkLinkedDomains: CheckLinkedDomain.NEVER },
       providedPresentationDefinitions: [definition],
     })
-    const oid4vp = await opSession.getOID4VP({ allDIDs: [identifier.did] })
+    const oid4vp = await opSession.getOID4VP({ allIdentifiers: [identifier.did] })
     const vp = await oid4vp.createVerifiablePresentation(
       args.credentialRole,
       { definition, credentials: pexResult.filteredCredentials },
       {
         proofOpts: { domain: openIDMetadata.issuer, nonce: v4(), created: new Date(Date.now() - 120_000).toString() },
-        holderDID: identifier.did,
+        holder: identifier.did,
         idOpts: idOpts,
         skipDidResolution,
         forceNoCredentialsInVP: !hasInputDescriptors,

packages/ebsi-support/src/functions/Attestation.ts

@@ -153,6 +153,8 @@ export const ebsiCreateAttestationAuthRequestURL = async (
     },
     accessTokenOpts: {
       clientOpts: {
+        //fixme: fix this: TS2551: Property ES384 does not exist on type typeof Alg. Did you mean PS384?
+        //@ts-ignore
         alg: Alg[await signatureAlgorithmFromKey({ key: authKey })],
         clientId,
         kid,

packages/ebsi-support/src/functions/AttestationHeadlessCallbacks.ts

@@ -1,5 +1,5 @@
 import { decodeUriAsJson } from '@sphereon/did-auth-siop'
-import { getIssuerName } from '@sphereon/oid4vci-common'
+import { AuthorizationServerMetadata, CredentialIssuerMetadata, getIssuerName, IssuerMetadata } from '@sphereon/oid4vci-common'
 import {
   ConnectionType,
   CorrelationIdentifierType,
@@ -28,7 +28,11 @@ export const addContactCallback = (context: IRequiredContext) => {
 
     const issuerUrl: URL = new URL(serverMetadata.issuer)
     const correlationId: string = `${issuerUrl.protocol}//${issuerUrl.hostname}`
-    let issuerName: string = getIssuerName(correlationId, serverMetadata.credentialIssuerMetadata)
+    let issuerName: string = getIssuerName(
+      correlationId,
+      //fixme: we should be able remove the as part here.
+      serverMetadata.credentialIssuerMetadata as Partial<AuthorizationServerMetadata> & (IssuerMetadata | CredentialIssuerMetadata),
+    )
 
     const party: NonPersistedParty = {
       contact: {

packages/oid4vci-holder/package.json

@@ -14,11 +14,11 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/oid4vci-client": "0.16.1-next.7",
-    "@sphereon/oid4vci-common": "0.16.1-next.7",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/oid4vci-client": "0.16.1-next.13",
+    "@sphereon/oid4vci-common": "0.16.1-next.13",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-sdk.contact-manager": "workspace:*",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.credential-store": "workspace:*",
@@ -36,7 +36,7 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-next.96",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
     "@types/uuid": "^9.0.8",

packages/oid4vci-holder/src/agent/OID4VCIHolder.ts

@@ -16,7 +16,7 @@ import {
 } from '@sphereon/oid4vci-common'
 import { signDidJWT, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
 import { IIdentifierResolution, isManagedIdentifierDidResult, ManagedIdentifierOpts } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import { SignatureAlgorithmEnum, signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'
+import { signatureAlgorithmFromKey, SignatureAlgorithmJwa } from '@sphereon/ssi-sdk-ext.key-utils'
 import {
   CorrelationIdentifierType,
   CredentialCorrelationType,
@@ -211,10 +211,10 @@ export class OID4VCIHolder implements IAgentPlugin {
     SupportedDidMethodEnum.DID_EBSI,
     SupportedDidMethodEnum.DID_ION,
   ]
-  private readonly jwtCryptographicSuitePreferences: Array<SignatureAlgorithmEnum> = [
-    SignatureAlgorithmEnum.ES256,
-    SignatureAlgorithmEnum.ES256K,
-    SignatureAlgorithmEnum.EdDSA,
+  private readonly jwtCryptographicSuitePreferences: Array<SignatureAlgorithmJwa> = [
+    SignatureAlgorithmJwa.ES256,
+    SignatureAlgorithmJwa.ES256K,
+    SignatureAlgorithmJwa.EdDSA,
   ]
   private static readonly DEFAULT_MOBILE_REDIRECT_URI = `${DefaultURISchemes.CREDENTIAL_OFFER}://`
   private readonly defaultAuthorizationRequestOpts: AuthorizationRequestOpts = { redirectUri: OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI }
@@ -595,7 +595,7 @@ export class OID4VCIHolder implements IAgentPlugin {
     const idOpts = await getIdentifierOpts({ issuanceOpt, context })
     const { key, kid } = idOpts
     logger.debug(`ID opts`, idOpts)
-    const alg: SignatureAlgorithmEnum = await signatureAlgorithmFromKey({ key })
+    const alg: SignatureAlgorithmJwa = await signatureAlgorithmFromKey({ key })
 
