@eudiplo/sdk-core 4.0.0 → 4.2.0

package/dist/{types.gen-sNmRQvUI.d.ts → types.gen-5zlqZUfP.d.ts}

@@ -1,11 +1,31 @@
 type ClientOptions = {
     baseUrl: string;
 };
+type GrafanaConfigDto = {
+    /**
+     * Base URL of the Grafana instance
+     */
+    url?: string;
+    /**
+     * UID of the Tempo data source in Grafana
+     */
+    tempoUid: string;
+    /**
+     * UID of the Loki data source in Grafana
+     */
+    lokiUid: string;
+};
+type FrontendConfigResponseDto = {
+    /**
+     * Grafana observability configuration
+     */
+    grafana: GrafanaConfigDto;
+};
 type RoleDto = {
     /**
      * OAuth2 roles
      */
-    role: "presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage";
+    role: "presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage";
 };
 type ClientCredentialsDto = {
     grant_type?: string;
@@ -118,7 +138,7 @@ type ClientEntity = {
     /**
      * The roles assigned to the client.
      */
-    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
     /**
      * The tenant that the client belongs to.
      */
@@ -129,11 +149,6 @@ type CreateTenantDto = {
      * Status list configuration for this tenant. Only affects newly created status lists.
      */
     statusListConfig?: StatusListConfig;
-    /**
-     * Session storage configuration. Controls TTL and cleanup behavior.
-     */
-    sessionConfig?: SessionStorageConfig;
-    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
     /**
      * The unique identifier for the tenant.
      */
@@ -146,16 +161,17 @@ type CreateTenantDto = {
      * The description of the tenant.
      */
     description?: string;
+    /**
+     * Session storage configuration. Controls TTL and cleanup behavior.
+     */
+    sessionConfig?: SessionStorageConfig;
+    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
 };
 type UpdateTenantDto = {
     /**
      * Status list configuration for this tenant. Only affects newly created status lists.
      */
     statusListConfig?: StatusListConfig;
-    /**
-     * Session storage configuration. Controls TTL and cleanup behavior.
-     */
-    sessionConfig?: SessionStorageConfig;
     /**
      * The name of the tenant.
      */
@@ -164,7 +180,11 @@ type UpdateTenantDto = {
      * The description of the tenant.
      */
     description?: string;
-    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    /**
+     * Session storage configuration. Controls TTL and cleanup behavior.
+     */
+    sessionConfig?: SessionStorageConfig;
+    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
 };
 type ClientSecretResponseDto = {
     secret: string;
@@ -185,7 +205,7 @@ type UpdateClientDto = {
     /**
      * The roles assigned to the client.
      */
-    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
 };
 type CreateClientDto = {
     /**
@@ -211,7 +231,7 @@ type CreateClientDto = {
     /**
      * The roles assigned to the client.
      */
-    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
 };
 type StatusListImportDto = {
     /**
@@ -350,6 +370,14 @@ type AuthorizeQueries = {
     request_uri?: string;
     auth_session?: string;
     state?: string;
+    /**
+     * RFC 9396 authorization details. When passed via
+     * application/x-www-form-urlencoded (PAR) the value is a JSON string; when
+     * passed inside a signed request object it can already be an array.
+     */
+    authorization_details?: {
+        [key: string]: unknown;
+    };
 };
 type OfferRequestDto = {
     /**
@@ -436,6 +464,10 @@ type WebhookConfig = {
      * If not provided, no authentication will be used.
      */
     auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    /**
+     * List of credential IDs to include raw tokens for (e.g., ['sca_credential'])
+     */
+    includeRawTokensFor?: Array<string>;
     /**
      * The URL to which the webhook will send notifications.
      */
@@ -479,6 +511,15 @@ type Session = {
      */
     tenant: TenantEntity;
     authorization_code?: string;
+    /**
+     * Refresh token for the session - used to obtain a new access token.
+     */
+    refresh_token?: string;
+    /**
+     * Expiration timestamp for the refresh token.
+     * Used to validate refresh_token grant requests.
+     */
+    refresh_token_expires_at?: string;
     /**
      * Request URI from the authorization request.
      */
@@ -538,6 +579,18 @@ type Session = {
      * Client ID used in the OID4VP authorization request.
      */
     clientId?: string;
+    /**
+     * Cryptographic random nonce used in wallet-facing URLs (response_uri, request_uri, state).
+     * Per OID4VP spec Section 13.3, this separates the wallet-facing identifier (request-id)
+     * from the frontend-facing session ID (transaction-id) to prevent session fixation.
+     */
+    walletNonce?: string;
+    /**
+     * Cryptographic random code generated after successful VP Token processing.
+     * Per OID4VP spec Section 13.3, included in redirect_uri so only the legitimate
+     * frontend (which receives the redirect) can confirm the session completed.
+     */
+    responseCode?: string;
     /**
      * Response URI used in the OID4VP authorization request.
      */
@@ -561,6 +614,17 @@ type Session = {
      * Used to identify the user at the external AS.
      */
     externalSubject?: string;
+    /**
+     * Error reason if the session failed.
+     * Stores the error message when status is 'failed'.
+     */
+    errorReason?: string;
+    /**
+     * Number of failed tx_code (transaction code) validation attempts.
+     * Used to enforce brute-force protection in the pre-authorized code flow.
+     * Reset implicitly when the session is consumed successfully.
+     */
+    txCodeFailedAttempts: number;
 };
 type SessionLogEntryResponseDto = {
     /**
@@ -620,6 +684,39 @@ type UpdateSessionConfigDto = {
      */
     cleanupMode?: "full" | "anonymize";
 };
+type ManagedUserDto = {
+    id: string;
+    username: string;
+    email?: string;
+    enabled: boolean;
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
+    tenantId?: string;
+    /**
+     * One-time temporary password returned only on user creation.
+     */
+    temporaryPassword?: string;
+};
+type CreateUserDto = {
+    username: string;
+    email?: string;
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
+    /**
+     * One-time temporary password returned only on user creation.
+     */
+    temporaryPassword?: string;
+    enabled?: boolean;
+};
+type UpdateUserDto = {
+    username?: string;
+    email?: string;
+    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "users:manage" | "tenants:manage" | "registrar:manage">;
+    /**
+     * One-time temporary password returned only on user creation.
+     */
+    temporaryPassword?: string;
+    enabled?: boolean;
+    password?: string;
+};
 type AuthenticationMethodNone = {
     method: "none";
 };
@@ -714,6 +811,26 @@ type IssuanceConfig = {
      * to an upstream OIDC provider while issuing its own tokens with issuer_state.
      */
     chainedAs?: ChainedAsConfig;
+    /**
+     * Whether refresh tokens should be issued for OID4VCI token responses.
+     */
+    refreshTokenEnabled?: boolean;
+    /**
+     * Whether `credential_response_encryption` should be advertised in the credential issuer metadata.
+     */
+    credentialResponseEncryption?: boolean;
+    /**
+     * Whether `credential_request_encryption` should be advertised in the credential issuer metadata.
+     */
+    credentialRequestEncryption?: boolean;
+    /**
+     * Refresh token lifetime in seconds. Defaults to 2592000 (30 days).
+     */
+    refreshTokenExpiresInSeconds?: number;
+    /**
+     * Maximum failed tx_code attempts before the pre-authorized code is invalidated. Defaults to 5.
+     */
+    txCodeMaxAttempts?: number;
     /**
      * The tenant that owns this object.
      */
@@ -771,6 +888,26 @@ type IssuanceDto = {
      * to an upstream OIDC provider while issuing its own tokens with issuer_state.
      */
     chainedAs?: ChainedAsConfig;
+    /**
+     * Whether refresh tokens should be issued for OID4VCI token responses.
+     */
+    refreshTokenEnabled?: boolean;
+    /**
+     * Whether `credential_response_encryption` should be advertised in the credential issuer metadata.
+     */
+    credentialResponseEncryption?: boolean;
+    /**
+     * Whether `credential_request_encryption` should be advertised in the credential issuer metadata.
+     */
+    credentialRequestEncryption?: boolean;
+    /**
+     * Refresh token lifetime in seconds. Defaults to 2592000 (30 days).
+     */
+    refreshTokenExpiresInSeconds?: number;
+    /**
+     * Maximum failed tx_code attempts before the pre-authorized code is invalidated. Defaults to 5.
+     */
+    txCodeMaxAttempts?: number;
     /**
      * Authentication server URL for the issuance process.
