@eudiplo/backend documentation
  1. Entities
  2. InteractiveAuthSessionEntity

File

src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts

Description

Entity for tracking interactive authorization sessions.

The Interactive Authorization Endpoint (IAE) enables credential issuance with additional interaction steps, such as verifiable presentation requests. This entity stores the session state between the initial request and follow-up.

Index

Properties

Properties

Optional authorizationCode
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:199

Authorization code once issued.
Optional authorizationDetails
Type : string
Decorators :
@Column('text', {nullable: true, transformer: EncryptedStringTransformer})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:131

Authorization details as JSON string. Encrypted at rest.
authSession
Type : string
Decorators :
@Column('uuid')
@Index()
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:68

The auth session identifier returned to the client. Used to correlate follow-up requests.
clientId
Type : string
Decorators :
@Column('varchar')
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:87

The client identifier from the initial request.
Optional codeChallenge
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:105

PKCE code challenge for redirect_to_web flow.
Optional codeChallengeMethod
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:111

PKCE code challenge method (e.g., 'S256').
Optional completedStepsData
Type : string
Decorators :
@Column('text', {nullable: true, transformer: EncryptedStringTransformer})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:193

Completed steps data as JSON string. Contains results from each completed step (presentations, web auth results). Encrypted at rest - may contain personal information.
createdAt
Type : Date
Decorators :
@CreateDateColumn()
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:211

Timestamp when the entity was created.
currentStepIndex
Type : number
Decorators :
@Column('int', {default: 0})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:185

Current step index in the IAE actions sequence (0-based). Incremented after each step completes successfully.
Optional dpopJwk
Type : string
Decorators :
@Column('text', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:143

DPoP JWK as JSON string, if provided.
expiresAt
Type : Date
Decorators :
@Column()
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:205

Session expiration time.
Optional iaeActions
Type : string
Decorators :
@Column('text', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:178

IAE actions configuration as JSON string. Stores the list of actions to execute for this session.
id
Type : string
Decorators :
@PrimaryGeneratedColumn('uuid')
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:60

Auto-generated primary key.
interactionTypesSupported
Type : string
Decorators :
@Column('varchar')
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:137

Comma-separated list of supported interaction types.
Optional issuerState
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:118

Issuer state from credential offer, if provided. Links this IAE session to a credential offer session.
Optional parExpiresAt
Type : Date
Decorators :
@Column({nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:164

PAR request expiration time.
Optional presentationData
Type : string
Decorators :
@Column('text', {nullable: true, transformer: EncryptedStringTransformer})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:171

OpenID4VP presentation data as JSON string. Encrypted at rest - contains personal information.
Optional redirectUri
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:93

Redirect URI from the initial request.
Optional requestUri
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:158

Request URI for PAR-based redirect_to_web flow.
Optional scope
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:99

OAuth scope from the initial request.
Optional state
Type : string
Decorators :
@Column('varchar', {nullable: true})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:124

Client state parameter.
status
Type : string
Decorators :
@Column({type: 'varchar', default: undefined})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:152

Current status of the session.
tenant
Type : TenantEntity
Decorators :
@ManyToOne(undefined, {cascade: true, onDelete: 'CASCADE'})
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:81

The tenant that owns this session.
tenantId
Type : string
Decorators :
@Column('varchar')
@Index()
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:75

Tenant ID for multi-tenancy support.
updatedAt
Type : Date
Decorators :
@UpdateDateColumn()
Defined in src/issuer/issuance/oid4vci/entities/interactive-auth-session.entity.ts:217

Timestamp when the entity was last updated.

 
import {
    Column,
    CreateDateColumn,
    Entity,
    Index,
    ManyToOne,
    PrimaryGeneratedColumn,
    UpdateDateColumn,
} from "typeorm";
import { TenantEntity } from "../../../../auth/tenant/entitites/tenant.entity";
import { EncryptedStringTransformer } from "../../../../shared/utils/encryption";

/**
 * Status of an interactive authorization session.
 */
export enum InteractiveAuthSessionStatus {
    /**
     * Session created, waiting for interaction.
     */
    Pending = "pending",
    /**
     * OpenID4VP presentation received for current step.
     */
    PresentationReceived = "presentation_received",
    /**
     * Web authorization completed for current step.
     */
    WebAuthCompleted = "web_auth_completed",
    /**
     * All steps completed, ready to issue authorization code.
     */
    AllStepsCompleted = "all_steps_completed",
    /**
     * Authorization code issued.
     */
    CodeIssued = "code_issued",
    /**
     * Session expired.
     */
    Expired = "expired",
    /**
     * Session cancelled or failed.
     */
    Failed = "failed",
}