     const callbacks: ProofOfPossessionCallbacks<never> = {
       signCallback: signCallback(client, idOpts, context),

packages/oid4vci-holder/src/agent/OID4VCIHolderService.ts

@@ -1,18 +1,18 @@
 import { LOG } from '@sphereon/oid4vci-client/dist/types'
 import {
   CredentialConfigurationSupported,
-  CredentialOfferFormat,
   CredentialResponse,
   CredentialsSupportedDisplay,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
   getTypesFromObject,
   MetadataDisplay,
   OpenId4VCIVersion,
+  CredentialOfferFormatV1_0_11,
 } from '@sphereon/oid4vci-common'
 import { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'
 import { getAuthenticationKey, getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
-import { keyTypeFromCryptographicSuite, SignatureAlgorithmEnum } from '@sphereon/ssi-sdk-ext.key-utils'
+import { keyTypeFromCryptographicSuite, SignatureAlgorithmJwa } from '@sphereon/ssi-sdk-ext.key-utils'
 import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
@@ -107,7 +107,9 @@ export const getCredentialConfigsBasedOnFormatPref = async (
   return prefConfigs
 }
 
-export const selectCredentialLocaleBranding = async (args: SelectAppLocaleBrandingArgs): Promise<IBasicCredentialLocaleBranding | IBasicIssuerLocaleBranding | undefined> => {
+export const selectCredentialLocaleBranding = async (
+  args: SelectAppLocaleBrandingArgs,
+): Promise<IBasicCredentialLocaleBranding | IBasicIssuerLocaleBranding | undefined> => {
   const { locale, localeBranding } = args
 
   return localeBranding?.find(
@@ -397,8 +399,8 @@ export const getCredentialConfigsSupportedBySingleTypeOrId = async (
       'credentials' in client.credentialOffer.credential_offer
     ) {
       format = client.credentialOffer.credential_offer.credentials
-        .filter((format: string | CredentialOfferFormat): boolean => typeof format !== 'string')
-        .map((format: string | CredentialOfferFormat) => (format as CredentialOfferFormat).format)
+        .filter((format: string | CredentialOfferFormatV1_0_11): boolean => typeof format !== 'string')
+        .map((format: string | CredentialOfferFormatV1_0_11) => (format as CredentialOfferFormatV1_0_11).format)
       if (format?.length === 0) {
         format = undefined // Otherwise we would match nothing
       }
@@ -554,14 +556,14 @@ export const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs):
     case 'jwt':
     case 'jwt_vc_json':
     case 'jwt_vc': {
-      const supportedPreferences: Array<SignatureAlgorithmEnum> = jwtCryptographicSuitePreferences.filter((suite: SignatureAlgorithmEnum) =>
+      const supportedPreferences: Array<SignatureAlgorithmJwa> = jwtCryptographicSuitePreferences.filter((suite: SignatureAlgorithmJwa) =>
         signing_algs_supported.includes(suite),
       )
 
       if (supportedPreferences.length > 0) {
         return supportedPreferences[0]
       } else if (client.isEBSI()) {
-        return SignatureAlgorithmEnum.ES256
+        return SignatureAlgorithmJwa.ES256
       }
 
       // if we cannot find supported cryptographic suites, we just try with the first preference

packages/oid4vci-holder/src/types/IOID4VCIHolder.ts

@@ -14,7 +14,7 @@ import {
 } from '@sphereon/oid4vci-common'
 import { CreateOrGetIdentifierOpts, IdentifierProviderOpts, KeyManagementSystemEnum, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
 import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import { SignatureAlgorithmEnum } from '@sphereon/ssi-sdk-ext.key-utils'
+import { SignatureAlgorithmJwa } from '@sphereon/ssi-sdk-ext.key-utils'
 import { IContactManager } from '@sphereon/ssi-sdk.contact-manager'
 import { DigitalCredential, IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding, Identity, Party } from '@sphereon/ssi-sdk.data-store'
 import { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding'
@@ -79,7 +79,7 @@ export type OID4VCIHolderOptions = {
   jsonldCryptographicSuitePreferences?: Array<string>
   defaultAuthorizationRequestOptions?: AuthorizationRequestOpts
   didMethodPreferences?: Array<SupportedDidMethodEnum>
-  jwtCryptographicSuitePreferences?: Array<SignatureAlgorithmEnum>
+  jwtCryptographicSuitePreferences?: Array<SignatureAlgorithmJwa>
   hasher?: Hasher
 }
 