      */
@@ -893,9 +1030,31 @@ type IaeActionRedirectToWeb = {
      */
     description?: string;
 };
+type WebhookEndpointEntity = {
+    /**
+     * Unique identifier for the webhook endpoint
+     */
+    id: string;
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    tenantId: string;
+    tenant: TenantEntity;
+    name: string;
+    description?: string;
+    url: string;
+};
 type EmbeddedDisclosurePolicy = {
     policy: string;
 };
+type KeyAttestationsRequired = {
+    /**
+     * List of required key storage types (e.g., iso_18045_high, iso_18045_moderate)
+     */
+    key_storage?: Array<string>;
+    /**
+     * List of required user authentication types (e.g., iso_18045_high, iso_18045_moderate)
+     */
+    user_authentication?: Array<string>;
+};
 type DisplayImage = {
     uri: string;
 };
@@ -908,7 +1067,37 @@ type Display = {
     background_image?: DisplayImage;
     logo?: DisplayImage;
 };
+type ClaimDisplayInfo = {
+    /**
+     * Human-readable name for the claim
+     */
+    name?: string;
+    /**
+     * Locale identifier (e.g., en-US, de-DE)
+     */
+    locale?: string;
+};
+type ClaimMetadata = {
+    /**
+     * Path to the claim. For SD-JWT: JSONPath-like array. For mDOC: [namespace, claim_name]
+     */
+    path: Array<string>;
+    /**
+     * Whether this claim must be disclosed
+     */
+    mandatory?: boolean;
+    /**
+     * Display information for the claim in different locales
+     */
+    display?: Array<ClaimDisplayInfo>;
+};
 type IssuerMetadataCredentialConfig = {
+    /**
+     * Key attestation requirements for JWT proofs for this credential.
+     * When set, this is published in proof_types_supported.jwt.key_attestations_required
+     * for this specific credential configuration.
+     */
+    keyAttestationsRequired?: KeyAttestationsRequired;
     format: "mso_mdoc" | "dc+sd-jwt";
     display: Array<Display>;
     scope?: string;
@@ -936,6 +1125,19 @@ type IssuerMetadataCredentialConfig = {
     claimsByNamespace?: {
         [key: string]: unknown;
     };
+    /**
+     * Claims metadata for wallet rendering.
+     * Follows the OID4VCI credential_metadata.claims specification.
+     * Each claim includes a path (JSONPath-like array), optional mandatory flag,
+     * and display information with multi-language support.
+     *
+     * Example:
+     * [
+     * { "path": ["given_name"], "mandatory": false, "display": [{ "name": "Given Name", "locale": "en-US" }] },
+     * { "path": ["address", "street_address"], "display": [{ "name": "Street Address", "locale": "en-US" }] }
+     * ]
+     */
+    claimsMetadata?: Array<ClaimMetadata>;
 };
 type AttributeProviderEntity = {
     auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
@@ -946,15 +1148,6 @@ type AttributeProviderEntity = {
     description?: string;
     url: string;
 };
-type WebhookEndpointEntity = {
-    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
-    id: string;
-    tenantId: string;
-    tenant: TenantEntity;
-    name: string;
-    description?: string;
-    url: string;
-};
 type KeyChainEntity = {
     /**
      * Unique identifier for the key chain.
@@ -1202,15 +1395,21 @@ type UpdateAttributeProviderDto = {
     url?: string;
 };
 type CreateWebhookEndpointDto = {
-    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    /**
+     * Unique identifier for the webhook endpoint
+     */
     id: string;
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
     name: string;
     description?: string;
     url: string;
 };
 type UpdateWebhookEndpointDto = {
-    auth?: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    /**
+     * Unique identifier for the webhook endpoint
+     */
     id?: string;
+    auth?: WebHookAuthConfigNone | WebHookAuthConfigHeader;
     name?: string;
     description?: string;
     url?: string;
@@ -1219,11 +1418,38 @@ type Dcql = {
     credentials: Array<CredentialQuery>;
     credential_sets?: Array<CredentialSetQuery>;
 };
+type RegistrationCertificatePurpose = {
+    lang: string;
+    content: string;
+};
+type RegistrationCertificateBody = {
+    privacy_policy?: string;
+    support_uri?: string;
+    intermediary?: string;
+    purpose?: Array<RegistrationCertificatePurpose>;
+    credentials?: Array<{
+        [key: string]: unknown;
+    }>;
+    provided_attestations?: Array<{
+        [key: string]: unknown;
+    }>;
+};
 type RegistrationCertificateRequest = {
     /**
-     * The body of the registration certificate request containing the necessary details.
+     * Optional registrar-side certificate identifier.
+     * If provided and still valid, EUDIPLO reuses it instead of creating a new certificate.
      */
-    jwt: string;
+    id?: string;
+    /**
+     * Registration certificate creation payload.
+     * This is merged with tenant-level registrar defaults when a certificate is created.
+     */
+    body?: RegistrationCertificateBody;
+    /**
+     * Optional pre-existing registration certificate JWT.
+     * If provided, EUDIPLO forwards it as-is and does not create a new one.
+     */
+    jwt?: string;
 };
 type PresentationAttachment = {
     format: string;
@@ -1233,6 +1459,12 @@ type PresentationAttachment = {
     credential_ids?: Array<string>;
 };
 type PresentationConfig = {
+    /**
+     * Server-managed cache of the materialized registration certificate. Read-only; values supplied by clients are ignored.
+     */
+    readonly registrationCertCache?: {
+        [key: string]: unknown;
+    };
     /**
      * Unique identifier for the VP request.
      */
@@ -1290,6 +1522,12 @@ type PresentationConfig = {
      */
     accessKeyChainId?: string;
 };
+type ResolveIssuerMetadataDto = {
+    /**
+     * Issuer URL or full OpenID4VCI metadata URL to resolve server-side.
+     */
+    issuerUrl: string;
+};
 type PresentationConfigCreateDto = {
     /**
      * Unique identifier for the VP request.
@@ -1382,6 +1620,112 @@ type PresentationConfigUpdateDto = {
      */
     accessKeyChainId?: string;
 };
+type RegistrationCertificateDefaults = {
+    /**
+     * Default privacy policy URL for registration certificate creation.
+     */
+    privacy_policy?: string;
+    /**
+     * Default support contact URI for registration certificate creation.
+     */
+    support_uri?: string;
+};
+type RegistrarConfigResponseDto = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username: string;
+    /**
+     * Optional default values merged into registration certificate creation requests (for example privacy_policy, support_uri)
+     */
+    registrationCertificateDefaults?: RegistrationCertificateDefaults;
+    /**
+     * Indicates whether a password is configured (actual password is never returned)
+     */
+    hasPassword: boolean;
+};
+type CreateRegistrarConfigDto = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username: string;
+    /**
+     * The password for OIDC login (stored in plaintext)
+     */
+    password: string;
+    /**
+     * Optional default values merged into registration certificate creation requests (for example privacy_policy, support_uri)
+     */
+    registrationCertificateDefaults?: RegistrationCertificateDefaults;
+};
+type UpdateRegistrarConfigDto = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl?: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl?: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId?: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username?: string;
+    /**
+     * The password for OIDC login (stored in plaintext)
+     */
+    password?: string;
+    /**
+     * Optional default values merged into registration certificate creation requests (for example privacy_policy, support_uri)
+     */
+    registrationCertificateDefaults?: RegistrationCertificateDefaults;
+};
+type CreateAccessCertificateDto = {
+    /**
+     * The ID of the key to create an access certificate for
+     */
+    keyId: string;
+};
 type DeferredCredentialRequestDto = {
     /**
      * The transaction identifier previously returned by the Credential Endpoint
@@ -1394,6 +1738,9 @@ type NotificationRequestDto = {
         [key: string]: unknown;
     };
 };
+type Object$1 = {
+    [key: string]: unknown;
+};
 type ParResponseDto = {
     /**
      * The request URI for the Pushed Authorization Request.
