Current Code State

I noticed that "password".into() and "otp".into() are spread around the code when creating credentials
Is it considered to replace these with constants (which could be nested in a CredentialType namespace) or an enum ?
I believe serde provides deserialization spec for enums as well

Benefits

Typo protection, well defined credential types