Oihana PHP System

AuthTrait uses trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short, trait:short

Table of Contents

Constants

ACTION  : string = 'action'
ACTION_STATUS_ACCEPTED  : string = 'accepted'
ACTION_STATUS_CANCELLED  : string = 'cancelled'
ACTION_STATUS_CONSUMED  : string = 'consumed'
ACTION_STATUS_EXPIRED  : string = 'expired'
ACTION_STATUS_PENDING  : string = 'pending'
ACTIVATED  : string = 'activated'
Indicates whether the user account has completed its activation flow.
ALGORITHM  : string = 'algorithm'
ALLOW_OFFLINE_ACCESS  : string = 'allowOfflineAccess'
ALLOW_SKIP_USER_CONSENT  : string = 'allowSkipUserConsent'
ALLOWED_IPS  : string = 'allowedIPs'
API_BASE_URL  : string = 'apiBaseUrl'
API_IDENTIFIER  : string = 'apiIdentifier'
APP_ID  : string = 'appId'
APP_META_DATA  : string = 'appMetadata'
Read-only metadata associated with the user.
APPLICATION_TYPE  : string = 'applicationType'
ATTEMPTS  : string = 'attempts'
AUDIENCE  : string = 'audience'
BLOCKED_FOR  : string = 'blockedFor'
Indicates why or for which scope the user is blocked.
CLIENT_ID  : string = 'clientId'
CREATED_BY  : string = 'createdBy'
CURRENT  : string = 'current'
DEFAULT  : string = 'default'
DESCRIPTION  : string = 'description'
DEVICES  : string = 'devices'
Collection of known or trusted user devices.
DISABLED_AT  : string = 'disabledAt'
DISABLED_BY  : string = 'disabledBy'
DISABLED_REASON  : string = 'disabledReason'
DOMAIN  : string = 'domain'
EFFECT  : string = 'effect'
EMAIL  : string = 'email'
EXPIRES_AT  : string = 'expiresAt'
FIRST_LOGIN_AT  : string = 'firstLoginAt'
Timestamp of the user's first successful login.
IMPLICIT_HYBRID_TOKEN_LIFETIME  : string = 'implicitHybridTokenLifetime'
INVITATION_STATUS  : string = 'invitationStatus'
Materialized lifecycle status of the latest invitation associated with the user.
IP  : string = 'ip'
ISSUER  : string = 'issuer'
KEY  : string = 'key'
KEY_ID  : string = 'keyId'
KEYFILE  : string = 'keyfile'
LAST_ATTEMPT_AT  : string = 'lastAttemptAt'
LAST_ERROR  : string = 'lastError'
LAST_LOGIN  : string = 'lastLogin'
Timestamp of the user's most recent successful authentication.
LAST_SEEN_IP  : string = 'lastSeenIP'
LAST_USED_AT  : string = 'lastUsedAt'
LEVEL  : string = 'level'
LOGINS_COUNT  : string = 'loginsCount'
Total number of successful user authentications.
MAX_LEVEL  : string = 'maxLevel'
Maximum role level assigned to the user across all associated roles.
MAXIMUM_ACCESS_TOKEN_EXPIRATION  : string = 'maximumAccessTokenExpiration'
METADATA  : string = 'metadata'
NAME  : string = 'name'
OBJECT  : string = 'object'
PENDING_EMAIL  : string = 'pendingEmail'
Email address currently awaiting verification.
PENDING_EMAIL_CODE_EXPIRES_AT  : string = 'pendingEmailCodeExpiresAt'
Expiration timestamp of the verification code associated with the pending email workflow.
PENDING_EMAIL_CODE_HASH  : string = 'pendingEmailCodeHash'
Secure hash of the verification code associated with the pending email verification workflow.
PENDING_EMAIL_SINCE  : string = 'pendingEmailSince'
Timestamp indicating when the pending email workflow started.
POST_LOGOUT_REDIRECT_URIS  : string = 'postLogoutRedirectUris'
PROTECTED  : string = 'protected'
PROVIDER  : string = 'provider'
RBAC  : string = 'rbac'
REASON  : string = 'reason'
REDIRECT_URIS  : string = 'redirectUris'
REDIRECT_URL  : string = 'redirectUrl'
REVOCATION_REASON  : string = 'revocationReason'
REVOKED_AT  : string = 'revokedAt'
SCOPE  : string = 'scope'
SCOPE_HAS_PERMISSION  : string = 'scopeHasPermission'
SENT_AT  : string = 'sentAt'
SENT_COUNT  : string = 'sentCount'
SIGNED_UP  : string = 'signedUp'
Indicates whether the user completed the signup workflow.
STATUS  : string = 'status'
Lifecycle status of the user account.
SUBJECT  : string = 'subject'
TARGET_ID  : string = 'targetId'
TARGET_TYPE  : string = 'targetType'
TOKEN  : string = 'token'
TOKEN_HASH  : string = 'tokenHash'
TOKENS_INVALID_BEFORE  : string = 'tokensInvalidBefore'
Epoch-seconds timestamp defining the authentication revocation cutoff for all access tokens issued to the user.
TYPE  : string = 'type'
USER_AGENT  : string = 'userAgent'
USER_ID  : string = 'userId'
USER_IDENTIFIER  : string = 'userIdentifier'
USER_KEY  : string = 'userKey'

