connectors

The server employs robust cryptographic practices, utilizing jwcrypto, cryptography, DIDKit, and AWS KMS for secure key management and signing operations. It adheres to various identity standards (DID, OIDC4VCI/P, SD-JWT). Authentication methods are layered, supporting PATs, OAuth2 client credentials, and OAuth2 private_key_jwt. Sensitive configuration parameters and API keys (e.g., SMTP password, Agntcy keys, OpenAI key) are loaded from a `keys.json` file, which is common for development but requires proper secret management (e.g., environment variables or a dedicated secret store) in production environments. Input validation for certain API calls is present, but general JSON parsing (e.g., credential offers) might warrant additional scrutiny for edge cases. External DID resolution and API calls are made to trusted services, minimizing direct SSRF risk, but dependencies on external resolvers should be noted.