src/issuer/configuration/issuance/entities/issuance-config.entity.ts
Entity to manage issuance configs
Properties |
|
| Optional authServers |
Type : string[]
|
Decorators :
@IsArray()
|
|
Authentication server URL for the issuance process. |
| Optional batchSize |
Type : number
|
Decorators :
@IsNumber()
|
|
Value to determine the amount of credentials that are issued in a batch. Default is 1. |
| Optional chainedAs |
Type : ChainedAsConfig | null
|
Decorators :
@ApiPropertyOptional({type: () => ChainedAsConfig})
|
|
Configuration for Chained Authorization Server mode. When enabled, EUDIPLO acts as an OAuth AS facade, delegating user authentication to an upstream OIDC provider while issuing its own tokens with issuer_state. |
| createdAt |
Type : Date
|
Decorators :
@CreateDateColumn()
|
|
The timestamp when the VP request was created. |
| display |
Type : DisplayInfo[]
|
Decorators :
@ValidateNested({each: true})
|
| Optional dPopRequired |
Type : boolean
|
Decorators :
@IsBoolean()
|
|
Indicates whether DPoP is required for the issuance process. Default value is true. |
| Optional preferredAuthServer |
Type : string
|
Decorators :
@IsOptional()
|
|
The URL of the preferred authorization server for wallet-initiated flows.
When set, this AS is placed first in the |
| Optional refreshTokenEnabled |
Type : boolean
|
Decorators :
@ApiPropertyOptional({description: 'Whether refresh tokens should be issued for OID4VCI token responses.', default: true})
|
|
Whether to issue refresh tokens for access token requests. Default: true |
| Optional refreshTokenExpiresInSeconds |
Type : number
|
Decorators :
@ApiPropertyOptional({description: 'Refresh token lifetime in seconds. Defaults to 2592000 (30 days).', default: 2592000, nullable: true})
|
|
Lifetime of issued refresh tokens in seconds. Default: 2592000 (30 days) Set to null for non-expiring refresh tokens (not recommended for security). |
| Optional signingKeyId |
Type : string
|
Decorators :
@ApiPropertyOptional({description: 'Key ID for signing access tokens. If unset, the default signing key is used.'})
|
|
Optional key ID to use for signing access tokens. Must reference an existing key managed by the key service. If not set, the first available signing key for the tenant is used. |
| tenant |
Type : TenantEntity
|
Decorators :
@ManyToOne(undefined, {cascade: true, onDelete: 'CASCADE'})
|
|
The tenant that owns this object. |
| tenantId |
Type : string
|
Decorators :
@ApiHideProperty()
|
|
Tenant ID for the issuance configuration. |
| updatedAt |
Type : Date
|
Decorators :
@UpdateDateColumn()
|
|
The timestamp when the VP request was last updated. |
| Optional walletAttestationRequired |
Type : boolean
|
Decorators :
@IsBoolean()
|
|
Indicates whether wallet attestation is required for the token endpoint. When enabled, wallets must provide OAuth-Client-Attestation headers. Default value is false. |
import {
ApiExtraModels,
ApiHideProperty,
ApiPropertyOptional,
} from "@nestjs/swagger";
import { Type } from "class-transformer";
import {
IsArray,
IsBoolean,
IsNumber,
IsOptional,
IsString,
ValidateNested,
} from "class-validator";
import {
Column,
CreateDateColumn,
Entity,
ManyToOne,
PrimaryColumn,
UpdateDateColumn,
} from "typeorm";
import { TenantEntity } from "../../../../auth/tenant/entitites/tenant.entity";
import {
AuthenticationMethodAuth,
AuthenticationMethodNone,
AuthenticationMethodPresentation,
} from "../dto/authentication-config.dto";
import { ChainedAsConfig } from "../dto/chained-as-config.dto";
import { DisplayInfo } from "../dto/display.dto";
/**
* Entity to manage issuance configs
*/
@ApiExtraModels(
AuthenticationMethodNone,
AuthenticationMethodAuth,
AuthenticationMethodPresentation,
)
@Entity()
export class IssuanceConfig {
/**
* Tenant ID for the issuance configuration.
