Skip to content
BaseID Docs

baseid-issuer-core

High-level issuer business logic for BaseID. Provides credential template management, W3C VC JWT and SD-JWT VC issuance, OID4VCI credential offer/request handling, and BitstringStatusList revocation. The Issuer orchestrator ties all components together into a single facade.

Key Features

Section titled “Key Features”
  • Issuer Orchestrator — Single Issuer struct wrapping templates, signing, revocation, and OID4VCI in one facade
  • W3C VC JWT Issuanceissue_vc_jwt() builds and signs Verifiable Credentials with configurable types, claims, and validity
  • SD-JWT VC Issuanceissue_sd_jwt_vc() creates privacy-preserving credentials with selectively-disclosable claims
  • Credential TemplatesInMemoryTemplateStore for managing reusable credential schemas by ID
  • OID4VCI Integration — Generate issuer metadata, create credential offers, and handle credential requests
  • BitstringStatusList Revocation — Efficient bitstring-based credential revocation and suspension

Quick Start

Section titled “Quick Start”
use baseid_issuer_core::{Issuer, IssuerConfig};
use baseid_issuer_core::template::CredentialTemplate;
use baseid_core::types::{CredentialFormat, KeyType};
use baseid_crypto::KeyPair;


let kp = KeyPair::generate(KeyType::Ed25519)?;
let config = IssuerConfig {
    issuer_did: "did:key:zIssuer".to_string(),
    supported_formats: vec![CredentialFormat::W3cVc],
};


let issuer = Issuer::new(config, &kp, "did:key:zIssuer#key-0");


// Register a credential template
issuer.add_template(CredentialTemplate {
    id: "UniversityDegree".to_string(),
    name: "UniversityDegreeCredential".to_string(),
    format: CredentialFormat::W3cVc,
    schema: serde_json::json!({"type": "object"}),
});


// Issue a credential using the template
let jwt = issuer.issue_credential(
    "UniversityDegree",
    Some("did:key:zHolder"),
    serde_json::json!({"degree": "BSc Computer Science"}),
)?;
// jwt is a signed three-part JWT string

Issuance Functions

Section titled “Issuance Functions”

W3C VC JWT

Section titled “W3C VC JWT”
use baseid_issuer_core::issue::issue_vc_jwt;


let jwt = issue_vc_jwt(
    "did:key:issuer",          // issuer DID
    Some("did:key:holder"),    // subject DID (None for bearer)
    &["VerifiableCredential".into(), "Degree".into()],
    serde_json::json!({"name": "Alice", "degree": "BSc"}),
    &signer,
    "did:key:issuer#key-0",
    Some("2024-01-01T00:00:00Z"),  // valid_from
    None,                           // valid_until
)?;

SD-JWT VC

Section titled “SD-JWT VC”
use baseid_issuer_core::issue::issue_sd_jwt_vc;


let compact = issue_sd_jwt_vc(
    "did:key:issuer",
    Some("did:key:holder"),
    "CanadianDigitalID",       // vct (Verifiable Credential Type)
    serde_json::json!({"givenName": "Alice", "province": "Ontario"}),
    &signer,
    "did:key:issuer#key-0",
)?;
// compact is "jwt~disc1~disc2~" format with iss, vct, iat as plain claims

OID4VCI Integration

Section titled “OID4VCI Integration”
// Create a credential offer (for QR code or deep link)
let offer = issuer.create_offer(
    "https://issuer.example.com",
    vec!["UniversityDegree".to_string()],
    "pre-auth-code-123",
);


// Build issuer metadata (for .well-known endpoint)
let metadata = issuer.build_metadata("https://issuer.example.com");
// metadata.credential_endpoint == "https://issuer.example.com/credential"


// Handle a credential request end-to-end
let response = issuer.handle_request(
    "UniversityDegree",
    "did:key:holder",
    serde_json::json!({"degree": "BSc"}),
)?;
let jwt = response.first_credential().unwrap();

Revocation

Section titled “Revocation”
// Revoke a credential by its status list index
issuer.revoke_credential(42)?;


// Check revocation status
let status_list = &issuer.status_list;
assert!(status_list.get_status(42)?);   // revoked
assert!(!status_list.get_status(43)?);  // not revoked

Key Types

Section titled “Key Types”
TypeDescription
IssuerHigh-level orchestrator: templates + signing + revocation + OID4VCI
IssuerConfigIssuer DID and supported credential formats
CredentialTemplateReusable schema: id, name, format, JSON schema
InMemoryTemplateStoreThread-safe template store with add/get/list/remove
StatusListBitstringStatusList for revocation tracking by index

Issuance Functions

Section titled “Issuance Functions”
FunctionOutputDescription
issue_vc_jwt()JWT stringW3C VC as signed JWT
issue_sd_jwt_vc()SD-JWT compactSD-JWT VC with selective disclosure
handle_credential_request()CredentialResponseOID4VCI JWT-VC response
handle_credential_request_sd_jwt()CredentialResponseOID4VCI SD-JWT-VC response
Section titled “Related Crates”