feat: Enable tx_code support for the issuer, and properly handle both the old userPin and tx_code on the client side. fixes #117

Author: nklomp

packages/callback-example/lib/__tests__/issuerCallback.spec.ts

@@ -119,7 +119,7 @@ describe('issuerCallback', () => {
       lastUpdatedAt: +new Date(),
       status: IssueStatus.OFFER_CREATED,
       notification_id: v4(),
-      userPin: '123456',
+      txCode: '123456',
       credentialOffer: {
         credential_offer: {
           credential_issuer: 'did:key:test',

packages/client/lib/AccessTokenClient.ts

@@ -14,6 +14,7 @@ import {
   JsonURIMode,
   OpenIDResponse,
   PRE_AUTH_CODE_LITERAL,
+  PRE_AUTH_GRANT_LITERAL,
   TokenErrorResponse,
   toUniformCredentialOfferRequest,
   TxCodeAndPinRequired,
@@ -107,8 +108,7 @@ export class AccessTokenClient {
 
       request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
       // we actually know it is there because of the isPreAuthCode call
-      request[PRE_AUTH_CODE_LITERAL] =
-        credentialOfferRequest?.credential_offer.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.[PRE_AUTH_CODE_LITERAL];
+      request[PRE_AUTH_CODE_LITERAL] = credentialOfferRequest?.credential_offer.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL];
 
       return request as AccessTokenRequest;
     }
@@ -146,7 +146,7 @@ export class AccessTokenClient {
     }
     const issuer = getIssuerFromCredentialOfferPayload(requestPayload);
 
-    const grantDetails = requestPayload.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code'];
+    const grantDetails = requestPayload.grants?.[PRE_AUTH_GRANT_LITERAL];
     const isPinRequired = !!grantDetails?.tx_code ?? false;
 
     LOG.warning(`Pin required for issuer ${issuer}: ${isPinRequired}`);
@@ -211,7 +211,7 @@ export class AccessTokenClient {
     if (accessTokenRequest.grant_type === GrantTypes.PRE_AUTHORIZED_CODE) {
       this.assertPreAuthorizedGrantType(accessTokenRequest.grant_type);
       this.assertNonEmptyPreAuthorizedCode(accessTokenRequest);
-      this.assertAlphanumericPin(pinMeta, accessTokenRequest.user_pin);
+      this.assertAlphanumericPin(pinMeta, accessTokenRequest.tx_code ?? accessTokenRequest.user_pin);
     } else if (accessTokenRequest.grant_type === GrantTypes.AUTHORIZATION_CODE) {
       this.assertAuthorizationGrantType(accessTokenRequest.grant_type);
       this.assertNonEmptyCodeVerifier(accessTokenRequest);

packages/client/lib/AccessTokenClientV1_0_11.ts

@@ -17,6 +17,7 @@ import {
   OpenId4VCIVersion,
   OpenIDResponse,
   PRE_AUTH_CODE_LITERAL,
+  PRE_AUTH_GRANT_LITERAL,
   TokenErrorResponse,
   toUniformCredentialOfferRequest,
   UniformCredentialOfferPayload,
@@ -112,8 +113,7 @@ export class AccessTokenClientV1_0_11 {
 
       request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
       // we actually know it is there because of the isPreAuthCode call
-      request[PRE_AUTH_CODE_LITERAL] =
-        credentialOfferRequest?.credential_offer.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.[PRE_AUTH_CODE_LITERAL];
+      request[PRE_AUTH_CODE_LITERAL] = credentialOfferRequest?.credential_offer.grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL];
 
       return request as AccessTokenRequest;
     }
@@ -135,7 +135,7 @@ export class AccessTokenClientV1_0_11 {
 
   private assertPreAuthorizedGrantType(grantType: GrantTypes): void {
     if (GrantTypes.PRE_AUTHORIZED_CODE !== grantType) {
-      throw new Error("grant type must be 'urn:ietf:params:oauth:grant-type:pre-authorized_code'");
+      throw new Error('grant type must be PRE_AUTH_GRANT_LITERAL');
     }
   }
 
