Index

src/registrar/schema-metadata/dto/schema-metadata.dto.ts

AttestationLoS
typeof ATTESTATION_LOS_VALUES['number']
BindingType
typeof BINDING_TYPE_VALUES['number']
CredentialFormatId
typeof FORMAT_VALUES['number']
SchemaMetadataCategory
typeof CATEGORY_VALUES['number']
SchemaMetadataTag
typeof TAG_VALUES['number']
VocabularyStatus
typeof VOCABULARY_STATUS_VALUES['number']

src/audit-log/entities/audit-log.entity.ts

AuditActionType
"tenant_created" | "tenant_updated" | "tenant_deleted" | "presentation_config_created" | "presentation_config_updated" | "presentation_config_deleted" | "issuance_config_updated" | "credential_config_created" | "credential_config_updated" | "credential_config_deleted" | "status_list_config_updated" | "status_list_config_reset" | "webhook_endpoint_created" | "webhook_endpoint_updated" | "webhook_endpoint_deleted" | "attribute_provider_created" | "attribute_provider_updated" | "attribute_provider_deleted"
AuditActorType
"user" | "client" | "system"

src/audit-log/dto/audit-log-response.dto.ts

AuditActionTypeLiteral
"tenant_created" | "tenant_updated" | "tenant_deleted" | "presentation_config_created" | "presentation_config_updated" | "presentation_config_deleted" | "issuance_config_updated" | "credential_config_created" | "credential_config_updated" | "credential_config_deleted" | "status_list_config_updated" | "status_list_config_reset" | "webhook_endpoint_created" | "webhook_endpoint_updated" | "webhook_endpoint_deleted" | "attribute_provider_created" | "attribute_provider_updated" | "attribute_provider_deleted"

src/issuer/configuration/issuance/dto/authorization-server-config.dto.ts

AuthorizationServerType
"external" | "oid4vp" | "chained" | "built-in"

src/verifier/presentations/presentations.service.ts

BuildDcqlFromSchemaMetaResult
{ credentials: Array<Record<string, unknown>> }
CredentialType
"dc+sd-jwt" | "mso_mdoc"
ResolvedSchemaMetadataPayload
{ id: string; version?: string; name?: string; description?: string; category?: string; tags?: string[]; supportedFormats: string[]; schemaURIs: Array<{ formatIdentifier?: string; format?: string; uri?: string }>; trustedAuthorities: Array<{ frameworkType?: string; value?: string; isLoTE?: boolean }>; resolvedReferences: Array<{ format: string; uri: string; integrity?: string; meta?: Record<string, unknown>; parsedSchema?: Record<string, unknown> }>; dcqlQuery: BuildDcqlFromSchemaMetaResult }
SchemaMetadataVerifier
function
SchemaMetaSdkCompat
{ verifyResolveAndBuildDcql?: Promise<{ verified: { payload: { id?: string; version?: string; schemaURIs: Array<{ formatIdentifier?: string; uri: string }>; trustedAuthorities?: Array<{ frameworkType?: string; value?: string; isLOTE?: boolean }> } }; resolvedReferences: Array<{ format: string; uri: string; integrity?: string; meta?: unknown; parsedSchema?: Record<string, unknown> }>; dcql: BuildDcqlFromSchemaMetaResult }>; verifySchemaMeta?: Promise<{ payload: { id?: string; version?: string; schemaURIs: Array<{ formatIdentifier?: string; uri: string }>; trustedAuthorities?: Array<{ frameworkType?: string; value?: string; isLOTE?: boolean }> } }>; resolveSchemaReferences?: Promise<Array<{ format: string; uri: string; integrity?: string; meta?: unknown; parsedSchema?: Record<string, unknown> }>>; buildDcqlFromSchemaMeta?: BuildDcqlFromSchemaMetaResult }

src/shared/trust/trust-store.service.ts

BuiltTrustStore

Built trust store with TrustedEntities preserving service groupings.

