export interface Identity { id: string; issuer: string; identifier: string; name: string; } /** * Allows the developer to asynchronously get information on the flow during the verifiable credential issuance process. * For example, the developer might want a call when the user has scanned the QR code or if the issuance request succeeds or fails. */ export type Callback = { /** * You can include a collection of HTTP headers required by the receiving end of the POST message. * The current supported header values are the api-key or the Authorization headers. * Any other header will throw an invalid callback header error */ headers?: Record; /** * Optional data that is passed to the callback endpoint. * E.g. to correlate information between the issuance request and the callback. */ state?: string; /** * URI to the callback endpoint of your application. * The URI must point to a reachable endpoint on the internet otherwise the service will throw callback URL unreadable error. * Accepted formats IPv4, IPv6 or DNS resolvable hostname */ url: string; }; export interface IssuanceRequestInput { /** The ID of the contract to use for issuing the credential. */ contractId: string; /** The ID of the identity who will receive the credential. Not required when issuing using a limited access token. */ identityId?: string; /** A collection of claim values that will be included in the credential (must match claims defined in the contract). */ claims?: Record; /** A PIN code that the user must enter to complete the issuance process. */ pin?: string; /** Server-side callback definintion */ callback?: Callback; /** Use this setting to explicitly control when a credential expires, regardless of when it is issued. */ expirationDate?: Date; /** * The issuee's photo for the purpose of face check presentation verification, also displayed via the authenticator app. * The image content type and encoding must be: `image/jpg;base64`. * For more info on the photo requirements, see the [Face Check documentation](https://learn.microsoft.com/en-us/entra/verified-id/using-facecheck#what-are-the-requirements-for-the-photo-in-the-verified-id) */ faceCheckPhoto?: string; /** * The ID of the completed photo capture request to use for the face check photo. * Please note that the photo capture request is only valid for a single issuance. * Please note that optional image data can only be provided by a single source, either from the faceCheckPhoto or the photoCaptureRequestId properties. */ photoCaptureRequestId?: string; } /** * Respresents a successful issuance. * When your app receives the response, the app needs to present the QR code to the user. * The user scans the QR code, which opens the authenticator app and starts the issuance process. */ export type IssuanceResponse = { __typename?: 'IssuanceResponse'; /** Indicates when the response will expire. */ expiry: string; /** A QR code that user can scan to start the issuance flow. */ qrCode?: string | null; /** An autogenerated request ID. The callback uses the same request, allowing you to keep track of the issuance request and its callbacks. */ requestId: string; /** A URL that launches the authenticator app and starts the issuance process. You can present this URL to the user if they can't scan the QR code. */ url: string; }; /** * Defines the logo displayed on the credential * See https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/rules-and-display-definitions-model#displaycredentiallogo-type */ export type ContractDisplayCredentialLogo = { /** The description of the logo */ description: string; /** URI of the logo */ uri: string; }; export type ContractDisplayCredential = { /** Background color of the credential */ backgroundColor: string; /** Supplemental text displayed alongside each credential */ description: string; /** The name of the issuer of the credential */ issuedBy: string; /** Logo information of the credential */ logo: ContractDisplayCredentialLogo; /** Text color of the credential */ textColor: string; /** Title of the credential */ title: string; }; /** Credential display definitions at the template level */ export type ContractDisplayModel = { card: ContractDisplayCredential; }; /** Defines a contract that can be used to issue credentials */ export type Contract = { /** * The type(s) of the contract / credential * Requires at least one type, and cannot have duplicate types */ credentialTypes: string[]; /** The full or partial credential display definition defined by this contract */ display: ContractDisplayModel; /** The unique identifier for the contract */ id: string; /** The name of the contract */ name: string; }; /** An instance of a successful contract-to-credential issuance. */ export type Issuance = { /** The contract defining the issued credential. */ contract: Contract; /** When the issued credential expires, according to the validity period of the published contract (at the time of issuance). */ expiresAt: string; id: string; issuedAt: string; }; /** The status returned for the request. */ export declare enum IssuanceRequestStatus { /** There was an error during issuance. For details, see the error property. */ IssuanceError = "issuance_error", /** The issuance of the verifiable credentials was successful. */ IssuanceSuccessful = "issuance_successful", /** The user scanned the QR code or selected the link that starts the issuance flow. */ RequestRetrieved = "request_retrieved" } /** Contains information about the error. */ export type RequestError = { code: string; message: string; }; /** The callback