Oihana PHP System

PendingRevocation extends Thing uses PendingRevocationTrait

Represents a deferred revocation that could not be applied to its target provider at the time the local revocation was committed.

Typical use case: an admin revokes a user's sessions; the local soft-delete succeeds in ArangoDB but the propagation call to the identity provider (e.g. Zitadel via Sessions API v2) fails (timeout, 5xx, network). Instead of leaving the provider in an inconsistent state, the revocation intent is persisted here and replayed asynchronously by:

  • a periodic background command (auth:sessions:retry-zitadel-revocations);
  • the local cache flush flow (bun flush);
  • opportunistic retries on next login or next admin revocation for the same user (when the connectivity to the provider is known to be working).

The schema is intentionally provider-agnostic: the provider discriminator lets future cleanup pipelines (Magento token invalidation, Auth0, custom IdPs) reuse the same collection without a parallel schema.

Thing provides: _key, id, identifier, name, active, owner, created, modified.

Constants can be referenced directly: PendingRevocation::TARGET_ID, PendingRevocation::ATTEMPTS, etc.

Tags
author

Marc Alcaraz

Table of Contents

Constants

ATTEMPTS  : string = 'attempts'
CONTEXT  : string = \xyz\oihana\schema\constants\Oihana::SCHEMA
The @context of the json-ld representation of the thing.
JSON_PRIORITY_KEYS  : array<string|int, mixed> = [\org\schema\constants\Schema::AT_TYPE, \org\sc...
Defines the priority order of keys when serializing the object to JSON-LD.
LAST_ATTEMPT_AT  : string = 'lastAttemptAt'
LAST_ERROR  : string = 'lastError'
PROVIDER  : string = 'provider'
REASON  : string = 'reason'
TARGET_ID  : string = 'targetId'
TARGET_TYPE  : string = 'targetType'
USER_IDENTIFIER  : string = 'userIdentifier'
USER_KEY  : string = 'userKey'

Properties

$_from  : string|null
The metadata to indicates the edge 'from' identifier.
$_id  : null|string
The metadata identifier of the item.
$_key  : null|string
The metadata unique key identifier of the thing.
$_rev  : null|string
The metadata revision value of the thing.
$_to  : string|null
The metadata to indicates the edge 'to' identifier.
$active  : bool|null
The active flag.
$additionalType  : array<string|int, mixed>|string|null|object
An additionalType for the item.
$alternateName  : string|object|array<string|int, mixed>|null
An alias for the item.
$attempts  : int|null
Number of times the retry pipeline already attempted to replay the revocation. Bumped on every replay attempt. Capped by the retry command's `--max-attempts` (default 5): past this threshold the row is kept for manual inspection.
$created  : null|string
Date of creation of the resource.
$description  : string|object|array<string|int, mixed>|null
A short description of the item.
$disambiguatingDescription  : string|null
A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.
$hasPart  : string|Thing|array<string|int, Thing>|null
Indicates an item that this part of this item.
$id  : null|int|string
The unique identifier of the item.
$identifier  : string|null
The identifier of the item.
$image  : string|ImageObject|array<string|int, ImageObject|string>|null
The image reference of this resource.
$isPartOf  : string|Thing|array<string|int, Thing>|null
Indicates an item that this item is part of.
$lastAttemptAt  : string|null
The ISO 8601 UTC timestamp of the most recent retry attempt.
$lastError  : string|null
Short message captured from the last failed retry attempt (provider error code / exception message). Plain text, no PII.
$license  : string|object|null
A legal document giving official permission to do something with the resource.
$mainEntityOfPage  : string|null
Indicates a page (or other CreativeWork) for which this thing is the main entity being described.
$modified  : null|string
Date on which the resource was changed.
$name  : int|string|null
The name of the item.
$owner  : null|string|Thing
The owner of this Thing.
$potentialAction  : array<string|int, mixed>|Action|null
Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.
$provider  : string|null
The identity provider that owns the target resource. Examples: `"zitadel"`, `"magento"`, `"auth0"`. Used by the retry pipeline to route the replay to the matching client trait.
$publisher  : string|array<string|int, string|Person|Organization>|Person|Organization|null
The publisher of the resource.
$reason  : string|null
Free-form reason describing why this revocation was queued.
$sameAs  : string|array<string|int, mixed>|null
URL of a reference Web page that unambiguously indicates the item's identity.
$subjectOf  : null|string|array<string|int, mixed>|CreativeWork|Event
A CreativeWork or Event about this Thing.
$targetId  : string|null
The identifier of the resource to revoke on the provider side.
$targetType  : string|null
The category of resource being revoked. Examples: `"session"`, `"token"`, `"user"`. Lets a single collection hold heterogeneous revocation intents while keeping the retry logic strongly typed.
$url  : int|string|null
URL of the item.
$userIdentifier  : string|null
The provider-side user identifier (e.g. Zitadel `sub` claim). Used by retry hooks to scope opportunistic retries to a single user during a login or a fresh admin revocation event.
$userKey  : string|null
The ArangoDB `_key` of the local user document that owns this revocation intent. Useful for audit (joining back to the user row after anonymisation of `userIdentifier`) and for opportunistic cleanup on user delete cascade.
$atContext  : string|null
The JSON-LD `@context` value.
$atType  : string|null
The JSON-LD `@type` value.
$DEFAULT_JSON_SERIALIZE_OPTIONS  : array<string|int, mixed>
The default static jsonSerialize options (class-level configuration).
$schemaTypeCache  : array<string, string>
Internal cache for resolved schema types.