@@ -1488,46 +1835,6 @@ type InteractiveAuthorizationErrorResponseDto = {
      */
     error_description?: string;
 };
-type ChainedAsParRequestDto = {
-    /**
-     * OAuth response type (must be 'code')
-     */
-    response_type: string;
-    /**
-     * Client identifier (wallet identifier)
-     */
-    client_id: string;
-    /**
-     * URI to redirect the wallet after authorization
-     */
-    redirect_uri: string;
-    /**
-     * PKCE code challenge
-     */
-    code_challenge?: string;
-    /**
-     * PKCE code challenge method (e.g., S256)
-     */
-    code_challenge_method?: string;
-    /**
-     * State parameter (returned in redirect)
-     */
-    state?: string;
-    /**
-     * Scope requested
-     */
-    scope?: string;
-    /**
-     * Issuer state from credential offer
-     */
-    issuer_state?: string;
-    /**
-     * Authorization details (JSON array)
-     */
-    authorization_details?: Array<{
-        [key: string]: unknown;
-    }>;
-};
 type ChainedAsParResponseDto = {
     /**
      * The request URI to use at the authorization endpoint
@@ -1550,13 +1857,17 @@ type ChainedAsErrorResponseDto = {
 };
 type ChainedAsTokenRequestDto = {
     /**
-     * Grant type (must be 'authorization_code')
+     * Grant type ('authorization_code' or 'refresh_token')
      */
     grant_type: string;
     /**
-     * Authorization code received in the callback
+     * Authorization code received in the callback (authorization_code grant)
      */
-    code: string;
+    code?: string;
+    /**
+     * Refresh token (refresh_token grant)
+     */
+    refresh_token?: string;
     /**
      * Client identifier
      */
@@ -1601,6 +1912,10 @@ type ChainedAsTokenResponseDto = {
      * C_NONCE lifetime in seconds
      */
     c_nonce_expires_in?: number;
+    /**
+     * Refresh token (issued when refresh tokens are enabled)
+     */
+    refresh_token?: string;
 };
 type OfferResponse = {
     uri: string;
@@ -1664,105 +1979,27 @@ type JwksResponseDto = {
 };
 type AuthorizationResponse = {
     /**
-     * The response string containing the authorization details.
+     * The response string containing the authorization details (JWE-encrypted VP token).
+     * Required for success responses, absent for error responses.
      */
-    response: string;
+    response?: string;
     /**
      * When set to true, the authorization response will be sent to the client.
      */
     sendResponse?: boolean;
-};
-type RegistrarConfigEntity = {
-    /**
-     * The base URL of the registrar API
-     */
-    registrarUrl: string;
-    /**
-     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
-     */
-    oidcUrl: string;
-    /**
-     * The OIDC client ID for the registrar
-     */
-    clientId: string;
-    /**
-     * The OIDC client secret (optional, for confidential clients)
-     */
-    clientSecret?: string;
-    /**
-     * The username for OIDC login
-     */
-    username: string;
-    /**
-     * The password for OIDC login (stored in plaintext)
-     */
-    password: string;
-    /**
-     * The tenant ID this configuration belongs to.
-     */
-    tenantId: string;
-    /**
-     * The tenant that owns this configuration.
-     */
-    tenant: TenantEntity;
-};
-type CreateRegistrarConfigDto = {
-    /**
-     * The base URL of the registrar API
-     */
-    registrarUrl: string;
-    /**
-     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
-     */
-    oidcUrl: string;
-    /**
-     * The OIDC client ID for the registrar
-     */
-    clientId: string;
-    /**
-     * The OIDC client secret (optional, for confidential clients)
-     */
-    clientSecret?: string;
-    /**
-     * The username for OIDC login
-     */
-    username: string;
-    /**
-     * The password for OIDC login (stored in plaintext)
-     */
-    password: string;
-};
-type UpdateRegistrarConfigDto = {
-    /**
-     * The base URL of the registrar API
-     */
-    registrarUrl?: string;
-    /**
-     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
-     */
-    oidcUrl?: string;
-    /**
-     * The OIDC client ID for the registrar
-     */
-    clientId?: string;
-    /**
-     * The OIDC client secret (optional, for confidential clients)
-     */
-    clientSecret?: string;
+    error?: string;
     /**
-     * The username for OIDC login
+     * Human-readable description of the error.
      */
-    username?: string;
+    error_description?: string;
     /**
-     * The password for OIDC login (stored in plaintext)
+     * URI with additional information about the error.
      */
-    password?: string;
-};
-type CreateAccessCertificateDto = {
+    error_uri?: string;
     /**
-     * The ID of the key to create an access certificate for
+     * State value from the authorization request (for correlation).
      */
-    keyId: string;
+    state?: string;
 };
 type TrustListEntityInfo = {
     name: string;
@@ -1787,20 +2024,20 @@ type ExternalTrustListEntity = {
     info: TrustListEntityInfo;
 };
 type TrustListCreateDto = {
-    entities: Array<({
-        type: "internal";
-    } & InternalTrustListEntity) | ({
-        type: "external";
-    } & ExternalTrustListEntity)>;
-    id?: string;
     description?: string;
-    keyChainId?: string;
     /**
      * The full trust list JSON (generated LoTE structure)
      */
     data?: {
         [key: string]: unknown;
     };
+    entities: Array<({
+        type: "internal";
+    } & InternalTrustListEntity) | ({
+        type: "external";
+    } & ExternalTrustListEntity)>;
+    id?: string;
+    keyChainId?: string;
 };
 type TrustList = {
     /**
@@ -2250,6 +2487,67 @@ type PresentationRequest = {
 type FileUploadDto = {
     file: Blob | File;
 };
+type PresentationConfigWritable = {
+    /**
+     * Unique identifier for the VP request.
+     */
+    id: string;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    /**
+     * Description of the presentation configuration.
+     */
+    description?: string;
+    /**
+     * Lifetime how long the presentation request is valid after creation, in seconds.
+     */
+    lifeTime?: number;
+    /**
+     * The DCQL query to be used for the VP request.
+     */
+    dcql_query: Dcql;
+    transaction_data?: Array<TransactionData>;
+    /**
+     * The registration certificate request containing the necessary details.
+     */
+    registrationCert?: RegistrationCertificateRequest;
+    /**
+     * Optional webhook URL to receive the response.
+     */
+    webhook?: WebhookConfig;
+    /**
+     * The timestamp when the VP request was created.
+     */
+    createdAt: string;
+    /**
+     * The timestamp when the VP request was last updated.
+     */
+    updatedAt: string;
+    /**
+     * Attestation that should be attached
+     */
+    attached?: Array<PresentationAttachment>;
+    /**
+     * Redirect URI to which the user-agent should be redirected after the presentation is completed.
+     * You can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.
+     */
+    redirectUri?: string;
+    /**
+     * Optional ID of the access certificate to use for signing the presentation request.
+     * If not provided, the default access certificate for the tenant will be used.
+     *
+     * Note: This is intentionally NOT a TypeORM relationship because CertEntity uses
+     * a composite primary key (id + tenantId), and SQLite cannot create foreign keys
+     * that reference only part of a composite primary key. The relationship is handled
+     * at the application level in the service layer.
+     */
+    accessKeyChainId?: string;
+};
+type ObjectWritable = {
+    [key: string]: unknown;
+};
 type AppControllerGetVersionData = {
     body?: never;
     path?: never;
@@ -2262,6 +2560,19 @@ type AppControllerGetVersionResponses = {
      */
     200: unknown;
 };
+type AppControllerGetFrontendConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/frontend-config";
+};
+type AppControllerGetFrontendConfigResponses = {
+    /**
+     * Frontend configuration
+     */
+    200: FrontendConfigResponseDto;
+};
+type AppControllerGetFrontendConfigResponse = AppControllerGetFrontendConfigResponses[keyof AppControllerGetFrontendConfigResponses];
 type TenantControllerGetTenantsData = {
     body?: never;
     path?: never;