endpoint is called when a user scans the QR code, uses the deep link the authenticator app, or finishes the issuance process. */ export type IssuanceCallbackEvent = { /** When the code property value is issuance_error, this property contains information about the error. */ error?: RequestError | null; /** Mapped to the original request when the payload was posted to the Verifiable Credentials service. */ requestId: string; requestStatus: IssuanceRequestStatus; }; /** Data representing an issuance event (see IssuanceRequestStatus, could be received, successful, failed). */ export type IssuanceEventData = { /** The callback event data */ event: IssuanceCallbackEvent; /** The issuance data, if the issuance was successful */ issuance?: Issuance | null; }; /** The presentation request payload contains information about your verifiable credentials presentation request. */ export type PresentationRequestInput = { callback?: Callback; /** * The ID of the identity who will present (alternatively use the identity property). * Presentation identity information is only required for presentations where all requested credentials are issued by external partners. */ identityId?: string; /** A display name of the verifier of the verifiable credential. This name will be presented to the user in the authenticator app. */ clientName: string; /** A collection of RequestCredential objects representing the credentials the user needs to provide. */ requestedCredentials: Array; }; export type PresentationRequestResponse = PresentationResponse; /** The status returned for the request. */ export declare enum PresentationRequestStatus { /** The verifiable credential presentation failed, refer to the error property for details. */ PresentationError = "presentation_error", /** The verifiable credential validation completed successfully. */ PresentationVerified = "presentation_verified", /** The user scanned the QR code or selected the link that starts the presentation flow. */ RequestRetrieved = "request_retrieved" } /** Provides information about the requested credentials the user needs to provide. */ export type RequestCredential = { /** * A collection of issuers' DIDs that could issue the type of verifiable credential that subjects can present. * If not specified, the Verified Orchestration platform issuer DID will be used. * This field should only be used when requesting credentials from external issuers. */ acceptedIssuers?: string[]; /** * The verifiable credential type. * The type must match the type as defined in the issuer verifiable credential manifest. */ type: string; /** Optional settings for presentation validation. */ configuration?: RequestConfiguration | null; /** Provide information about the purpose of requesting this verifiable credential. */ purpose?: string | null; /** * Optional collection of claim constraints that must be met when a wallet selects the candidate credentials. * * This enables requesting a credential with specific claim value. * Constraints specified will use the AND logic, ie if you specify three constraints, all of them have to be met. * * For each constraint in the collection, you must select one operator of values, contains or startsWith. * Values cannot be regular expressions. * All comparisons are case-insensitive. */ constraints?: ClaimConstraint[] | null; }; /** Provides configuration information about the presentation request */ export type RequestConfiguration = { validation?: ConfigurationValidation; }; /** * A constraint to apply to one claim in the verifiable credential. * Choose one operator of `values`, `contains` or `startsWith`. */ export type ClaimConstraint = { /** Name of the claim for the constraint. This is the claim name in the verifiable credential. See outputClaim in claimMapping type. */ claimName: string; /** The constraint evaluates to true if the claim value contains the specified value. */ contains?: string; /** The constraint evaluates to true if the claim value starts with the specified value. */ startsWith?: string; /** Set of values that should match the claim value. If you specify multiple values, like ["red", "green", "blue"] it is a match if the claim value in the credential has any of the values in the collection. */ values?: string[]; }; /** Provides information about the presented credentials should be validated */ export type ConfigurationValidation = { /** Determines if a revoked credential should be accepted. Default is false (it shouldn't be accepted). */ allowRevoked?: boolean; /** * Determines whether face check validation should be performed for this credential and provides optional settings. * If wish to perform face check validation using default settings, set this field to an empty object. */ faceCheck?: FaceCheckValidationInput; /** Determines if the linked domain should be validated. Default is false. Setting this flag to false means you as a Relying Party application accept credentials from unverified linked domain. Setting this flag to true means the linked domain will be validated and only verified domains will be accepted. */ validateLinkedDomain?: boolean; }; /** Face check validation settings */ export type FaceCheckValidationInput = { /** Optional confidence threshold between 50-100. The default is 70. */ matchConfidenceThreshold?: number; }; /** Represents a successful presentation request response */ export type PresentationResponse = { /** Indicates when the response will expire. */ expiry: number; /** A QR code that the user can scan to start the presentation flow. */ qrCode: string; /** An