{ fetchedAt: number; nextUpdate?: string; entities: TrustedEntity[] }

src/shared/trust/federation-trust.service.ts

CachedEvaluation
{ value: FederationTrustEvaluation; expiresAt: number }
FederationEntityConfigurationPayload
{ sub?: string; authority_hints?: string[]; metadata?: Record<string, unknown> }
FederationTrustEvaluation
{ trusted: boolean; reason: string }

src/issuer/issuance/oid4vci/authorization/authorization-servers/authorization-servers.service.ts

ChainedManagedAuthorizationServerConfig
ManagedAuthorizationServerConfig & literal type
ExternalManagedAuthorizationServerConfig
ManagedAuthorizationServerConfig & literal type
Oid4VpManagedAuthorizationServerConfig
ManagedAuthorizationServerConfig & literal type

src/issuer/issuance/oid4vci/oid4vci.service.ts

ChainedServerConfig
ManagedAuthorizationServerConfig & literal type
ExternalServerConfig
ManagedAuthorizationServerConfig & literal type
OAuth2TokenPayload

Type alias for the OAuth2 access token payload returned by resource server verification. This is distinct from the internal TokenPayload used for authenticated API requests.

{ iss: string; exp: number; iat: number; aud: string | []; sub: string; jti: string; client_id?: string; scope?: string; nbf?: number; nonce?: string; cnf?: { jwk?: Jwk } }
Oid4vpServerConfig
ManagedAuthorizationServerConfig & literal type

src/issuer/configuration/credentials/types/credential-config-types.ts

ClaimPathElement

Claim path element - string (object key), number (array index), or null (any element)

string | number | null
MsoMdocCredentialConfig

Extract mso_mdoc specific configuration from the SDK union type

Extract<CredentialConfigurationSupportedWithFormats | { format: MsoMdocFormatIdentifier }>
SdJwtDcCredentialConfig

Extract dc+sd-jwt specific configuration from the SDK union type

Extract<CredentialConfigurationSupportedWithFormats | { format: SdJwtDcFormatIdentifier }>
SdJwtDcFormatIdentifier
typeof SD_JWT_DC_FORMAT
TypedCredentialConfig

Union of the credential configs we actively support

SdJwtDcCredentialConfig | MsoMdocCredentialConfig

src/issuer/configuration/credentials/utils/types.ts

ClaimPathElement
string | number | null
FieldType
"string" | "number" | "integer" | "boolean" | "object" | "array"

src/issuer/issuance/oid4vci/dto/offer-request.dto.ts

ClaimsSource

Union type for all claims source types.

InlineClaimsSource | AttributeProviderClaimsSource | WebhookClaimsSource

src/crypto/key/crypto-implementation/crypto-implementation.service.ts

CoseAlgorithm

COSE algorithm identifiers used for mDOC (ISO 18013-5) Uses RFC 9864 fully-specified algorithm identifiers

number
CryptoType
unknown
JoseAlgorithm

JOSE algorithm names used for SD-JWT VC

"ES256" | "ES384" | "ES512"

src/registrar/schema-metadata/schema-metadata.service.ts

CreateSchemaMetadataRequest
{ metadata: Record<string, unknown>; rulebookFile: Blob | File; schemaFiles: Array<Blob | File> }
SchemaMetadataFilters
{ attestationId?: string; version?: string }

src/issuer/issuance/oid4vci/exceptions/credential-request.exception.ts

CredentialRequestErrorCode
"invalid_credential_request" | "unknown_credential_configuration" | "unknown_credential_identifier" | "invalid_proof" | "invalid_nonce" | "invalid_encryption_parameters" | "credential_request_denied"

src/issuer/issuance/oid4vci/exceptions/deferred-credential.exception.ts

DeferredCredentialErrorCode
"issuance_pending" | "invalid_transaction_id"

src/storage/storage.module.ts

Driver
"local" | "s3"

src/shared/utils/encryption/providers/encryption-key-provider.interface.ts

EncryptionKeySource

Configuration for encryption key source.

"env" | "vault" | "aws" | "azure"

src/shared/trust/types.ts

FederationTrustAnchorRef
{ entityId: string; entityConfigurationUri: string }
FederationTrustMode
"federation-only" | "lote-only" | "hybrid"
FederationTrustSource
{ mode?: FederationTrustMode; entityId?: string; trustAnchors: FederationTrustAnchorRef[]; cacheTtlSeconds?: number; enforceSigningPolicy?: boolean }
RulebookTrustListRef
{ url: string; verifierKey?: JWK }
ServiceTypeIdentifier
string
TrustedEntity

A TrustedEntity from a LoTE, containing its services grouped together. This preserves the relationship between issuance and revocation certificates from the same entity.