@@ -2636,6 +2947,61 @@ type SessionEventsControllerSubscribeToSessionEventsData = {
 type SessionEventsControllerSubscribeToSessionEventsResponses = {
     200: unknown;
 };
+type UserControllerGetUsersData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/user";
+};
+type UserControllerGetUsersResponses = {
+    200: Array<ManagedUserDto>;
+};
+type UserControllerGetUsersResponse = UserControllerGetUsersResponses[keyof UserControllerGetUsersResponses];
+type UserControllerCreateUserData = {
+    body: CreateUserDto;
+    path?: never;
+    query?: never;
+    url: "/api/user";
+};
+type UserControllerCreateUserResponses = {
+    201: ManagedUserDto;
+};
+type UserControllerCreateUserResponse = UserControllerCreateUserResponses[keyof UserControllerCreateUserResponses];
+type UserControllerDeleteUserData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/user/{id}";
+};
+type UserControllerDeleteUserResponses = {
+    200: unknown;
+};
+type UserControllerGetUserData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/user/{id}";
+};
+type UserControllerGetUserResponses = {
+    200: ManagedUserDto;
+};
+type UserControllerGetUserResponse = UserControllerGetUserResponses[keyof UserControllerGetUserResponses];
+type UserControllerUpdateUserData = {
+    body: UpdateUserDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/user/{id}";
+};
+type UserControllerUpdateUserResponses = {
+    200: ManagedUserDto;
+};
+type UserControllerUpdateUserResponse = UserControllerUpdateUserResponses[keyof UserControllerUpdateUserResponses];
 type IssuanceConfigControllerGetIssuanceConfigurationsData = {
     body?: never;
     path?: never;
@@ -2811,8 +3177,9 @@ type WebhookEndpointControllerGetAllResponses = {
     /**
      * List of webhook endpoints
      */
-    200: unknown;
+    200: Array<WebhookEndpointEntity>;
 };
+type WebhookEndpointControllerGetAllResponse = WebhookEndpointControllerGetAllResponses[keyof WebhookEndpointControllerGetAllResponses];
 type WebhookEndpointControllerCreateData = {
     body: CreateWebhookEndpointDto;
     path?: never;
@@ -2902,11 +3269,27 @@ type PresentationManagementControllerStorePresentationConfigData = {
     url: "/api/verifier/config";
 };
 type PresentationManagementControllerStorePresentationConfigResponses = {
-    201: {
-        [key: string]: unknown;
-    };
+    201: PresentationConfig;
 };
 type PresentationManagementControllerStorePresentationConfigResponse = PresentationManagementControllerStorePresentationConfigResponses[keyof PresentationManagementControllerStorePresentationConfigResponses];
+type PresentationManagementControllerResolveIssuerMetadataData = {
+    body: ResolveIssuerMetadataDto;
+    path?: never;
+    query?: never;
+    url: "/api/verifier/config/issuer-metadata/resolve";
+};
+type PresentationManagementControllerResolveIssuerMetadataErrors = {
+    /**
+     * Invalid issuer URL or metadata could not be resolved
+     */
+    400: unknown;
+};
+type PresentationManagementControllerResolveIssuerMetadataResponses = {
+    /**
+     * Resolved credential issuer metadata
+     */
+    200: unknown;
+};
 type PresentationManagementControllerDeleteConfigurationData = {
     body?: never;
     path: {
@@ -2939,11 +3322,29 @@ type PresentationManagementControllerUpdateConfigurationData = {
     url: "/api/verifier/config/{id}";
 };
 type PresentationManagementControllerUpdateConfigurationResponses = {
-    200: {
-        [key: string]: unknown;
-    };
+    200: PresentationConfig;
 };
 type PresentationManagementControllerUpdateConfigurationResponse = PresentationManagementControllerUpdateConfigurationResponses[keyof PresentationManagementControllerUpdateConfigurationResponses];
+type PresentationManagementControllerReissueRegistrationCertificateData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/verifier/config/{id}/registration-cert/reissue";
+};
+type PresentationManagementControllerReissueRegistrationCertificateErrors = {
+    /**
+     * Config has no registrationCert spec or registrar is not enabled
+     */
+    400: unknown;
+};
+type PresentationManagementControllerReissueRegistrationCertificateResponses = {
+    /**
+     * Updated presentation configuration
+     */
+    200: unknown;
+};
 type CacheControllerGetStatsData = {
     body?: never;
     path?: never;
@@ -2995,61 +3396,6 @@ type CacheControllerClearStatusListCacheResponses = {
     204: void;
 };
 type CacheControllerClearStatusListCacheResponse = CacheControllerClearStatusListCacheResponses[keyof CacheControllerClearStatusListCacheResponses];
-type CredentialOfferControllerGetOfferData = {
-    body: OfferRequestDto;
-    path?: never;
-    query?: never;
-    url: "/api/issuer/offer";
-};
-type CredentialOfferControllerGetOfferResponses = {
-    /**
-     * JSON response
-     */
-    201: OfferResponse;
-};
-type CredentialOfferControllerGetOfferResponse = CredentialOfferControllerGetOfferResponses[keyof CredentialOfferControllerGetOfferResponses];
-type DeferredControllerCompleteDeferredData = {
-    body: CompleteDeferredDto;
-    path: {
-        transactionId: string;
-    };
-    query?: never;
-    url: "/api/issuer/deferred/{transactionId}/complete";
-};
-type DeferredControllerCompleteDeferredErrors = {
-    /**
-     * Transaction not found
-     */
-    404: unknown;
-};
-type DeferredControllerCompleteDeferredResponses = {
-    /**
-     * Transaction completed successfully
-     */
-    200: DeferredOperationResponse;
-};
-type DeferredControllerCompleteDeferredResponse = DeferredControllerCompleteDeferredResponses[keyof DeferredControllerCompleteDeferredResponses];
-type DeferredControllerFailDeferredData = {
-    body?: FailDeferredDto;
-    path: {
-        transactionId: string;
-    };
-    query?: never;
-    url: "/api/issuer/deferred/{transactionId}/fail";
-};
-type DeferredControllerFailDeferredErrors = {
-    /**
-     * Transaction not found
-     */
-    404: unknown;
-};
-type DeferredControllerFailDeferredResponses = {
-    /**
-     * Transaction marked as failed
-     */
-    200: DeferredOperationResponse;
-};
-type DeferredControllerFailDeferredResponse = DeferredControllerFailDeferredResponses[keyof DeferredControllerFailDeferredResponses];
 type RegistrarControllerDeleteConfigData = {
     body?: never;
     path?: never;
@@ -3079,7 +3425,7 @@ type RegistrarControllerGetConfigResponses = {
     /**
      * The registrar configuration
      */
-    200: RegistrarConfigEntity;
+    200: RegistrarConfigResponseDto;
 };
 type RegistrarControllerGetConfigResponse = RegistrarControllerGetConfigResponses[keyof RegistrarControllerGetConfigResponses];
 type RegistrarControllerUpdateConfigData = {
@@ -3102,7 +3448,7 @@ type RegistrarControllerUpdateConfigResponses = {
     /**
      * Configuration updated successfully
      */
-    200: RegistrarConfigEntity;
+    200: RegistrarConfigResponseDto;
 };
 type RegistrarControllerUpdateConfigResponse = RegistrarControllerUpdateConfigResponses[keyof RegistrarControllerUpdateConfigResponses];
 type RegistrarControllerCreateConfigData = {
@@ -3121,7 +3467,7 @@ type RegistrarControllerCreateConfigResponses = {
     /**
      * Configuration created successfully
      */
-    201: RegistrarConfigEntity;
+    201: RegistrarConfigResponseDto;
 };
 type RegistrarControllerCreateConfigResponse = RegistrarControllerCreateConfigResponses[keyof RegistrarControllerCreateConfigResponses];
 type RegistrarControllerCreateAccessCertificateData = {
@@ -3156,6 +3502,61 @@ type RegistrarControllerCreateAccessCertificateResponses = {
     };
 };
 type RegistrarControllerCreateAccessCertificateResponse = RegistrarControllerCreateAccessCertificateResponses[keyof RegistrarControllerCreateAccessCertificateResponses];
+type CredentialOfferControllerGetOfferData = {
+    body: OfferRequestDto;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/offer";
+};
+type CredentialOfferControllerGetOfferResponses = {
+    /**
+     * JSON response
+     */
+    201: OfferResponse;
+};
+type CredentialOfferControllerGetOfferResponse = CredentialOfferControllerGetOfferResponses[keyof CredentialOfferControllerGetOfferResponses];
+type DeferredControllerCompleteDeferredData = {
+    body: CompleteDeferredDto;
+    path: {
+        transactionId: string;
+    };
+    query?: never;
+    url: "/api/issuer/deferred/{transactionId}/complete";