@@ -151,8 +151,8 @@ export class AccessTokenClientV1_0_11 {
       throw new Error(TokenErrorResponse.invalid_request);
     }
     const issuer = getIssuerFromCredentialOfferPayload(requestPayload);
-    if (requestPayload.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']) {
-      isPinRequired = requestPayload.grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false;
+    if (requestPayload.grants?.[PRE_AUTH_GRANT_LITERAL]) {
+      isPinRequired = requestPayload.grants[PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false;
     }
     debug(`Pin required for issuer ${issuer}: ${isPinRequired}`);
     return isPinRequired;

packages/client/lib/CredentialOfferClient.ts

@@ -10,6 +10,8 @@ import {
   determineSpecVersionFromURI,
   getClientIdFromCredentialOfferPayload,
   OpenId4VCIVersion,
+  PRE_AUTH_CODE_LITERAL,
+  PRE_AUTH_GRANT_LITERAL,
   toUniformCredentialOfferRequest,
 } from '@sphereon/oid4vci-common';
 import Debug from 'debug';
@@ -64,17 +66,16 @@ export class CredentialOfferClient {
       ...(clientId && { clientId }),
       ...request,
       ...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
-      ...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
-        preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
+      ...(grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL] && {
+        preAuthorizedCode: grants[PRE_AUTH_GRANT_LITERAL][PRE_AUTH_CODE_LITERAL],
       }),
       userPinRequired:
-        request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ??
-        !!request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code ??
+        request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.user_pin_required ??
+        !!request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.tx_code ??
         false,
-      ...(request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code &&
-        {
-          // txCode: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code,
-        }),
+      ...(request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.tx_code && {
+        txCode: request.credential_offer.grants[PRE_AUTH_GRANT_LITERAL].tx_code,
+      }),
     };
   }
 

packages/client/lib/CredentialOfferClientV1_0_11.ts

@@ -10,6 +10,8 @@ import {
   determineSpecVersionFromURI,
   getClientIdFromCredentialOfferPayload,
   OpenId4VCIVersion,
+  PRE_AUTH_CODE_LITERAL,
+  PRE_AUTH_GRANT_LITERAL,
   toUniformCredentialOfferRequest,
 } from '@sphereon/oid4vci-common';
 import Debug from 'debug';
@@ -59,10 +61,10 @@ export class CredentialOfferClientV1_0_11 {
       ...(clientId && { clientId }),
       ...request,
       ...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
-      ...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
-        preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
+      ...(grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL] && {
+        preAuthorizedCode: grants[PRE_AUTH_GRANT_LITERAL][PRE_AUTH_CODE_LITERAL],
       }),
-      userPinRequired: !!request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.user_pin_required ?? false,
+      userPinRequired: !!request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.user_pin_required ?? false,
     };
   }
 

packages/client/lib/CredentialOfferClientV1_0_13.ts

@@ -6,6 +6,8 @@ import {
   determineSpecVersionFromURI,
   getClientIdFromCredentialOfferPayload,
   OpenId4VCIVersion,
+  PRE_AUTH_CODE_LITERAL,
+  PRE_AUTH_GRANT_LITERAL,
   toUniformCredentialOfferRequest,
 } from '@sphereon/oid4vci-common';
 import Debug from 'debug';
@@ -46,14 +48,13 @@ export class CredentialOfferClientV1_0_13 {
       ...(clientId && { clientId }),
       ...request,
       ...(grants?.authorization_code?.issuer_state && { issuerState: grants.authorization_code.issuer_state }),
-      ...(grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.['pre-authorized_code'] && {
-        preAuthorizedCode: grants['urn:ietf:params:oauth:grant-type:pre-authorized_code']['pre-authorized_code'],
+      ...(grants?.[PRE_AUTH_GRANT_LITERAL]?.[PRE_AUTH_CODE_LITERAL] && {
+        preAuthorizedCode: grants[PRE_AUTH_GRANT_LITERAL][PRE_AUTH_CODE_LITERAL],
+      }),
+      userPinRequired: !!request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.tx_code ?? false,
+      ...(request.credential_offer?.grants?.[PRE_AUTH_GRANT_LITERAL]?.tx_code && {
+        txCode: request.credential_offer.grants[PRE_AUTH_GRANT_LITERAL].tx_code,
       }),
-      userPinRequired: !!request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code ?? false,
-      ...(request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code &&
-        {
-          // txCode: request.credential_offer?.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.tx_code,
-        }),
     };
   }
 