Constants

ACTION_STATUS_ACCEPTED

public string ACTION_STATUS_ACCEPTED = 'accepted'

ACTION_STATUS_CANCELLED

public string ACTION_STATUS_CANCELLED = 'cancelled'

ACTION_STATUS_EXPIRED

public string ACTION_STATUS_EXPIRED = 'expired'

ACTION_STATUS_PENDING

public string ACTION_STATUS_PENDING = 'pending'

ACTIVATED

Indicates whether the user account has completed its activation flow.

public string ACTIVATED = 'activated'

This flag is generally set after the first successful authentication or after an email/account verification workflow.

Related model property:

public bool|null $activated ;

ALLOW_OFFLINE_ACCESS

public string ALLOW_OFFLINE_ACCESS = 'allowOfflineAccess'

ALLOW_SKIP_USER_CONSENT

public string ALLOW_SKIP_USER_CONSENT = 'allowSkipUserConsent'

APP_META_DATA

Read-only metadata associated with the user.

public string APP_META_DATA = 'appMetadata'

Commonly used for:

  • Roles
  • Permission snapshots
  • VIP flags
  • Internal application configuration
  • Derived authorization information

Related model property:

public array|object|null $appMetadata ;

BLOCKED_FOR

Indicates why or for which scope the user is blocked.

public string BLOCKED_FOR = 'blockedFor'

This field may contain:

  • API restrictions
  • Application-specific bans
  • Temporary suspension reasons
  • Security mitigation contexts

Related model property:

public array|string|null $blockedFor ;

DEVICES

Collection of known or trusted user devices.

public string DEVICES = 'devices'

Used to:

  • Manage refresh-token associations
  • Revoke sessions per device
  • Force reauthentication
  • Track authenticated environments

Related model property:

public array|null $devices ;

FIRST_LOGIN_AT

Timestamp of the user's first successful login.

public string FIRST_LOGIN_AT = 'firstLoginAt'

Immutable audit-oriented field generally stored in ISO 8601 format.

Related model property:

public string|null $firstLoginAt ;

IMPLICIT_HYBRID_TOKEN_LIFETIME

public string IMPLICIT_HYBRID_TOKEN_LIFETIME = 'implicitHybridTokenLifetime'

INVITATION_STATUS

Materialized lifecycle status of the latest invitation associated with the user.

public string INVITATION_STATUS = 'invitationStatus'

Used by administrative interfaces to expose invitation state without requiring additional collection lookups.