+};
+type DeferredControllerCompleteDeferredErrors = {
+    /**
+     * Transaction not found
+     */
+    404: unknown;
+};
+type DeferredControllerCompleteDeferredResponses = {
+    /**
+     * Transaction completed successfully
+     */
+    200: DeferredOperationResponse;
+};
+type DeferredControllerCompleteDeferredResponse = DeferredControllerCompleteDeferredResponses[keyof DeferredControllerCompleteDeferredResponses];
+type DeferredControllerFailDeferredData = {
+    body?: FailDeferredDto;
+    path: {
+        transactionId: string;
+    };
+    query?: never;
+    url: "/api/issuer/deferred/{transactionId}/fail";
+};
+type DeferredControllerFailDeferredErrors = {
+    /**
+     * Transaction not found
+     */
+    404: unknown;
+};
+type DeferredControllerFailDeferredResponses = {
+    /**
+     * Transaction marked as failed
+     */
+    200: DeferredOperationResponse;
+};
+type DeferredControllerFailDeferredResponse = DeferredControllerFailDeferredResponses[keyof DeferredControllerFailDeferredResponses];
 type TrustListControllerGetAllTrustListsData = {
     body?: never;
     path?: never;
@@ -3399,7 +3800,6 @@ type KeyChainControllerRotateResponses = {
      * Key chain rotated successfully
      */
     200: unknown;
-    201: unknown;
 };
 type VerifierOfferControllerGetOfferData = {
     body: PresentationRequest;
@@ -3415,9 +3815,6 @@ type VerifierOfferControllerGetOfferResponses = {
 };
 type VerifierOfferControllerGetOfferResponse = VerifierOfferControllerGetOfferResponses[keyof VerifierOfferControllerGetOfferResponses];
 type StorageControllerUploadData = {
-    /**
-     * List of cats
-     */
     body: FileUploadDto;
     path?: never;
     query?: never;
@@ -3430,4 +3827,4 @@ type StorageControllerUploadResponses = {
 };
 type StorageControllerUploadResponse = StorageControllerUploadResponses[keyof StorageControllerUploadResponses];
 
-export type { ClientControllerGetClientResponses as $, AllowListPolicy as A, CacheControllerClearStatusListCacheData as B, CacheControllerClearAllCachesData as C, CacheControllerClearStatusListCacheResponse as D, CacheControllerClearStatusListCacheResponses as E, CacheControllerClearTrustListCacheData as F, CacheControllerClearTrustListCacheResponse as G, CacheControllerClearTrustListCacheResponses as H, CacheControllerGetStatsData as I, CacheControllerGetStatsResponses as J, CertificateInfoDto as K, ChainedAsConfig as L, ChainedAsErrorResponseDto as M, ChainedAsParRequestDto as N, ChainedAsParResponseDto as O, ChainedAsTokenConfig as P, ChainedAsTokenRequestDto as Q, ChainedAsTokenResponseDto as R, Session as S, ClaimsQuery as T, ClientControllerCreateClientData as U, ClientControllerCreateClientResponse as V, ClientControllerCreateClientResponses as W, ClientControllerDeleteClientData as X, ClientControllerDeleteClientResponses as Y, ClientControllerGetClientData as Z, ClientControllerGetClientResponse as _, ApiKeyConfig as a, EmbeddedDisclosurePolicy as a$, ClientControllerGetClientSecretData as a0, ClientControllerGetClientSecretResponse as a1, ClientControllerGetClientSecretResponses as a2, ClientControllerGetClientsData as a3, ClientControllerGetClientsResponse as a4, ClientControllerGetClientsResponses as a5, ClientControllerRotateClientSecretData as a6, ClientControllerRotateClientSecretResponse as a7, ClientControllerRotateClientSecretResponses as a8, ClientControllerUpdateClientData as a9, CredentialConfigControllerUpdateCredentialConfigurationData as aA, CredentialConfigControllerUpdateCredentialConfigurationResponse as aB, CredentialConfigControllerUpdateCredentialConfigurationResponses as aC, CredentialConfigCreate as aD, CredentialConfigUpdate as aE, CredentialOfferControllerGetOfferData as aF, CredentialOfferControllerGetOfferResponse as aG, CredentialOfferControllerGetOfferResponses as aH, CredentialQuery as aI, CredentialSetQuery as aJ, Dcql as aK, DeferredControllerCompleteDeferredData as aL, DeferredControllerCompleteDeferredErrors as aM, DeferredControllerCompleteDeferredResponse as aN, DeferredControllerCompleteDeferredResponses as aO, DeferredControllerFailDeferredData as aP, DeferredControllerFailDeferredErrors as aQ, DeferredControllerFailDeferredResponse as aR, DeferredControllerFailDeferredResponses as aS, DeferredCredentialRequestDto as aT, DeferredOperationResponse as aU, Display as aV, DisplayImage as aW, DisplayInfo as aX, DisplayLogo as aY, EcJwk as aZ, EcPublic as a_, ClientControllerUpdateClientResponse as aa, ClientControllerUpdateClientResponses as ab, ClientCredentialsDto as ac, ClientEntity as ad, ClientOptions as ae, ClientSecretResponseDto as af, CompleteDeferredDto as ag, CreateAccessCertificateDto as ah, CreateAttributeProviderDto as ai, CreateClientDto as aj, CreateRegistrarConfigDto as ak, CreateStatusListDto as al, CreateTenantDto as am, CreateWebhookEndpointDto as an, CredentialConfig as ao, CredentialConfigControllerDeleteIssuanceConfigurationData as ap, CredentialConfigControllerDeleteIssuanceConfigurationResponses as aq, CredentialConfigControllerGetConfigByIdData as ar, CredentialConfigControllerGetConfigByIdResponse as as, CredentialConfigControllerGetConfigByIdResponses as at, CredentialConfigControllerGetConfigsData as au, CredentialConfigControllerGetConfigsResponse as av, CredentialConfigControllerGetConfigsResponses as aw, CredentialConfigControllerStoreCredentialConfigurationData as ax, CredentialConfigControllerStoreCredentialConfigurationResponse as ay, CredentialConfigControllerStoreCredentialConfigurationResponses as az, AppControllerGetVersionData as b, PolicyCredential as b$, ExportEcJwk as b0, ExportRotationPolicyDto as b1, ExternalTrustListEntity as b2, FailDeferredDto as b3, FileUploadDto as b4, IaeActionOpenid4VpPresentation as b5, IaeActionRedirectToWeb as b6, ImportTenantDto as b7, InteractiveAuthorizationCodeResponseDto as b8, InteractiveAuthorizationErrorResponseDto as b9, KeyChainControllerGetByIdResponse as bA, KeyChainControllerGetByIdResponses as bB, KeyChainControllerGetProvidersData as bC, KeyChainControllerGetProvidersResponse as bD, KeyChainControllerGetProvidersResponses as bE, KeyChainControllerImportData as bF, KeyChainControllerImportResponses as bG, KeyChainControllerRotateData as bH, KeyChainControllerRotateErrors as bI, KeyChainControllerRotateResponses as bJ, KeyChainControllerUpdateData as bK, KeyChainControllerUpdateErrors as bL, KeyChainControllerUpdateResponses as bM, KeyChainCreateDto as bN, KeyChainEntity as bO, KeyChainExportDto as bP, KeyChainImportDto as bQ, KeyChainResponseDto as bR, KeyChainUpdateDto as bS, KmsProviderCapabilitiesDto as bT, KmsProviderInfoDto as bU, KmsProvidersResponseDto as bV, NoneTrustPolicy as bW, NotificationRequestDto as bX, OfferRequestDto as bY, OfferResponse as bZ, ParResponseDto as b_, InteractiveAuthorizationRequestDto as ba, InternalTrustListEntity as bb, IssuanceConfig as bc, IssuanceConfigControllerGetIssuanceConfigurationsData as bd, IssuanceConfigControllerGetIssuanceConfigurationsResponse as be, IssuanceConfigControllerGetIssuanceConfigurationsResponses as bf, IssuanceConfigControllerStoreIssuanceConfigurationData as bg, IssuanceConfigControllerStoreIssuanceConfigurationResponse as bh, IssuanceConfigControllerStoreIssuanceConfigurationResponses as bi, IssuanceDto as bj, IssuerMetadataCredentialConfig as bk, JwksResponseDto as bl, KeyChainControllerCreateData as bm, KeyChainControllerCreateResponses as bn, KeyChainControllerDeleteData as bo, KeyChainControllerDeleteErrors as bp, KeyChainControllerDeleteResponses as bq, KeyChainControllerExportData as br, KeyChainControllerExportErrors as bs, KeyChainControllerExportResponse as bt, KeyChainControllerExportResponses as bu, KeyChainControllerGetAllData as bv, KeyChainControllerGetAllResponse as bw, KeyChainControllerGetAllResponses as bx, KeyChainControllerGetByIdData as by, KeyChainControllerGetByIdErrors as bz, AppControllerGetVersionResponses as c, SessionControllerGetSessionLogsData as c$, PresentationAttachment as c0, PresentationConfig as c1, PresentationConfigCreateDto as c2, PresentationConfigUpdateDto as c3, PresentationDuringIssuanceConfig as c4, PresentationManagementControllerConfigurationData as c5, PresentationManagementControllerConfigurationResponse as c6, PresentationManagementControllerConfigurationResponses as