packages/client/lib/__tests__/AccessTokenClient.spec.ts

@@ -1,4 +1,11 @@
-import { AccessTokenRequest, AccessTokenResponse, GrantTypes, OpenIDResponse, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+import {
+  AccessTokenRequest,
+  AccessTokenResponse,
+  GrantTypes,
+  OpenIDResponse,
+  PRE_AUTH_CODE_LITERAL,
+  WellKnownEndpoints,
+} from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -48,7 +55,7 @@ describe('AccessTokenClient should', () => {
         pinMetadata: {
           isPinRequired: true,
           txCode: {
-            length: accessTokenRequest['pre-authorized_code'].length,
+            length: accessTokenRequest[PRE_AUTH_CODE_LITERAL].length,
             input_mode: 'numeric',
           },
         },

packages/client/lib/__tests__/MetadataClient.spec.ts

@@ -1,4 +1,4 @@
-import { getIssuerFromCredentialOfferPayload, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+import { getIssuerFromCredentialOfferPayload, PRE_AUTH_GRANT_LITERAL, WellKnownEndpoints } from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
@@ -241,7 +241,7 @@ describe.skip('Metadataclient with SpruceId should', () => {
       credential_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/credential',
       token_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/token',
       jwks_uri: 'https://ngi-oidc4vci-test.spruceid.xyz/jwks',
-      grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+      grant_types_supported: [PRE_AUTH_GRANT_LITERAL],
       credentials_supported: {
         OpenBadgeCredential: {
           formats: {
@@ -277,7 +277,7 @@ describe.skip('Metadataclient with SpruceId should', () => {
       credential_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/credential',
       token_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/token',
       jwks_uri: 'https://ngi-oidc4vci-test.spruceid.xyz/jwks',
-      grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+      grant_types_supported: [PRE_AUTH_GRANT_LITERAL],
       credentials_supported: {
         OpenBadgeCredential: {
           formats: {

packages/client/lib/__tests__/MetadataMocks.ts

@@ -1,4 +1,4 @@
-import { AuthzFlowType, CredentialOfferPayloadV1_0_13, CredentialOfferRequestWithBaseUrl } from '@sphereon/oid4vci-common';
+import { AuthzFlowType, CredentialOfferPayloadV1_0_13, CredentialOfferRequestWithBaseUrl, PRE_AUTH_GRANT_LITERAL } from '@sphereon/oid4vci-common';
 