*/
@ApiHideProperty()
@PrimaryColumn()
tenantId!: string;
/**
* The tenant that owns this object.
*/
@ManyToOne(() => TenantEntity, { cascade: true, onDelete: "CASCADE" })
tenant!: TenantEntity;
/**
* Authentication server URL for the issuance process.
*/
@IsArray()
@IsOptional()
@Column({ type: "json", nullable: true })
authServers?: string[];
/**
* Value to determine the amount of credentials that are issued in a batch.
* Default is 1.
*/
@IsNumber()
@IsOptional()
@Column("int", { default: 1 })
batchSize?: number;
/**
* Indicates whether DPoP is required for the issuance process. Default value is true.
*/
@IsBoolean()
@IsOptional()
@Column("boolean", { default: true })
dPopRequired?: boolean;
/**
* Indicates whether wallet attestation is required for the token endpoint.
* When enabled, wallets must provide OAuth-Client-Attestation headers.
* Default value is false.
*/
@IsBoolean()
@IsOptional()
@Column("boolean", { default: false })
walletAttestationRequired?: boolean;
/**
* URLs of trust lists containing trusted wallet providers.
* The wallet attestation's X.509 certificate will be validated against these trust lists.
* If empty and walletAttestationRequired is true, all wallet providers are rejected.
*/
@IsArray()
@IsOptional()
@Column({ type: "json", nullable: true })
walletProviderTrustLists?: string[];
/**
* Optional key ID to use for signing access tokens.
* Must reference an existing key managed by the key service.
* If not set, the first available signing key for the tenant is used.
*/
@ApiPropertyOptional({
description:
"Key ID for signing access tokens. If unset, the default signing key is used.",
})
@IsOptional()
@IsString()
@Column({ type: "varchar", nullable: true })
signingKeyId?: string;
/**
* The URL of the preferred authorization server for wallet-initiated flows.
* When set, this AS is placed first in the `authorization_servers` array
* of the credential issuer metadata, signaling wallets to use it by default.
* Must match one of the configured auth servers, the chained AS URL, or "built-in".
*/
@IsOptional()
@IsString()
@Column({ type: "varchar", nullable: true })
preferredAuthServer?: string;
/**
* Configuration for Chained Authorization Server mode.
* When enabled, EUDIPLO acts as an OAuth AS facade, delegating user authentication
* to an upstream OIDC provider while issuing its own tokens with issuer_state.
*/
@ApiPropertyOptional({ type: () => ChainedAsConfig })
@ValidateNested()
@Type(() => ChainedAsConfig)
@IsOptional()
@Column({ type: "json", nullable: true })
chainedAs?: ChainedAsConfig | null;
@ValidateNested({ each: true })
@Type(() => DisplayInfo)
@Column("json", { nullable: true })
display!: DisplayInfo[];
/**
* Whether to issue refresh tokens for access token requests.
* Default: true
*/
@ApiPropertyOptional({
description:
"Whether refresh tokens should be issued for OID4VCI token responses.",
default: true,
})
@IsBoolean()
@IsOptional()
@Column("boolean", { default: true })
refreshTokenEnabled?: boolean;
/**
* Lifetime of issued refresh tokens in seconds.
* Default: 2592000 (30 days)
* Set to null for non-expiring refresh tokens (not recommended for security).
*/
@ApiPropertyOptional({
description:
"Refresh token lifetime in seconds. Defaults to 2592000 (30 days).",
default: 2592000,
nullable: true,
})
@IsNumber()
@IsOptional()
@Column("int", { default: 2592000, nullable: true })
refreshTokenExpiresInSeconds?: number;
/**
* The timestamp when the VP request was created.
*/
@CreateDateColumn()
createdAt!: Date;
/**
* The timestamp when the VP request was last updated.
*/
@UpdateDateColumn()
updatedAt!: Date;
}