Ordering contract (load-bearing): listFederations(sid) MUST return
federation names in INSERTION order (oldest first). routes/logout.mts
consumes the first element to choose the IdP for post-logout redirect.
Mutability: append-only (idempotent on duplicate name) + per-federation
removal (removeFederation(sid, name)) for federation logout completion +
full cleanup via removeBySid.
TTL contract: every addFederation MUST be called with the session's
expiresAt.
Sid-keyed index of upstream federation provider names that have authenticated this session. Per A4 §5.4.
Source data for: (a) cascade federation logout; (b) federation token route gating (
isFederationLinked(sid, name)semantics).Ordering contract (load-bearing):
listFederations(sid)MUST return federation names in INSERTION order (oldest first).routes/logout.mtsconsumes the first element to choose the IdP for post-logout redirect.Mutability: append-only (idempotent on duplicate name) + per-federation removal (
removeFederation(sid, name)) for federation logout completion + full cleanup viaremoveBySid.TTL contract: every
addFederationMUST be called with the session'sexpiresAt.