 export const IDENTIPROOF_ISSUER_URL = 'https://issuer.research.identiproof.io';
 export const IDENTIPROOF_AS_URL = 'https://auth.research.identiproof.io';
@@ -48,6 +48,11 @@ export const INITIATION_TEST: CredentialOfferRequestWithBaseUrl = {
   scheme: 'openid-credential-offer',
   supportedFlows: [AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW],
   version: 1013,
+  txCode: {
+    description: 'Please provide the one-time code that was sent via e-mail',
+    input_mode: 'numeric',
+    length: 4,
+  },
   userPinRequired: true, // Determined from above tx_code
 };
 export const INITIATION_TEST_V1_0_08: CredentialOfferRequestWithBaseUrl = {
@@ -84,7 +89,7 @@ export const IDENTIPROOF_AS_METADATA = {
   token_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt'],
   jwks_uri: 'https://auth.research.identiproof.io/oauth2/jwks',
   response_types_supported: ['code'],
-  grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code', 'client_credentials', 'refresh_token'],
+  grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL, 'client_credentials', 'refresh_token'],
   revocation_endpoint: 'https://auth.research.identiproof.io/oauth2/revoke',
   revocation_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt'],
   introspection_endpoint: 'https://auth.research.identiproof.io/oauth2/introspect',
@@ -168,7 +173,7 @@ export const SPRUCE_OID4VCI_METADATA = {
   credential_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/credential',
   token_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/token',
   jwks_uri: 'https://ngi-oidc4vci-test.spruceid.xyz/jwks',
-  grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+  grant_types_supported: [PRE_AUTH_GRANT_LITERAL],
   credentials_supported: {
     OpenBadgeCredential: {
       formats: {
@@ -232,7 +237,7 @@ export const DANUBE_OIDC_METADATA = {
     ],
   },
   code_challenge_methods_supported: ['plain', 'S256'],
-  grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+  grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
   token_endpoint_auth_methods_supported: ['client_secret_post', 'client_secret_basic'],
   authorization_endpoint: 'https://oidc4vc.uniissuer.io/authorize',
   token_endpoint: 'https://oidc4vc.uniissuer.io/token',
@@ -245,7 +250,7 @@ export const WALT_OID4VCI_METADATA = {
   pushed_authorization_request_endpoint: 'https://jff.walt.id/issuer-api/oidc/par',
   issuer: 'https://jff.walt.id/issuer-api',
   jwks_uri: 'https://jff.walt.id/issuer-api/oidc',
-  grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+  grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
   request_uri_parameter_supported: true,
   credentials_supported: {
     VerifiableDiploma: {

packages/client/lib/__tests__/data/VciDataFixtures.ts

@@ -3,6 +3,7 @@ import {
   IssuerCredentialSubjectDisplay,
   IssuerMetadataV1_0_08,
   IssuerMetadataV1_0_13,
+  PRE_AUTH_GRANT_LITERAL,
 } from '@sphereon/oid4vci-common';
 import { ICredentialStatus, W3CVerifiableCredential } from '@sphereon/ssi-types';
 