{ entityId?: string; services: TrustedEntityServiceCert[] }
TrustedEntityServiceCert

A service certificate from a TrustedEntity in a LoTE.

{ serviceTypeIdentifier: ServiceTypeIdentifier; certValue: string }
TrustListSource
{ lotes: RulebookTrustListRef[]; acceptedServiceTypes?: ServiceTypeIdentifier[] }
VerifierOptions
{ trustListSource?: TrustListSource; federationTrustSource?: FederationTrustSource; policy: VerifyPolicy; transactionData?: string[]; keyBindingAudience?: string; requiredClaimKeys?: string[]; keyBindingNonce?: string }
VerifyPolicy
{ requireX5c: boolean; revocation?: { enabled: boolean; failClosed?: boolean; fetchTimeoutMs?: number; cacheTtlMs?: number }; pinnedCertMode?: "leaf" | "pathEnd" }

src/crypto/key/dto/kms-config.dto.ts

HttpAuthType
typeof HTTP_AUTH_TYPES['number']
HttpKmsAuthConfigDto
HttpAuthNoneConfigDto | HttpAuthBearerConfigDto | HttpAuthOauth2ConfigDto | HttpAuthMtlsConfigDto
KmsProviderConfigDto

Union type for all provider configurations.

DbKmsConfigDto | VaultKmsConfigDto | AwsKmsConfigDto | Pkcs11KmsConfigDto | HttpKmsConfigDto | CscKmsConfigDto
KmsProviderType
typeof KMS_PROVIDER_TYPES['number']

src/crypto/key/kms/adapters/http-kms.adapter.ts

HttpKmsAuth

Authentication configuration for the remote KMS microservice.

typeDescription
noneNo auth — suitable for trusted private networks
bearerStatic Authorization: Bearer <token> header
oauth2-client-credentialsShort-lived tokens fetched and cached from a token server
mtlsMutual TLS — client cert presented on every connection
literal type | literal type | literal type | literal type

src/issuer/configuration/credentials/entities/iae-action.dto.ts

IaeAction

Union type for all IAE actions. This is a discriminated union based on the type field.

IaeActionOpenid4vpPresentation | IaeActionRedirectToWeb

src/issuer/issuance/oid4vci/authorization/authorize/dto/interactive-authorization.dto.ts

InteractiveAuthorizationResponse

Union type for all possible interactive authorization responses.

InteractiveAuthorizationCodeResponseDto | InteractiveAuthorizationOpenid4vpResponseDto | InteractiveAuthorizationRedirectToWebResponseDto | InteractiveAuthorizationErrorResponseDto

src/crypto/key/crypto-implementation/crypto-implementation.ts

KeyPair
{ publicKey: JsonWebKey; privateKey: JsonWebKey }
Signer
function
Verifier
function

src/crypto/key/kms/kms-adapter.ts

KmsSigningAlg

Supported signing algorithms. New algorithms can be added here once adapters declare support for them via KmsAdapterCapabilities.supportedAlgs.

unknown

src/shared/trust/lote-parser.service.ts

LoteInfo
{ nextUpdate?: string; listIssueDateTime?: string; schemeTerritory?: string }
ParsedLoTE

Parsed LoTE preserving TrustedEntity groupings. This is important for pairing issuance and revocation certificates from the same entity.

{ info: LoteInfo; entities: TrustedEntity[] }

src/shared/trust/x509-validation.service.ts

MatchedTrustedEntity

Information about a matched TrustedEntity from certificate chain validation. Includes the matched issuance certificate and the associated revocation certificate from the same entity.

{ entity: TrustedEntity; issuanceCert: x509.X509Certificate; issuanceThumbprint: string; issuanceIsCa: boolean; matchMode: "ca" | "leaf-pinned" | "pathEnd-pinned"; revocationCert?: x509.X509Certificate; revocationThumbprint?: string }
X5cInput
string[]

src/verifier/presentations/credential/mdocverifier/mdocverifier.service.ts

MdocSessionData
MdocSessionDataOid4vp | MdocSessionDataDcApi | MdocSessionDataIso18013
MdocSessionDataDcApi

Session data for OID4VP via DC API (openid4vp-v1-unsigned, response_mode=dc_api.jwt). Uses OID4VPDCAPIHandover transcript: SHA256(CBOR([origin, nonce, jwkThumbprint?])).

