claim_state

Credentials move through a claim lifecycle independently of their anchoring state. When a credential is issued, claim_state starts as pending. A magic-link email goes out; when the recipient clicks, claim_state becomes claimed. If the tenant uses auto_claim, claim_state jumps directly to auto_claimed.

Other states: expired (the magic link timed out without being clicked — the tenant can regenerate), consumed (the link was used exactly once; LearnCoin's one-time-token policy keeps it invalid for replay). The expired + consumed states matter for audit trails: tenants can distinguish credentials that were genuinely received by the recipient from those that the system never confirmed.

claim_state is orthogonal to the credential's validity. A credential that's never claimed is still cryptographically signed and anchored; it's just that the recipient never actively acknowledged receipt. It will still verify in any Blockcerts tool.