Cannot reuse serialized MDoc: issuerAuth.getContentForEncoding is undefined

[oshikawatkm]

Bug Report: Cannot rehydrate MDoc from JSON due to unexported IssuerAuth class

Summary

When an MDoc instance is serialized using JSON.stringify(mdoc) and then deserialized using JSON.parse(...), the issuerSigned.issuerAuth becomes a plain object. This results in the following runtime error:

TypeError: this.issuerSigned?.issuerAuth.getContentForEncoding is not a function

Why this is a problem

• The DeviceResponse.from(mdoc).sign() call fails after deserialization.
• The issuerAuth object loses its class methods such as getContentForEncoding.
• Since the IssuerAuth class is not exported, users have no way to rehydrate it correctly.
• This makes it impossible to persist mDocs to a file or database and reuse them reliably later.

Steps to Reproduce

import { MDoc, DeviceResponse } from '@auth0/mdl';
import * as fs from 'fs';

// Step 1: Assume we have a valid MDoc
const mdoc = new MDoc([...]);

// Step 2: Serialize
const json = JSON.stringify(mdoc);
fs.writeFileSync('mdoc.json', json);

// Step 3: Deserialize
const parsed = JSON.parse(fs.readFileSync('mdoc.json', 'utf-8'));

// Step 4: Reuse
const parsedMdoc = new MDoc([parsed]);
await DeviceResponse.from(parsedMdoc).sign();

Expected Behavior

• Either:
  • IssuerAuth should be exported so users can manually rehydrate it (e.g. new IssuerAuth(obj)), OR
  • A helper function such as MDoc.fromJSON() should be provided to reconstruct a full object graph from plain JSON (including nested types like IssuerAuth and DeviceSignedDocument).

Suggested Solution

Export the IssuerAuth class from the library, or Add MDoc.fromJSON() or similar to allow proper deserialization from persisted data.

• Library: @auth0/mdl
• Node.js version: v21.6.0