autogenerated request ID. The callback uses the same request, allowing you to keep track of the presentation request and its callbacks. */ requestId: string; /** A URL that launches the authenticator app and starts the presentation process. You can present this URL to the user if they can't scan the QR code. */ url: string; }; /** Data representing an presentation event (see PresentationRequestStatus, could be received, successful, failed). */ export type PresentationEventData = { /** The callback event data */ event: PresentationCallbackEvent; /** The presentation data, if the presentation was successful */ presentation?: Presentation | null; }; /** The callback endpoint is called when a user scans the QR code, uses the deep link the authenticator app, or finishes the issuance process. */ export type PresentationCallbackEvent = { /** When the requestStatus property value is presentation_error, this property contains information about the error. */ error?: RequestError | null; /** Mapped to the original request when the payload was posted to the Verifiable Credentials service. */ requestId: string; requestStatus: PresentationRequestStatus; }; /** An instance of a successful credential presentation. */ export type Presentation = { id: string; /** The identity of the person who presented the credential (if known). */ identity?: Identity | null; /** The issuances that were presented (which may be none, if the presented credentials were from an external issuer) */ issuances: Array; /** The partners who issued the credentials that were presented (which may be none, if the presented credentials were internal) */ partners: Array; presentedAt: string; /** The credentials that were presented (excluding claims data) */ presentedCredentials: Array; }; /** An instance of a successful contract-to-credential issuance. */ export type PresentationIssuance = { /** The contract defining the issued credential. */ contract: Contract; /** When the issued credential expires, according to the validity period of the published contract (at the time of issuance). */ expiresAt: string; id: string; issuedAt: string; /** When the credential was revoked. */ revokedAt?: string | null; /** The issuance status. */ status: IssuanceStatus; }; /** The status of the issuance. */ export declare enum IssuanceStatus { Active = "active", Expired = "expired", Revoked = "revoked" } /** A credential that was presented */ export type PresentedCredential = { claims: Record; credentialState: { revocationStatus: 'REVOKED' | 'VALID'; }; domainValidation: { url: string; } | null; issuer: string; type: string[]; }; /** A credential issuer partner trusted by the platform */ export type Partner = { /** * The type(s) of the contract / credential * Requires at least one type, and cannot have duplicate types */ credentialTypes: string[]; /** The DID of the partner */ did: string; /** The local id of this partner */ id: string; /** Domains linked to this partner's DID */ linkedDomainUrls?: string[] | null; /** The name of the partner */ name: string; }; /** * Input required to create a photo capture request. * A photo capture can only be used for a single issuance for a single identity. */ export type PhotoCaptureRequestInput = { /** The ID of the contract which will be issued with captured photo. */ contractId: string; /** The ID of the identity who will be issued a credential with the captured photo. Not required when using a limited access token. */ identityId?: string; }; /** The ID, URL and QR code for a photo capture request */ export type PhotoCaptureResponse = { /** The ID of the photo capture request, which can be included in a subsequent issuance request to use the captured photo. */ id: string; /** The QR code in (data URL format) which can be scanned to capture a photo. */ photoCaptureQrCode: string; /** The URL which can be opened to capture a photo. */ photoCaptureUrl: string; }; /** Data for a photo capture event */ export type PhotoCaptureEventData = { /** The status of the photo capture process. */ status: PhotoCaptureStatus; }; /** The status of the photo capture process */ export declare enum PhotoCaptureStatus { /** The photo capture has not yet started */ NotStarted = "not_started", /** The photo capture has been started */ Started = "started", /** The photo has been successfully captured */ Complete = "complete" } /** Specifes which credential can be presented for authentication. */ export type AuthnRequestCredential = { /** * A collection of issuers' DIDs that could issue the type of verifiable credential that subjects can present. * If not specified, the Verified Orchestration platform issuer DID will be used. * This field should only be used when requesting credentials from external issuers. */ acceptedIssuers?: string[] | null; /** Optional settings for presentation validation. */ configuration?: RequestConfiguration | null; /** * The verifiable credential type. * The type must match the type as defined in the issuer verifiable credential manifest. */ type?: string | null; /** * Optional collection of claim constraints that must be met when a wallet selects the candidate credentials. * * This enables requesting a credential with specific claim value. * Constraints specified will use the AND logic, ie if you specify three constraints, all of them have to be met. * * For each constraint in the collection, you must select one operator of values, contains or startsWith. * Values cannot be regular expressions. * All comparisons are case-insensitive. */ constraints?: ClaimConstraint[] | null; };