Methods

__construct()  : mixed
Constructor to hydrate public properties from an array or stdClass.
getJsonSerializeOptions()  : array<string|int, mixed>
Returns the default JSON serialization options.
getSchemaType()  : string
Returns the fully qualified URI of the schema type.
jsonSerialize()  : array<string|int, mixed>
Serializes the current object into a JSON-LD array.
withAtContext()  : $this
Sets the internal JSON-LD `@context` attribute.
withAtType()  : $this
Sets the internal JSON-LD `@type` attribute.
withJSONLDMeta()  : $this
Initializes both JSON-LD metadata: `@type` and `@context`.

Constants

CONTEXT

The @context of the json-ld representation of the thing.

public string CONTEXT = \xyz\oihana\schema\constants\Oihana::SCHEMA

JSON_PRIORITY_KEYS

Defines the priority order of keys when serializing the object to JSON-LD.

public array<string|int, mixed> JSON_PRIORITY_KEYS = [\org\schema\constants\Schema::AT_TYPE, \org\schema\constants\Schema::AT_CONTEXT, \org\schema\constants\Schema::_KEY, \org\schema\constants\Schema::_FROM, \org\schema\constants\Schema::_TO, \org\schema\constants\Schema::ID, \org\schema\constants\Schema::NAME, \org\schema\constants\Schema::URL, \org\schema\constants\Schema::CREATED, \org\schema\constants\Schema::MODIFIED]

Keys listed here will always appear first in the serialized array, in the order specified. All remaining public properties will be sorted alphabetically after these priority keys.

This ensures that important JSON-LD metadata and system fields (like @type, @context, _key, id, url, created, modified, etc.) appear at the top of the output for consistency and readability.

Usage:

$orderedKeys = self::JSON_PRIORITY_KEYS;

Notes:

  • Can be overridden in a subclass by redefining the constant.
  • Late static binding (static::JSON_PRIORITY_KEYS) allows child classes to modify the serialization order.

List of JSON-LD keys in priority order.

Properties

$_from

The metadata to indicates the edge 'from' identifier.

public string|null $_from

$_id

The metadata identifier of the item.

public null|string $_id

$_key

The metadata unique key identifier of the thing.

public null|string $_key

$_rev

The metadata revision value of the thing.

public null|string $_rev

$_to

The metadata to indicates the edge 'to' identifier.

public string|null $_to

$active

The active flag.

public bool|null $active

$additionalType

An additionalType for the item.

public array<string|int, mixed>|string|null|object $additionalType

$alternateName

An alias for the item.

public string|object|array<string|int, mixed>|null $alternateName

$attempts

Number of times the retry pipeline already attempted to replay the revocation. Bumped on every replay attempt. Capped by the retry command's `--max-attempts` (default 5): past this threshold the row is kept for manual inspection.

public int|null $attempts

$created

Date of creation of the resource.

public null|string $created

$description

A short description of the item.

public string|object|array<string|int, mixed>|null $description

$disambiguatingDescription

A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.

public string|null $disambiguatingDescription

$hasPart

Indicates an item that this part of this item.

public string|Thing|array<string|int, Thing>|null $hasPart

$id

The unique identifier of the item.

public null|int|string $id

$identifier

The identifier of the item.

public string|null $identifier

$isPartOf

Indicates an item that this item is part of.

public string|Thing|array<string|int, Thing>|null $isPartOf

$lastAttemptAt

The ISO 8601 UTC timestamp of the most recent retry attempt.

public string|null $lastAttemptAt

Null when the row was just inserted and has not been replayed yet.

$lastError

Short message captured from the last failed retry attempt (provider error code / exception message). Plain text, no PII.

public string|null $lastError

$license

A legal document giving official permission to do something with the resource.

public string|object|null $license

$mainEntityOfPage

Indicates a page (or other CreativeWork) for which this thing is the main entity being described.

public string|null $mainEntityOfPage

$modified

Date on which the resource was changed.

public null|string $modified

$name

The name of the item.

public int|string|null $name

$owner

The owner of this Thing.

public null|string|Thing $owner

Represents any entity (person, organization, system, or other object) that can be considered the possessor of this Thing.

$potentialAction

Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.

public array<string|int, mixed>|Action|null $potentialAction

$provider

The identity provider that owns the target resource. Examples: `"zitadel"`, `"magento"`, `"auth0"`. Used by the retry pipeline to route the replay to the matching client trait.

public string|null $provider

$reason

Free-form reason describing why this revocation was queued.

public string|null $reason

Examples: "admin_revoke", "user_logout", "password_change", "user_disabled". Mirrors the convention used by Session.revocationReason.

