@orangecheck/auth-core / SessionPayload
Interface: SessionPayload
Defined in: src/index.ts:31
Extends
JWTPayload
Indexable
[propName: string]: unknown
Any other JWT Claim Set member.
Properties
| Property | Type | Description | Overrides | Inherited from | Defined in |
|---|---|---|---|---|---|
<a id="property-addr"></a> addr | string | - | - | - | src/index.ts:33 |
<a id="property-aud"></a> aud? | string | string[] | JWT Audience See RFC7519#section-4.1.3 | - | JWTPayload.aud | node_modules/jose/dist/types/types.d.ts:594 |
<a id="property-exp"></a> exp? | number | JWT Expiration Time See RFC7519#section-4.1.4 | - | JWTPayload.exp | node_modules/jose/dist/types/types.d.ts:615 |
<a id="property-home_federation"></a> home_federation? | string | null | Slug of the federation this user is bound to (their "home" federation). Multi-federation routing reads this; v1 has one live federation so it's set on first signin and rarely changes. Absent on tokens minted before this field shipped, and on accounts that have never bound to a federation. Consumers fall back to the directory default at /api/federations when absent. | - | - | src/index.ts:52 |
<a id="property-iat"></a> iat? | number | JWT Issued At See RFC7519#section-4.1.6 | - | JWTPayload.iat | node_modules/jose/dist/types/types.d.ts:622 |
<a id="property-iss"></a> iss? | string | JWT Issuer See RFC7519#section-4.1.1 | - | JWTPayload.iss | node_modules/jose/dist/types/types.d.ts:580 |
<a id="property-jti"></a> jti | string | JWT ID See RFC7519#section-4.1.7 | JWTPayload.jti | - | src/index.ts:34 |
<a id="property-name"></a> name? | string | null | Optional display name set by the user via the auth host's profile surface. When present, consumer subdomains can render it in their header chip without a network round-trip. Re-minted on signin and whenever the user updates their profile. | - | - | src/index.ts:41 |
<a id="property-nbf"></a> nbf? | number | JWT Not Before See RFC7519#section-4.1.5 | - | JWTPayload.nbf | node_modules/jose/dist/types/types.d.ts:608 |
<a id="property-npub"></a> npub? | string | null | Optional Nostr npub set by the user. Same lifecycle as name. | - | - | src/index.ts:43 |
<a id="property-signing_method"></a> signing_method? | "fedimint_threshold" | "fedimint_client" | "bip322" | null | Discriminator recording where this user is on the custody-state graph. Three legitimate states: - 'fedimint_threshold' — federation custody via the OC-introduced federation (default for email-OTP signups; OC's threshold guardians hold key shares). - 'fedimint_client' — user moved their balance to a Fedimint federation they picked themselves (still federation custody, but on a federation OC didn't introduce). - 'bip322' — full self-custody. The user signs with their own Bitcoin key. OC has zero authority over their funds. Graduation is the product thesis. This field is the structural primitive that records progress along the custody-state graph; transitions are recorded as anchored "rebind" envelopes. Absent on tokens minted before the field shipped — consumers should treat undefined as 'fedimint_threshold' for email-OTP identities and 'bip322' for BIP-322 identities (the default-by-construction mapping). | - | - | src/index.ts:74 |
<a id="property-sub"></a> sub | string | JWT Subject See RFC7519#section-4.1.2 | JWTPayload.sub | - | src/index.ts:32 |