{ protocol: dc_api; nonce: string; origin: string; jwkThumbprint?: Uint8Array }
MdocSessionDataIso18013

Session data for ISO 18013-7 Annex C (org-iso-mdoc via DC API). The DCAPIHandover session transcript is pre-built by the caller.

{ protocol: iso-18013-7; sessionTranscript: SessionTranscript }
MdocSessionDataOid4vp

Session data for the standard OID4VP flow (direct_post or direct_post.jwt).

{ protocol: openid4vp; nonce: string; responseMode: string; clientId: string; responseUri: string; jwkThumbprint?: Uint8Array }
MdocVerificationResult
{ verified: boolean; claims: Record<string, unknown>; payload: string; docType?: string; failureType?: "signature_invalid" | "no_trust_chain_to_root" | "trust_chain_not_trusted" | "x5c_missing" | "verification_error"; failureReason?: string }
RequestedMdocClaimPath
string[]

src/session/entities/session.entity.ts

Notification

Represents a session entity for managing user sessions in the application.

{ id: string; event?: NotificationEvent; credentialConfigurationId: string }

src/issuer/configuration/credentials/utils/derive.ts

PathCursor
Record<string | unknown> | unknown[]
Segment
string | number | null

src/verifier/oid4vp/dto/presentation-request.dto.ts

PresentationRequestOptions
Pick<PresentationRequest & "webhook" | "redirectUri" | "expected_origin" | "transaction_data"> & literal type

src/storage/storage.types.ts

PutOptions
{ contentType?: string; metadata?: Record<string, string>; acl?: "private" | "public"; checksum?: string }
StoredObject
{ key: string; etag?: string; size?: number; url?: string; contentType?: string; metadata?: Record<string, string> }

src/session/entities/session-log-entry.entity.ts

SessionLogLevel
"info" | "warn" | "error"

src/session/dto/session-query.dto.ts

SessionSortBy
"id" | "status" | "createdAt" | "requestId"
SessionSortOrder
"asc" | "desc"
SessionType
"issuance" | "presentation"

src/shared/utils/logger/session-log-store.service.ts

SessionStoreMode
"off" | "errors" | "all" | "verbose"

src/shared/utils/config-import/config-import-orchestrator.service.ts

TenantImportFn

Type for tenant-aware import functions. Each function receives the tenant ID and processes imports for that specific tenant.

function

src/shared/utils/config-import/import-options.ts

TenantImportOptions

Import options for tenant-specific imports (without tenantId parameter in callbacks). Used with importConfigsForTenant where tenantId is passed separately.

ImportOptions<T>

src/auth/tenant/entitites/tenant.entity.ts

TenantStatus
unknown

src/issuer/issuance/oid4vci/exceptions/token-error.exception.ts

TokenErrorCode

OAuth 2.0 Token Error Codes as defined in:

OID4VCI specific clarifications:

  • invalid_request:
    • The Authorization Server does not expect a Transaction Code in the Pre-Authorized Code Flow but the Client provides one.
    • The Authorization Server expects a Transaction Code in the Pre-Authorized Code Flow but the Client does not provide one.
  • invalid_grant:
    • The End-User provides the wrong Pre-Authorized Code or the Pre-Authorized Code has expired.
  • invalid_tx_code:
    • The Authorization Server expects a Transaction Code in the Pre-Authorized Code Flow but the Client provides the wrong Transaction Code.
  • invalid_client:
    • The Client tried to send a Token Request with a Pre-Authorized Code without a Client ID but the Authorization Server does not support anonymous access.
"invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "invalid_tx_code"

src/registrar/schema-metadata/schema-metadata-submission.service.ts

TrustedAuthorityInput
NonNullable

src/issuer/trust-list/dto/trust-list-create.dto.ts

TrustListEntity
InternalTrustListEntity | ExternalTrustListEntity

results matching ""

    No results matching ""