@@ -533,7 +533,7 @@ export type GetIssuanceOptsArgs = {
   serverMetadata: EndpointMetadataResult
   context: RequiredContext
   didMethodPreferences: Array<SupportedDidMethodEnum>
-  jwtCryptographicSuitePreferences: Array<SignatureAlgorithmEnum>
+  jwtCryptographicSuitePreferences: Array<SignatureAlgorithmJwa>
   jsonldCryptographicSuitePreferences: Array<string>
   forceIssuanceOpt?: IssuanceOpts
 }
@@ -547,7 +547,7 @@ export type GetIssuanceDidMethodArgs = {
 export type GetIssuanceCryptoSuiteArgs = {
   credentialSupported: CredentialConfigurationSupported
   client: OpenID4VCIClient
-  jwtCryptographicSuitePreferences: Array<SignatureAlgorithmEnum>
+  jwtCryptographicSuitePreferences: Array<SignatureAlgorithmJwa>
   jsonldCryptographicSuitePreferences: Array<string>
 }
 

packages/oid4vci-issuer-rest-api/package.json

@@ -11,10 +11,10 @@
     "start:dev": "ts-node __tests__/RestAPI.ts"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.16.1-next.7",
-    "@sphereon/oid4vci-issuer": "0.16.1-next.7",
-    "@sphereon/oid4vci-issuer-server": "0.16.1-next.7",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/oid4vci-common": "0.16.1-next.13",
+    "@sphereon/oid4vci-issuer": "0.16.1-next.13",
+    "@sphereon/oid4vci-issuer-server": "0.16.1-next.13",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-express-support": "workspace:*",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@sphereon/ssi-sdk.oid4vci-issuer": "workspace:*",
@@ -37,10 +37,10 @@
     "@sphereon/did-uni-client": "^0.6.3",
     "@sphereon/pex": "^4.0.1",
     "@sphereon/pex-models": "^2.2.4",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-next.96",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.vc-handler-ld-local": "workspace:*",
     "@types/body-parser": "^1.19.5",

packages/oid4vci-issuer/package.json

@@ -14,10 +14,10 @@
     "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
-    "@sphereon/oid4vci-common": "0.16.1-next.7",
-    "@sphereon/oid4vci-issuer": "0.16.1-next.7",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/oid4vci-common": "0.16.1-next.13",
+    "@sphereon/oid4vci-issuer": "0.16.1-next.13",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@sphereon/ssi-sdk.oid4vci-issuer-store": "workspace:*",

packages/presentation-exchange/package.json

@@ -16,8 +16,8 @@
   "dependencies": {
     "@sphereon/pex": "^4.0.1",
     "@sphereon/pex-models": "^2.2.4",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
     "@sphereon/ssi-sdk.credential-store": "workspace:*",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.sd-jwt": "workspace:*",

packages/public-key-hosting/package.json

@@ -12,10 +12,10 @@
   },
   "dependencies": {
     "@sphereon/ssi-express-support": "workspace:*",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-next.96",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",
     "@veramo/core": "4.2.0",
@@ -33,8 +33,8 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-next.96",
     "@sphereon/ssi-sdk.agent-config": "workspace:*",
     "@types/body-parser": "^1.19.5",
     "@types/cookie-parser": "^1.4.7",

packages/sd-jwt/package.json

@@ -28,10 +28,10 @@
     "@sd-jwt/decode": "^0.6.1",
     "@sd-jwt/types": "^0.6.1",
     "@sd-jwt/utils": "^0.6.1",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-unstable.82",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.82",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.24.1-next.96",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-next.96",
     "@types/node": "18.15.3",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",

packages/sd-jwt/src/__tests__/sd-jwt.test.ts

@@ -279,7 +279,7 @@ describe('Agent plugin', () => {
       kb: true,
     })
     expect(result).toBeDefined()
-    expect((result.verifiedPayloads.payload as typeof claims).given_name).toBe('John')
+    expect((result.payload as typeof claims).given_name).toBe('John')
   })
 
   it('verify a presentation with sub set', async () => {
@@ -316,6 +316,6 @@ describe('Agent plugin', () => {
       kb: true,
     })
     expect(result).toBeDefined()
-    expect((result.verifiedPayloads.payload as typeof claims).given_name).toBe('John')
+    expect((result.payload as typeof claims).given_name).toBe('John')
   })
 })