src/issuer/issuance/oid4vci/chained-as/entities/chained-as-session.entity.ts
Entity for storing Chained AS session state. Tracks the flow from PAR → authorize → upstream callback → token issuance.
Properties |
|
| Optional accessTokenJti |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
The access token issued to the wallet (for later reference). |
| Optional authorizationCode |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
Authorization code we issue to the wallet (after upstream callback). |
| Optional authorizationCodeExpiresAt |
Type : Date
|
Decorators :
@Column({nullable: true})
|
|
Expiration time for the authorization code. |
| Optional authorizationDetails |
Type : Record<string, unknown>[]
|
Decorators :
@Column('json', {nullable: true})
|
|
Authorization details from the wallet request (JSON). |
| clientId |
Type : string
|
Decorators :
@Column('varchar')
|
|
Client ID from the wallet's PAR request. |
| Optional codeChallenge |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
PKCE code challenge from the wallet's PAR request. |
| Optional codeChallengeMethod |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
PKCE code challenge method from the wallet's PAR request. |
| createdAt |
Type : Date
|
Decorators :
@CreateDateColumn()
|
|
Timestamp when the session was created. |
| Optional dpopJkt |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
DPoP JWK thumbprint if DPoP was used in PAR. |
| expiresAt |
Type : Date
|
Decorators :
@Column()
|
|
Session expiration time. |
| id |
Type : string
|
Decorators :
@PrimaryColumn('uuid')
|
|
The session ID (used as request_uri parameter in PAR response). |
| issuerState |
Type : string
|
Decorators :
@Column('varchar')
|
|
The issuer_state that will be included in the issued token. This links the token to the credential offer session. |
| redirectUri |
Type : string
|
Decorators :
@Column('varchar')
|
|
Redirect URI from the wallet's PAR request. |
| Optional scope |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
Scope requested by the wallet. |
| status |
Type : ChainedAsSessionStatus
|
Decorators :
@Column({type: 'varchar', default: undefined})
|
|
Current status of the session. |
| tenantId |
Type : string
|
Decorators :
@Column('varchar')
|
|
The tenant ID this session belongs to. |
| updatedAt |
Type : Date
|
Decorators :
@UpdateDateColumn()
|
|
Timestamp when the session was last updated. |
| Optional upstreamAccessTokenClaims |
Type : Record<string | unknown>
|
Decorators :
@Column('json', {nullable: true})
|
|
Access token claims received from upstream OIDC. |
| Optional upstreamCodeVerifier |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
PKCE verifier we use for the upstream OIDC request. |
| Optional upstreamIdTokenClaims |
Type : Record<string | unknown>
|
Decorators :
@Column('json', {nullable: true})
|
|
ID token claims received from upstream OIDC (for user info). |
| Optional upstreamNonce |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
Nonce we send to the upstream OIDC provider. |
| Optional upstreamState |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
State parameter we generate for the upstream OIDC request. |
| Optional walletState |
Type : string
|
Decorators :
@Column('varchar', {nullable: true})
|
|
State parameter from the wallet's PAR request (returned in redirect). |
import {
Column,
CreateDateColumn,
Entity,
PrimaryColumn,
UpdateDateColumn,
} from "typeorm";
/**
* Status of a Chained AS session.
*/
export enum ChainedAsSessionStatus {
/** Initial PAR request received, waiting for authorize */
PENDING_AUTHORIZE = "pending_authorize",
/** User redirected to upstream OIDC provider */
PENDING_UPSTREAM_CALLBACK = "pending_upstream_callback",
/** Upstream auth completed, token can be issued */
AUTHORIZED = "authorized",
/** Token has been issued */
TOKEN_ISSUED = "token_issued",
/** Session expired or cancelled */
EXPIRED = "expired",
}
/**
* Entity for storing Chained AS session state.
* Tracks the flow from PAR → authorize → upstream callback → token issuance.
*/
@Entity("chained_as_session")
export class ChainedAsSessionEntity {
/**
* The session ID (used as request_uri parameter in PAR response).
*/
@PrimaryColumn("uuid")
id!: string;
/**
* The tenant ID this session belongs to.
*/
@Column("varchar")
tenantId!: string;
/**
* Current status of the session.
*/
@Column({
type: "varchar",
default: ChainedAsSessionStatus.PENDING_AUTHORIZE,
})
status!: ChainedAsSessionStatus;
/**
* The issuer_state that will be included in the issued token.
* This links the token to the credential offer session.
*/
@Column("varchar")
issuerState!: string;
/**
* Client ID from the wallet's PAR request.
*/
@Column("varchar")
clientId!: string;
/**
* Redirect URI from the wallet's PAR request.
*/
@Column("varchar")
redirectUri!: string;
/**
* PKCE code challenge from the wallet's PAR request.
*/
@Column("varchar", { nullable: true })
codeChallenge?: string;
/**
* PKCE code challenge method from the wallet's PAR request.
*/
@Column("varchar", { nullable: true })
codeChallengeMethod?: string;
/**
* State parameter from the wallet's PAR request (returned in redirect).
*/
@Column("varchar", { nullable: true })
walletState?: string;
/**
* Scope requested by the wallet.
*/
@Column("varchar", { nullable: true })
scope?: string;
/**
* Authorization details from the wallet request (JSON).
*/
@Column("json", { nullable: true })
authorizationDetails?: Record<string, unknown>[];
/**
* DPoP JWK thumbprint if DPoP was used in PAR.
*/
@Column("varchar", { nullable: true })
dpopJkt?: string;
/**
* State parameter we generate for the upstream OIDC request.
*/
@Column("varchar", { nullable: true })
upstreamState?: string;
/**
* Nonce we send to the upstream OIDC provider.
*/
@Column("varchar", { nullable: true })
upstreamNonce?: string;
/**
* PKCE verifier we use for the upstream OIDC request.
*/
@Column("varchar", { nullable: true })
upstreamCodeVerifier?: string;
/**
* ID token claims received from upstream OIDC (for user info).
*/
@Column("json", { nullable: true })
upstreamIdTokenClaims?: Record<string, unknown>;
/**
* Access token claims received from upstream OIDC.
*/
@Column("json", { nullable: true })
upstreamAccessTokenClaims?: Record<string, unknown>;
/**
* Authorization code we issue to the wallet (after upstream callback).
*/
@Column("varchar", { nullable: true })
authorizationCode?: string;
/**
* Expiration time for the authorization code.
*/
@Column({ nullable: true })
authorizationCodeExpiresAt?: Date;
/**
* The access token issued to the wallet (for later reference).
*/
@Column("varchar", { nullable: true })
accessTokenJti?: string;
/**
* Timestamp when the session was created.
*/
@CreateDateColumn()
createdAt!: Date;
/**
* Timestamp when the session was last updated.
*/
@UpdateDateColumn()
updatedAt!: Date;
/**
* Session expiration time.
*/
@Column()
expiresAt!: Date;
}