/**
 * Entity for tracking interactive authorization sessions.
 *
 * The Interactive Authorization Endpoint (IAE) enables credential issuance
 * with additional interaction steps, such as verifiable presentation requests.
 * This entity stores the session state between the initial request and follow-up.
 */
@Entity("interactive_auth_session")
export class InteractiveAuthSessionEntity {
    /**
     * Auto-generated primary key.
     */
    @PrimaryGeneratedColumn("uuid")
    id!: string;

    /**
     * The auth session identifier returned to the client.
     * Used to correlate follow-up requests.
     */
    @Column("uuid")
    @Index()
    authSession!: string;

    /**
     * Tenant ID for multi-tenancy support.
     */
    @Column("varchar")
    @Index()
    tenantId!: string;

    /**
     * The tenant that owns this session.
     */
    @ManyToOne(() => TenantEntity, { cascade: true, onDelete: "CASCADE" })
    tenant!: TenantEntity;

    /**
     * The client identifier from the initial request.
     */
    @Column("varchar")
    clientId!: string;

    /**
     * Redirect URI from the initial request.
     */
    @Column("varchar", { nullable: true })
    redirectUri?: string;

    /**
     * OAuth scope from the initial request.
     */
    @Column("varchar", { nullable: true })
    scope?: string;

    /**
     * PKCE code challenge for redirect_to_web flow.
     */
    @Column("varchar", { nullable: true })
    codeChallenge?: string;

    /**
     * PKCE code challenge method (e.g., 'S256').
     */
    @Column("varchar", { nullable: true })
    codeChallengeMethod?: string;

    /**
     * Issuer state from credential offer, if provided.
     * Links this IAE session to a credential offer session.
     */
    @Column("varchar", { nullable: true })
    issuerState?: string;

    /**
     * Client state parameter.
     */
    @Column("varchar", { nullable: true })
    state?: string;

    /**
     * Authorization details as JSON string.
     * Encrypted at rest.
     */
    @Column("text", { nullable: true, transformer: EncryptedStringTransformer })
    authorizationDetails?: string;

    /**
     * Comma-separated list of supported interaction types.
     */
    @Column("varchar")
    interactionTypesSupported!: string;

    /**
     * DPoP JWK as JSON string, if provided.
     */
    @Column("text", { nullable: true })
    dpopJwk?: string;

    /**
     * Current status of the session.
     */
    @Column({
        type: "varchar",
        default: InteractiveAuthSessionStatus.Pending,
    })
    status!: string;

    /**
     * Request URI for PAR-based redirect_to_web flow.
     */
    @Column("varchar", { nullable: true })
    requestUri?: string;

    /**
     * PAR request expiration time.
     */
    @Column({ nullable: true })
    parExpiresAt?: Date;

    /**
     * OpenID4VP presentation data as JSON string.
     * Encrypted at rest - contains personal information.
     */
    @Column("text", { nullable: true, transformer: EncryptedStringTransformer })
    presentationData?: string;

    /**
     * IAE actions configuration as JSON string.
     * Stores the list of actions to execute for this session.
     */
    @Column("text", { nullable: true })
    iaeActions?: string;

    /**
     * Current step index in the IAE actions sequence (0-based).
     * Incremented after each step completes successfully.
     */
    @Column("int", { default: 0 })
    currentStepIndex!: number;

    /**
     * Completed steps data as JSON string.
     * Contains results from each completed step (presentations, web auth results).
     * Encrypted at rest - may contain personal information.
     */
    @Column("text", { nullable: true, transformer: EncryptedStringTransformer })
    completedStepsData?: string;

    /**
     * Authorization code once issued.
     */
    @Column("varchar", { nullable: true })
    authorizationCode?: string;

    /**
     * Session expiration time.
     */
    @Column()
    expiresAt!: Date;

    /**
     * Timestamp when the entity was created.
     */
    @CreateDateColumn()
    createdAt!: Date;

    /**
     * Timestamp when the entity was last updated.
     */
    @UpdateDateColumn()
    updatedAt!: Date;
}

results matching ""

    No results matching ""