$sameAs

URL of a reference Web page that unambiguously indicates the item's identity.

public string|array<string|int, mixed>|null $sameAs

E.g. the URL of the item's Wikipedia page, Wikidata entry, or official website.

$subjectOf

A CreativeWork or Event about this Thing.

public null|string|array<string|int, mixed>|CreativeWork|Event $subjectOf

$targetId

The identifier of the resource to revoke on the provider side.

public string|null $targetId

Examples: a Zitadel sessionId, a Magento tokenId. Opaque to the local pipeline, only meaningful for the provider's API.

$targetType

The category of resource being revoked. Examples: `"session"`, `"token"`, `"user"`. Lets a single collection hold heterogeneous revocation intents while keeping the retry logic strongly typed.

public string|null $targetType

$url

URL of the item.

public int|string|null $url

$userIdentifier

The provider-side user identifier (e.g. Zitadel `sub` claim). Used by retry hooks to scope opportunistic retries to a single user during a login or a fresh admin revocation event.

public string|null $userIdentifier

$userKey

The ArangoDB `_key` of the local user document that owns this revocation intent. Useful for audit (joining back to the user row after anonymisation of `userIdentifier`) and for opportunistic cleanup on user delete cascade.

public string|null $userKey

$atContext

The JSON-LD `@context` value.

protected string|null $atContext = null

Default is https://schema.org.

$atType

The JSON-LD `@type` value.

protected string|null $atType = null

This can be manually set or automatically inferred from the class name.

$DEFAULT_JSON_SERIALIZE_OPTIONS

The default static jsonSerialize options (class-level configuration).

protected static array<string|int, mixed> $DEFAULT_JSON_SERIALIZE_OPTIONS = []

$schemaTypeCache

Internal cache for resolved schema types.

private static array<string, string> $schemaTypeCache = []

Methods

__construct()

Constructor to hydrate public properties from an array or stdClass.

public __construct([array<string|int, mixed>|object|null $init = null ]) : mixed

This allows objects to be quickly populated with associative data without manually setting each property.

Parameters
$init : array<string|int, mixed>|object|null = null

A data array or object used to initialize the instance. Keys must match public property names.

Tags
throws
ReflectionException
example 
use org\schema\Person;
use org\schema\constants\Prop;

$person = new Person
([
    Prop::NAME => 'Jane Doe',
    Prop::URL  => 'https://example.com/janedoe'
]);

echo $person->name; // Outputs: Jane Doe

getJsonSerializeOptions()

Returns the default JSON serialization options.

public getJsonSerializeOptions() : array<string|int, mixed>

This method determines how the jsonSerialize() output is reduced or compressed, etc. It can be overridden in child classes to customize serialization behavior.

Return values
array<string|int, mixed>

Returns the reduction/compression options for JSON serialization.

getSchemaType()

Returns the fully qualified URI of the schema type.

public static getSchemaType() : string

This method combines the class's CONTEXT constant with its short name to produce a globally unique identifier for the entity type.

  • It uses Late Static Binding to ensure the correct context is retrieved even when called from an inherited class (e.g., Corporation vs. Affiliate).
  • Performance Optimization: Results are stored in a static cache ($schemaTypeCache) to avoid redundant Reflection calls during the same execution lifecycle.
Return values
string

The absolute URI of the type (e.g., "https://schema.org/Thing"). ** @example

echo Thing::getSchemaType();      // https://schema.org/Thing
echo Affiliate::getSchemaType();  // https://schema.oihana.xyz/Pagination

jsonSerialize()

Serializes the current object into a JSON-LD array.

public jsonSerialize() : array<string|int, mixed>

Includes public properties, the JSON-LD @context and @type. Null values are automatically removed.

Tags
throws
ReflectionException

If reflection fails when accessing properties.

example 
use org\schema\Person;
use org\schema\constants\Prop;

$person = new Person
([
    Prop::NAME => 'John Smith',
    Prop::ID   => 'jsmith-001'
]);

echo json_encode($person, JSON_PRETTY_PRINT);

Output:

{
   "@type": "Person",
   "@context": "https://schema.org",
   "id": "jsmith-001",
   "name": "John Smith"
}
Return values
array<string|int, mixed>

JSON-LD representation of the object.

withAtContext()

Sets the internal JSON-LD `@context` attribute.

public withAtContext(string $context) : $this

Useful if you need a custom JSON-LD context.

Parameters
$context : string

Optional JSON-LD context.

Return values
$this

withAtType()

Sets the internal JSON-LD `@type` attribute.

public withAtType(string $type) : $this

Allows overriding the default type inferred from the class.

Parameters
$type : string

Optional JSON-LD type

Return values
$this

withJSONLDMeta()

Initializes both JSON-LD metadata: `@type` and `@context`.

public withJSONLDMeta([string|null $atType = null ][, string|null $atContext = null ]) : $this

Can be called from constructor or later to override default values.

Parameters
$atType : string|null = null

Optional JSON-LD type

$atContext : string|null = null

Optional JSON-LD context

Return values
$this
On this page

Search results