# `AttestoPhoenix.Schema.PushedAuthorizationRequest`
[🔗](https://github.com/XukuLLC/attesto_phoenix/blob/v0.19.0/lib/attesto_phoenix/schema/pushed_authorization_request.ex#L1)

Ecto schema for a single Pushed Authorization Request (RFC 9126).

A PAR endpoint stores the normalized, validated authorization request
parameters behind a one-time `request_uri` reference
(`urn:ietf:params:oauth:request_uri:…`) and hands that reference to the
client; the client then presents only the `request_uri` at `/authorize`. An
in-memory store cannot share that reference across nodes - a `request_uri`
pushed to one node is unknown to another - so a clustered (or simply
load-balanced) deployment needs the reference in shared storage. This schema
backs `AttestoPhoenix.Store.EctoPARStore`, persisting one row per pushed
request so any node resolves a `request_uri` issued by any other.

## Columns

  * `request_uri` - the opaque `urn:ietf:params:oauth:request_uri:` reference
    (RFC 9126 §2.2) returned to the client. It is the PRIMARY KEY, so a
    reference is stored at most once and the authorization endpoint's lookup
    (and the optional single-use `take/1`) hits the primary key directly.
  * `params` - the stored, already-validated authorization request parameters
    (a string-keyed map; client authentication secrets are dropped before
    storage). Persisted as `jsonb`; the authorization endpoint re-runs the
    normal `Attesto.AuthorizationRequest` validation after resolving it.
  * `expires_at` - the reference's expiry (RFC 9126 §2.2). The store rejects an
    expired row on read, so an unswept expired reference is never honored.
  * `inserted_at` - when the reference was pushed (diagnostic; never a lookup
    key).

# `t`

```elixir
@type t() :: %AttestoPhoenix.Schema.PushedAuthorizationRequest{
  __meta__: term(),
  expires_at: DateTime.t() | nil,
  inserted_at: DateTime.t() | nil,
  params: map() | nil,
  request_uri: String.t() | nil
}
```

A persisted pushed authorization request row.

# `put_changeset`

```elixir
@spec put_changeset(
  t()
  | %AttestoPhoenix.Schema.PushedAuthorizationRequest{
      __meta__: term(),
      expires_at: term(),
      inserted_at: term(),
      params: term(),
      request_uri: term()
    },
  map()
) :: Ecto.Changeset.t()
```

Changeset for storing a freshly pushed authorization request.

Requires the `request_uri` reference, the stored `params`, and both instants.
A reference with no expiry would never fail closed, so a missing `:expires_at`
is a hard validation error rather than a silently unlimited reference. The
`unique_constraint/3` on the primary key surfaces a duplicate `request_uri` as
a changeset error (which `EctoPARStore.put/3` maps to `{:error, _}`) rather
than a raised exception.

---

*Consult [api-reference.md](api-reference.md) for complete listing*