@@ -76,7 +77,7 @@ const mockData: VciMockDataStructure = {
         credential_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/credential',
         token_endpoint: 'https://ngi-oidc4vci-test.spruceid.xyz/token',
         jwks_uri: 'https://ngi-oidc4vci-test.spruceid.xyz/jwks',
-        grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: [PRE_AUTH_GRANT_LITERAL],
         credentials_supported: {
           OpenBadgeCredential: {
             formats: {
@@ -100,7 +101,7 @@ const mockData: VciMockDataStructure = {
       method: 'POST',
       request: {
         client_id: 'sphereon:ssi-wallet',
-        grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+        grant_type: PRE_AUTH_GRANT_LITERAL,
         'pre-authorized_code':
           'eyJhbGciOiJFUzI1NiJ9.eyJjcmVkZW50aWFsX3R5cGUiOlsiT3BlbkJhZGdlQ3JlZGVudGlhbCJdLCJleHAiOiIyMDIzLTA0LTE5VDExOjUzOjM4WiIsIm5vbmNlIjoiN3F4YldMcktpNTZjNjRlWjljaHJZeVUxbFVVQzMzV1YifQ.tDxAC8CsqN-DALOmY5ANEVf96fZfTzqHL4Aiq4IZzMJ-zSCrNkNBeuOK5D3RsJhSZcDMu2XvuG1RrSXJV0zHRg',
       },
@@ -141,7 +142,7 @@ const mockData: VciMockDataStructure = {
         pushed_authorization_request_endpoint: 'https://jff.walt.id/issuer-api/default/oidc/par',
         issuer: 'https://jff.walt.id/issuer-api/default',
         jwks_uri: 'https://jff.walt.id/issuer-api/default/oidc',
-        grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
         request_uri_parameter_supported: true,
         credentials_supported: {
           VerifiableId: {
@@ -343,7 +344,7 @@ const mockData: VciMockDataStructure = {
       method: 'POST',
       request: {
         client_id: 'sphereon:ssi-wallet',
-        grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+        grant_type: PRE_AUTH_GRANT_LITERAL,
         'pre-authorized_code':
           'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1NzhkZWZjOS0wMTFlLTQ3ZTAtYmQ5YS03MWFlOGU4ZTJjYzYiLCJwcmUtYXV0aG9yaXplZCI6dHJ1ZX0.uh1rX4qVqlp-YW-itLON8Zmov8t-xugCFDXlUSPuTSQ',
       },
@@ -450,7 +451,7 @@ const mockData: VciMockDataStructure = {
           ],
         },
         code_challenge_methods_supported: ['plain', 'S256'],
-        grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
         token_endpoint_auth_methods_supported: ['client_secret_post', 'client_secret_basic'],
         issuer: 'https: //oidc4vc.uniissuer.io/',
         authorization_endpoint: 'https://oidc4vc.uniissuer.io/1.0/authorize',
@@ -463,7 +464,7 @@ const mockData: VciMockDataStructure = {
       method: 'POST',
       request: {
         client_id: 'sphereon:ssi-wallet',
-        grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+        grant_type: PRE_AUTH_GRANT_LITERAL,
         'pre-authorized_code': 'rQhxqvmEQef2pFChuedmDWlp6iIifUVI',
       },
       response: {
@@ -505,7 +506,7 @@ const mockData: VciMockDataStructure = {
         jwks_uri: 'https://launchpad.vii.electron.mattrlabs.io/oidc/v1/auth/jwks',
         token_endpoint_auth_methods_supported: ['none', 'client_secret_basic', 'client_secret_jwt', 'client_secret_post', 'private_key_jwt'],
         code_challenge_methods_supported: ['S256'],
-        grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
         response_modes_supported: ['form_post', 'fragment', 'query'],
         response_types_supported: ['code id_token', 'code', 'id_token', 'none'],
         scopes_supported: ['PermanentResidentCard', 'AcademicAward', 'LearnerProfile', 'OpenBadgeCredential'],
@@ -564,7 +565,7 @@ const mockData: VciMockDataStructure = {
       method: 'POST',
       request: {
         client_id: 'sphereon:ssi-wallet',
-        grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+        grant_type: PRE_AUTH_GRANT_LITERAL,
         'pre-authorized_code': 'kI_19c0PtisCJBG-ngd9mA47UCKx4uoKglUp0gqmxKt',
       },
       response: {
@@ -658,7 +659,7 @@ const mockData: VciMockDataStructure = {
         credential_endpoint: 'https://oidc4vc.diwala.io/credential',
         token_endpoint: 'https://oidc4vc.diwala.io/token',
         jwks_uri: 'https://oidc4vc.diwala.io/jwks',
-        grant_types_supported: ['urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: [PRE_AUTH_GRANT_LITERAL],
         credentials_supported: {
           OpenBadgeCredential: {
             formats: {
@@ -677,7 +678,7 @@ const mockData: VciMockDataStructure = {
       method: 'POST',
       request: {
         client_id: 'sphereon:ssi-wallet',
-        grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+        grant_type: PRE_AUTH_GRANT_LITERAL,
         'pre-authorized_code':
           'eyJhbGciOiJIUzI1NiJ9.eyJjcmVkZW50aWFsX3R5cGUiOiJPcGVuQmFkZ2VDcmVkZW50aWFsIiwiZXhwIjoxNjgxOTE1NzI5fQ.JmhU1jhMfw3f_DaIqnxurPyIW1makcwUs49Fm253z5Q',
       },
@@ -1408,7 +1409,7 @@ const mockData: VciMockDataStructure = {
             name: 'Chamber of Commerce',
           },
         ],
-        grant_types_supported: ['authorization_code', 'urn:ietf:params:oauth:grant-type:pre-authorized_code'],
+        grant_types_supported: ['authorization_code', PRE_AUTH_GRANT_LITERAL],
         id_token_signing_alg_values_supported: ['ES256'],
         issuer: 'https://mijnkvk.acc.credenco.com',
         jwks_uri: 'https://mijnkvk.acc.credenco.com/jwks',