Typical values include:

  • pending
  • accepted
  • cancelled
  • expired
  • revoked

Related model property:

public string|null $invitationStatus ;

LAST_LOGIN

Timestamp of the user's most recent successful authentication.

public string LAST_LOGIN = 'lastLogin'

Related model property:

public string|null $lastLogin ;

LOGINS_COUNT

Total number of successful user authentications.

public string LOGINS_COUNT = 'loginsCount'

Commonly used for:

  • Analytics
  • User activity indicators
  • Security heuristics
  • Administrative dashboards

Related model property:

public int|null $loginsCount ;

MAX_LEVEL

Maximum role level assigned to the user across all associated roles.

public string MAX_LEVEL = 'maxLevel'

Materialized helper field mainly used by administrative interfaces to expose hierarchy hints and UX restrictions.

Related model property:

public int|null $maxLevel ;

MAXIMUM_ACCESS_TOKEN_EXPIRATION

public string MAXIMUM_ACCESS_TOKEN_EXPIRATION = 'maximumAccessTokenExpiration'

PENDING_EMAIL

Email address currently awaiting verification.

public string PENDING_EMAIL = 'pendingEmail'

Used during email-change workflows where the previously verified email remains authoritative until confirmation succeeds.

Related model property:

public string|null $pendingEmail ;

PENDING_EMAIL_CODE_EXPIRES_AT

Expiration timestamp of the verification code associated with the pending email workflow.

public string PENDING_EMAIL_CODE_EXPIRES_AT = 'pendingEmailCodeExpiresAt'

Usually stored as an ISO 8601 string.

Related model property:

public string|null $pendingEmailCodeExpiresAt ;

PENDING_EMAIL_CODE_HASH

Secure hash of the verification code associated with the pending email verification workflow.

public string PENDING_EMAIL_CODE_HASH = 'pendingEmailCodeHash'

The raw verification code must never be persisted.

Related model property:

public string|null $pendingEmailCodeHash ;

PENDING_EMAIL_SINCE

Timestamp indicating when the pending email workflow started.

public string PENDING_EMAIL_SINCE = 'pendingEmailSince'

Usually stored as an ISO 8601 string.

Related model property:

public string|null $pendingEmailSince ;

POST_LOGOUT_REDIRECT_URIS

public string POST_LOGOUT_REDIRECT_URIS = 'postLogoutRedirectUris'

REVOCATION_REASON

public string REVOCATION_REASON = 'revocationReason'

SCOPE_HAS_PERMISSION

public string SCOPE_HAS_PERMISSION = 'scopeHasPermission'

SIGNED_UP

Indicates whether the user completed the signup workflow.

public string SIGNED_UP = 'signedUp'

Related model property:

public string|null $signedUp ;

STATUS

Lifecycle status of the user account.

public string STATUS = 'status'

This status controls whether authentication and access are allowed.

Typical values include:

  • active
  • disabled
  • suspended
  • pending

Related model property:

public string|null $status ;

TOKENS_INVALID_BEFORE

Epoch-seconds timestamp defining the authentication revocation cutoff for all access tokens issued to the user.

public string TOKENS_INVALID_BEFORE = 'tokensInvalidBefore'

This property is updated during bulk session revocation flows, including:

  • Administrative "revoke all sessions" actions
  • Self-service "log out everywhere" operations
  • Security incident mitigation procedures

During authentication, the middleware compares this value against the JWT iat (issued-at) claim:

token.iat < tokensInvalidBefore

If true, the token is rejected with:

  • HTTP status 401 Unauthorized
  • revocation reason tokens_revoked

even when the token signature and expiration are still valid.

The value is intentionally stored as an integer epoch timestamp rather than ISO 8601 for extremely fast integer comparisons during authenticated API requests.

A null value means no global token revocation cutoff currently applies to the user.

Related model property:

public int|null $tokensInvalidBefore ;
On this page

Search results