c7, PresentationManagementControllerDeleteConfigurationData as c8, PresentationManagementControllerDeleteConfigurationResponses as c9, RegistrarControllerGetConfigResponses as cA, RegistrarControllerUpdateConfigData as cB, RegistrarControllerUpdateConfigErrors as cC, RegistrarControllerUpdateConfigResponse as cD, RegistrarControllerUpdateConfigResponses as cE, RegistrationCertificateRequest as cF, RoleDto as cG, RootOfTrustPolicy as cH, RotationPolicyCreateDto as cI, RotationPolicyImportDto as cJ, RotationPolicyResponseDto as cK, RotationPolicyUpdateDto as cL, SchemaResponse as cM, SessionConfigControllerGetConfigData as cN, SessionConfigControllerGetConfigResponse as cO, SessionConfigControllerGetConfigResponses as cP, SessionConfigControllerResetConfigData as cQ, SessionConfigControllerResetConfigResponses as cR, SessionConfigControllerUpdateConfigData as cS, SessionConfigControllerUpdateConfigResponse as cT, SessionConfigControllerUpdateConfigResponses as cU, SessionControllerDeleteSessionData as cV, SessionControllerDeleteSessionResponses as cW, SessionControllerGetAllSessionsData as cX, SessionControllerGetAllSessionsResponse as cY, SessionControllerGetAllSessionsResponses as cZ, SessionControllerGetSessionData as c_, PresentationManagementControllerGetConfigurationData as ca, PresentationManagementControllerGetConfigurationResponse as cb, PresentationManagementControllerGetConfigurationResponses as cc, PresentationManagementControllerStorePresentationConfigData as cd, PresentationManagementControllerStorePresentationConfigResponse as ce, PresentationManagementControllerStorePresentationConfigResponses as cf, PresentationManagementControllerUpdateConfigurationData as cg, PresentationManagementControllerUpdateConfigurationResponse as ch, PresentationManagementControllerUpdateConfigurationResponses as ci, PresentationRequest as cj, PublicKeyInfoDto as ck, RegistrarConfigEntity as cl, RegistrarControllerCreateAccessCertificateData as cm, RegistrarControllerCreateAccessCertificateErrors as cn, RegistrarControllerCreateAccessCertificateResponse as co, RegistrarControllerCreateAccessCertificateResponses as cp, RegistrarControllerCreateConfigData as cq, RegistrarControllerCreateConfigErrors as cr, RegistrarControllerCreateConfigResponse as cs, RegistrarControllerCreateConfigResponses as ct, RegistrarControllerDeleteConfigData as cu, RegistrarControllerDeleteConfigResponse as cv, RegistrarControllerDeleteConfigResponses as cw, RegistrarControllerGetConfigData as cx, RegistrarControllerGetConfigErrors as cy, RegistrarControllerGetConfigResponse as cz, AttestationBasedPolicy as d, TrustListControllerCreateTrustListResponses as d$, SessionControllerGetSessionLogsResponse as d0, SessionControllerGetSessionLogsResponses as d1, SessionControllerGetSessionResponse as d2, SessionControllerGetSessionResponses as d3, SessionControllerRevokeAllData as d4, SessionControllerRevokeAllResponses as d5, SessionEventsControllerSubscribeToSessionEventsData as d6, SessionEventsControllerSubscribeToSessionEventsResponses as d7, SessionLogEntryResponseDto as d8, SessionStorageConfig as d9, StatusListManagementControllerUpdateListResponse as dA, StatusListManagementControllerUpdateListResponses as dB, StatusListResponseDto as dC, StatusUpdateDto as dD, StorageControllerUploadData as dE, StorageControllerUploadResponse as dF, StorageControllerUploadResponses as dG, TenantControllerDeleteTenantData as dH, TenantControllerDeleteTenantResponses as dI, TenantControllerGetTenantData as dJ, TenantControllerGetTenantResponse as dK, TenantControllerGetTenantResponses as dL, TenantControllerGetTenantsData as dM, TenantControllerGetTenantsResponse as dN, TenantControllerGetTenantsResponses as dO, TenantControllerInitTenantData as dP, TenantControllerInitTenantResponse as dQ, TenantControllerInitTenantResponses as dR, TenantControllerUpdateTenantData as dS, TenantControllerUpdateTenantResponse as dT, TenantControllerUpdateTenantResponses as dU, TenantEntity as dV, TokenResponse as dW, TransactionData as dX, TrustList as dY, TrustListControllerCreateTrustListData as dZ, TrustListControllerCreateTrustListResponse as d_, StatusListAggregationDto as da, StatusListConfig as db, StatusListConfigControllerGetConfigData as dc, StatusListConfigControllerGetConfigResponse as dd, StatusListConfigControllerGetConfigResponses as de, StatusListConfigControllerResetConfigData as df, StatusListConfigControllerResetConfigResponse as dg, StatusListConfigControllerResetConfigResponses as dh, StatusListConfigControllerUpdateConfigData as di, StatusListConfigControllerUpdateConfigResponse as dj, StatusListConfigControllerUpdateConfigResponses as dk, StatusListImportDto as dl, StatusListManagementControllerCreateListData as dm, StatusListManagementControllerCreateListResponse as dn, StatusListManagementControllerCreateListResponses as dp, StatusListManagementControllerDeleteListData as dq, StatusListManagementControllerDeleteListResponse as dr, StatusListManagementControllerDeleteListResponses as ds, StatusListManagementControllerGetListData as dt, StatusListManagementControllerGetListResponse as du, StatusListManagementControllerGetListResponses as dv, StatusListManagementControllerGetListsData as dw, StatusListManagementControllerGetListsResponse as dx, StatusListManagementControllerGetListsResponses as dy, StatusListManagementControllerUpdateListData as dz, AttributeProviderControllerCreateData as e, TrustListControllerDeleteTrustListData as e0, TrustListControllerDeleteTrustListResponses as e1, TrustListControllerExportTrustListData as e2, TrustListControllerExportTrustListResponse as e3, TrustListControllerExportTrustListResponses as e4, TrustListControllerGetAllTrustListsData as e5, TrustListControllerGetAllTrustListsResponse as e6, TrustListControllerGetAllTrustListsResponses as e7, TrustListControllerGetTrustListData as e8, TrustListControllerGetTrustListResponse as e9, VerifierOfferControllerGetOfferResponses as eA, WebHookAuthConfigHeader as eB, WebHookAuthConfigNone as eC, WebhookConfig as eD, WebhookEndpointControllerCreateData as eE, WebhookEndpointControllerCreateResponses as eF, WebhookEndpointControllerDeleteData as eG, WebhookEndpointControllerDeleteErrors as eH, WebhookEndpointControllerDeleteResponses as eI, WebhookEndpointControllerGetAllData as eJ, WebhookEndpointControllerGetAllResponses as eK, WebhookEndpointControllerGetByIdData as eL, WebhookEndpointControllerGetByIdErrors as eM, WebhookEndpointControllerGetByIdResponses as eN, WebhookEndpointControllerUpdateData as eO, WebhookEndpointControllerUpdateErrors as eP, WebhookEndpointControllerUpdateResponses as eQ, WebhookEndpointEntity as eR, TrustListControllerGetTrustListResponses as ea, TrustListControllerGetTrustListVersionData as eb, TrustListControllerGetTrustListVersionResponse as ec, TrustListControllerGetTrustListVersionResponses as ed, TrustListControllerGetTrustListVersionsData as ee, TrustListControllerGetTrustListVersionsResponse as ef, TrustListControllerGetTrustListVersionsResponses as eg, TrustListControllerUpdateTrustListData as eh, TrustListControllerUpdateTrustListResponse as ei, TrustListControllerUpdateTrustListResponses as ej, TrustListCreateDto as ek, TrustListEntityInfo as el, TrustListVersion as em, TrustedAuthorityQuery as en, UpdateAttributeProviderDto as eo, UpdateClientDto as ep, UpdateRegistrarConfigDto as eq, UpdateSessionConfigDto as er, UpdateStatusListConfigDto as es, UpdateStatusListDto as et, UpdateTenantDto as eu, UpdateWebhookEndpointDto as ev, UpstreamOidcConfig as ew, Vct as ex, VerifierOfferControllerGetOfferData as ey, VerifierOfferControllerGetOfferResponse as ez, AttributeProviderControllerCreateResponses as f, AttributeProviderControllerDeleteData as g, AttributeProviderControllerDeleteErrors as h, AttributeProviderControllerDeleteResponses as i, AttributeProviderControllerGetAllData as j, AttributeProviderControllerGetAllResponses as k, AttributeProviderControllerGetByIdData as l, AttributeProviderControllerGetByIdErrors as m, AttributeProviderControllerGetByIdResponses as n, AttributeProviderControllerUpdateData as o, AttributeProviderControllerUpdateErrors as p, AttributeProviderControllerUpdateResponses as q, AttributeProviderEntity as r, AuthenticationMethodAuth as s, AuthenticationMethodNone as t, AuthenticationMethodPresentation as u, AuthenticationUrlConfig as v, AuthorizationResponse as w, AuthorizeQueries as x, CacheControllerClearAllCachesResponse as y, CacheControllerClearAllCachesResponses as z };
+export type { ClientControllerDeleteClientData as $, AllowListPolicy as A, AuthorizeQueries as B, CacheControllerClearAllCachesData as C, CacheControllerClearAllCachesResponse as D, CacheControllerClearAllCachesResponses as E, CacheControllerClearStatusListCacheData as F, CacheControllerClearStatusListCacheResponse as G, CacheControllerClearStatusListCacheResponses as H, CacheControllerClearTrustListCacheData as I, CacheControllerClearTrustListCacheResponse as J, CacheControllerClearTrustListCacheResponses as K, CacheControllerGetStatsData as L, CacheControllerGetStatsResponses as M, CertificateInfoDto as N, ChainedAsConfig as O, ChainedAsErrorResponseDto as P, ChainedAsParResponseDto as Q, ChainedAsTokenConfig as R, Session as S, ChainedAsTokenRequestDto as T, ChainedAsTokenResponseDto as U, ClaimDisplayInfo as V, ClaimMetadata as W, ClaimsQuery as X, ClientControllerCreateClientData as Y, ClientControllerCreateClientResponse as Z, ClientControllerCreateClientResponses as _, ApiKeyConfig as a, DisplayImage as a$, ClientControllerDeleteClientResponses as a0, ClientControllerGetClientData as a1, ClientControllerGetClientResponse as a2, ClientControllerGetClientResponses as a3, ClientControllerGetClientSecretData as a4, ClientControllerGetClientSecretResponse as a5, ClientControllerGetClientSecretResponses as a6, ClientControllerGetClientsData as a7, ClientControllerGetClientsResponse as a8, ClientControllerGetClientsResponses as a9, CredentialConfigControllerGetConfigsResponse as aA, CredentialConfigControllerGetConfigsResponses as aB, CredentialConfigControllerStoreCredentialConfigurationData as aC, CredentialConfigControllerStoreCredentialConfigurationResponse as aD, CredentialConfigControllerStoreCredentialConfigurationResponses as aE, CredentialConfigControllerUpdateCredentialConfigurationData as aF, CredentialConfigControllerUpdateCredentialConfigurationResponse as aG, CredentialConfigControllerUpdateCredentialConfigurationResponses as aH, CredentialConfigCreate as aI, CredentialConfigUpdate as aJ, CredentialOfferControllerGetOfferData as aK, CredentialOfferControllerGetOfferResponse as aL, CredentialOfferControllerGetOfferResponses as aM, CredentialQuery as aN, CredentialSetQuery as aO, Dcql as aP, DeferredControllerCompleteDeferredData as aQ, DeferredControllerCompleteDeferredErrors as aR, DeferredControllerCompleteDeferredResponse as aS, DeferredControllerCompleteDeferredResponses as aT, DeferredControllerFailDeferredData as aU, DeferredControllerFailDeferredErrors as aV, DeferredControllerFailDeferredResponse as aW, DeferredControllerFailDeferredResponses as aX, DeferredCredentialRequestDto as aY, DeferredOperationResponse as aZ, Display as a_, ClientControllerRotateClientSecretData as aa, ClientControllerRotateClientSecretResponse as ab, ClientControllerRotateClientSecretResponses as ac, ClientControllerUpdateClientData as ad, ClientControllerUpdateClientResponse as ae, ClientControllerUpdateClientResponses as af, ClientCredentialsDto as ag, ClientEntity as ah, ClientOptions as ai, ClientSecretResponseDto as aj, CompleteDeferredDto as ak, CreateAccessCertificateDto as al, CreateAttributeProviderDto as am, CreateClientDto as an, CreateRegistrarConfigDto as ao, CreateStatusListDto as ap, CreateTenantDto as aq, CreateUserDto as ar, CreateWebhookEndpointDto as as, CredentialConfig as at, CredentialConfigControllerDeleteIssuanceConfigurationData as au, CredentialConfigControllerDeleteIssuanceConfigurationResponses as av, CredentialConfigControllerGetConfigByIdData as aw, CredentialConfigControllerGetConfigByIdResponse as ax, CredentialConfigControllerGetConfigByIdResponses as ay, CredentialConfigControllerGetConfigsData as az, AppControllerGetFrontendConfigData as b, KmsProviderCapabilitiesDto as b$, DisplayInfo as b0, DisplayLogo as b1, EcJwk as b2, EcPublic as b3, EmbeddedDisclosurePolicy as b4, ExportEcJwk as b5, ExportRotationPolicyDto as b6, ExternalTrustListEntity as b7, FailDeferredDto as b8, FileUploadDto as b9, KeyChainControllerExportErrors as bA, KeyChainControllerExportResponse as bB, KeyChainControllerExportResponses as bC, KeyChainControllerGetAllData as bD, KeyChainControllerGetAllResponse as bE, KeyChainControllerGetAllResponses as bF, KeyChainControllerGetByIdData as bG, KeyChainControllerGetByIdErrors as bH, KeyChainControllerGetByIdResponse as bI, KeyChainControllerGetByIdResponses as bJ, KeyChainControllerGetProvidersData as bK, KeyChainControllerGetProvidersResponse as bL, KeyChainControllerGetProvidersResponses as bM, KeyChainControllerImportData as bN, KeyChainControllerImportResponses as bO, KeyChainControllerRotateData as bP, KeyChainControllerRotateErrors as bQ, KeyChainControllerRotateResponses as bR, KeyChainControllerUpdateData as bS, KeyChainControllerUpdateErrors as bT, KeyChainControllerUpdateResponses as bU, KeyChainCreateDto as bV, KeyChainEntity as bW, KeyChainExportDto as bX, KeyChainImportDto as bY, KeyChainResponseDto as bZ, KeyChainUpdateDto as b_, FrontendConfigResponseDto as ba, GrafanaConfigDto as bb, IaeActionOpenid4VpPresentation as bc, IaeActionRedirectToWeb as bd, ImportTenantDto as be, InteractiveAuthorizationCodeResponseDto as bf, InteractiveAuthorizationErrorResponseDto as bg, InteractiveAuthorizationRequestDto as bh, InternalTrustListEntity as bi, IssuanceConfig as bj, IssuanceConfigControllerGetIssuanceConfigurationsData as bk, IssuanceConfigControllerGetIssuanceConfigurationsResponse as bl, IssuanceConfigControllerGetIssuanceConfigurationsResponses as bm, IssuanceConfigControllerStoreIssuanceConfigurationData as bn, IssuanceConfigControllerStoreIssuanceConfigurationResponse as bo, IssuanceConfigControllerStoreIssuanceConfigurationResponses as bp, IssuanceDto as bq, IssuerMetadataCredentialConfig as br, JwksResponseDto as bs, KeyAttestationsRequired as bt, KeyChainControllerCreateData as bu, KeyChainControllerCreateResponses as bv, KeyChainControllerDeleteData as bw, KeyChainControllerDeleteErrors as bx, KeyChainControllerDeleteResponses as by, KeyChainControllerExportData as bz, AppControllerGetFrontendConfigResponse as c, ResolveIssuerMetadataDto as c$, KmsProviderInfoDto as c0, KmsProvidersResponseDto as c1, ManagedUserDto as c2, NoneTrustPolicy as c3, NotificationRequestDto as c4, Object$1 as c5, ObjectWritable as c6, OfferRequestDto as c7, OfferResponse as c8, ParResponseDto as c9, PresentationManagementControllerUpdateConfigurationResponses as cA, PresentationRequest as cB, PublicKeyInfoDto as cC, RegistrarConfigResponseDto as cD, RegistrarControllerCreateAccessCertificateData as cE, RegistrarControllerCreateAccessCertificateErrors as cF, RegistrarControllerCreateAccessCertificateResponse as cG, RegistrarControllerCreateAccessCertificateResponses as cH, RegistrarControllerCreateConfigData as cI, RegistrarControllerCreateConfigErrors as cJ, RegistrarControllerCreateConfigResponse as cK, RegistrarControllerCreateConfigResponses as cL, RegistrarControllerDeleteConfigData as cM, RegistrarControllerDeleteConfigResponse as cN, RegistrarControllerDeleteConfigResponses as cO, RegistrarControllerGetConfigData as cP, RegistrarControllerGetConfigErrors as cQ, RegistrarControllerGetConfigResponse as cR, RegistrarControllerGetConfigResponses as cS, RegistrarControllerUpdateConfigData as cT, RegistrarControllerUpdateConfigErrors as cU, RegistrarControllerUpdateConfigResponse as cV, RegistrarControllerUpdateConfigResponses as cW, RegistrationCertificateBody as cX, RegistrationCertificateDefaults as cY, RegistrationCertificatePurpose as cZ, RegistrationCertificateRequest as c_, PolicyCredential as ca, PresentationAttachment as cb, PresentationConfig as cc, PresentationConfigCreateDto as cd, PresentationConfigUpdateDto as ce, PresentationConfigWritable as cf, PresentationDuringIssuanceConfig as cg, PresentationManagementControllerConfigurationData as ch, PresentationManagementControllerConfigurationResponse as ci, PresentationManagementControllerConfigurationResponses as cj, PresentationManagementControllerDeleteConfigurationData as ck, PresentationManagementControllerDeleteConfigurationResponses as cl, PresentationManagementControllerGetConfigurationData as cm, PresentationManagementControllerGetConfigurationResponse as cn, PresentationManagementControllerGetConfigurationResponses as co, PresentationManagementControllerReissueRegistrationCertificateData as cp, PresentationManagementControllerReissueRegistrationCertificateErrors as cq, PresentationManagementControllerReissueRegistrationCertificateResponses as cr, PresentationManagementControllerResolveIssuerMetadataData as cs, PresentationManagementControllerResolveIssuerMetadataErrors as ct, PresentationManagementControllerResolveIssuerMetadataResponses as cu, PresentationManagementControllerStorePresentationConfigData as cv, PresentationManagementControllerStorePresentationConfigResponse as cw, PresentationManagementControllerStorePresentationConfigResponses as cx, PresentationManagementControllerUpdateConfigurationData as cy, PresentationManagementControllerUpdateConfigurationResponse as cz, AppControllerGetFrontendConfigResponses as d, StorageControllerUploadResponse as d$, RoleDto as d0, RootOfTrustPolicy as d1, RotationPolicyCreateDto as d2, RotationPolicyImportDto as d3, RotationPolicyResponseDto as d4, RotationPolicyUpdateDto as d5, SchemaResponse as d6, SessionConfigControllerGetConfigData as d7, SessionConfigControllerGetConfigResponse as d8, SessionConfigControllerGetConfigResponses as d9, StatusListConfigControllerGetConfigResponse as dA, StatusListConfigControllerGetConfigResponses as dB, StatusListConfigControllerResetConfigData as dC, StatusListConfigControllerResetConfigResponse as dD, StatusListConfigControllerResetConfigResponses as dE, StatusListConfigControllerUpdateConfigData as dF, StatusListConfigControllerUpdateConfigResponse as dG, StatusListConfigControllerUpdateConfigResponses as dH, StatusListImportDto as dI, StatusListManagementControllerCreateListData as dJ, StatusListManagementControllerCreateListResponse as dK, StatusListManagementControllerCreateListResponses as dL, StatusListManagementControllerDeleteListData as dM, StatusListManagementControllerDeleteListResponse as dN, StatusListManagementControllerDeleteListResponses as dO, StatusListManagementControllerGetListData as dP, StatusListManagementControllerGetListResponse as dQ, StatusListManagementControllerGetListResponses as dR, StatusListManagementControllerGetListsData as dS, StatusListManagementControllerGetListsResponse as dT, StatusListManagementControllerGetListsResponses as dU, StatusListManagementControllerUpdateListData as dV, StatusListManagementControllerUpdateListResponse as dW, StatusListManagementControllerUpdateListResponses as dX, StatusListResponseDto as dY, StatusUpdateDto as dZ, StorageControllerUploadData as d_, SessionConfigControllerResetConfigData as da, SessionConfigControllerResetConfigResponses as db, SessionConfigControllerUpdateConfigData as dc, SessionConfigControllerUpdateConfigResponse as dd, SessionConfigControllerUpdateConfigResponses as de, SessionControllerDeleteSessionData as df, SessionControllerDeleteSessionResponses as dg, SessionControllerGetAllSessionsData as dh, SessionControllerGetAllSessionsResponse as di, SessionControllerGetAllSessionsResponses as dj, SessionControllerGetSessionData as dk, SessionControllerGetSessionLogsData as dl, SessionControllerGetSessionLogsResponse as dm, SessionControllerGetSessionLogsResponses as dn, SessionControllerGetSessionResponse as dp, SessionControllerGetSessionResponses as dq, SessionControllerRevokeAllData as dr, SessionControllerRevokeAllResponses as ds, SessionEventsControllerSubscribeToSessionEventsData as dt, SessionEventsControllerSubscribeToSessionEventsResponses as du, SessionLogEntryResponseDto as dv, SessionStorageConfig as dw, StatusListAggregationDto as dx, StatusListConfig as dy, StatusListConfigControllerGetConfigData as dz, AppControllerGetVersionData as e, UserControllerGetUserResponses as e$, StorageControllerUploadResponses as e0, TenantControllerDeleteTenantData as e1, TenantControllerDeleteTenantResponses as e2, TenantControllerGetTenantData as e3, TenantControllerGetTenantResponse as e4, TenantControllerGetTenantResponses as e5, TenantControllerGetTenantsData as e6, TenantControllerGetTenantsResponse as e7, TenantControllerGetTenantsResponses as e8, TenantControllerInitTenantData as e9, TrustListControllerGetTrustListVersionsData as eA, TrustListControllerGetTrustListVersionsResponse as eB, TrustListControllerGetTrustListVersionsResponses as eC, TrustListControllerUpdateTrustListData as eD, TrustListControllerUpdateTrustListResponse as eE, TrustListControllerUpdateTrustListResponses as eF, TrustListCreateDto as eG, TrustListEntityInfo as eH, TrustListVersion as eI, TrustedAuthorityQuery as eJ, UpdateAttributeProviderDto as eK, UpdateClientDto as eL, UpdateRegistrarConfigDto as eM, UpdateSessionConfigDto as eN, UpdateStatusListConfigDto as eO, UpdateStatusListDto as eP, UpdateTenantDto as eQ, UpdateUserDto as eR, UpdateWebhookEndpointDto as eS, UpstreamOidcConfig as eT, UserControllerCreateUserData as eU, UserControllerCreateUserResponse as eV, UserControllerCreateUserResponses as eW, UserControllerDeleteUserData as eX, UserControllerDeleteUserResponses as eY, UserControllerGetUserData as eZ, UserControllerGetUserResponse as e_, TenantControllerInitTenantResponse as ea, TenantControllerInitTenantResponses as eb, TenantControllerUpdateTenantData as ec, TenantControllerUpdateTenantResponse as ed, TenantControllerUpdateTenantResponses as ee, TenantEntity as ef, TokenResponse as eg, TransactionData as eh, TrustList as ei, TrustListControllerCreateTrustListData as ej, TrustListControllerCreateTrustListResponse as ek, TrustListControllerCreateTrustListResponses as el, TrustListControllerDeleteTrustListData as em, TrustListControllerDeleteTrustListResponses as en, TrustListControllerExportTrustListData as eo, TrustListControllerExportTrustListResponse as ep, TrustListControllerExportTrustListResponses as eq, TrustListControllerGetAllTrustListsData as er, TrustListControllerGetAllTrustListsResponse as es, TrustListControllerGetAllTrustListsResponses as et, TrustListControllerGetTrustListData as eu, TrustListControllerGetTrustListResponse as ev, TrustListControllerGetTrustListResponses as ew, TrustListControllerGetTrustListVersionData as ex, TrustListControllerGetTrustListVersionResponse as ey, TrustListControllerGetTrustListVersionResponses as ez, AppControllerGetVersionResponses as f, UserControllerGetUsersData as f0, UserControllerGetUsersResponse as f1, UserControllerGetUsersResponses as f2, UserControllerUpdateUserData as f3, UserControllerUpdateUserResponse as f4, UserControllerUpdateUserResponses as f5, Vct as f6, VerifierOfferControllerGetOfferData as f7, VerifierOfferControllerGetOfferResponse as f8, VerifierOfferControllerGetOfferResponses as f9, WebHookAuthConfigHeader as fa, WebHookAuthConfigNone as fb, WebhookConfig as fc, WebhookEndpointControllerCreateData as fd, WebhookEndpointControllerCreateResponses as fe, WebhookEndpointControllerDeleteData as ff, WebhookEndpointControllerDeleteErrors as fg, WebhookEndpointControllerDeleteResponses as fh, WebhookEndpointControllerGetAllData as fi, WebhookEndpointControllerGetAllResponse as fj, WebhookEndpointControllerGetAllResponses as fk, WebhookEndpointControllerGetByIdData as fl, WebhookEndpointControllerGetByIdErrors as fm, WebhookEndpointControllerGetByIdResponses as fn, WebhookEndpointControllerUpdateData as fo, WebhookEndpointControllerUpdateErrors as fp, WebhookEndpointControllerUpdateResponses as fq, WebhookEndpointEntity as fr, AttestationBasedPolicy as g, AttributeProviderControllerCreateData as h, AttributeProviderControllerCreateResponses as i, AttributeProviderControllerDeleteData as j, AttributeProviderControllerDeleteErrors as k, AttributeProviderControllerDeleteResponses as l, AttributeProviderControllerGetAllData as m, AttributeProviderControllerGetAllResponses as n, AttributeProviderControllerGetByIdData as o, AttributeProviderControllerGetByIdErrors as p, AttributeProviderControllerGetByIdResponses as q, AttributeProviderControllerUpdateData as r, AttributeProviderControllerUpdateErrors as s, AttributeProviderControllerUpdateResponses as t, AttributeProviderEntity as u, AuthenticationMethodAuth as v, AuthenticationMethodNone as w, AuthenticationMethodPresentation as x, AuthenticationUrlConfig as y, AuthorizationResponse as z };