impierce · nanderstabel · Dec 12, 2025 · Dec 2, 2025 · Dec 2, 2025 · Dec 3, 2025
@@ -12,10 +12,11 @@ use axum::{
 };
 use http::header;
 use oid4vci::wallet::AuthorizationRequestByReference;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn authorize(
-    State(state): State<AuthorizationState>,
+    State(state): State<Arc<AuthorizationState>>,
     Query(authorization_request): Query<AuthorizationRequestByReference>,
 ) -> Result<Response, PublicError> {
     match OAuth2AuthorizationService::handle_authorization_request(&state, authorization_request)
@@ -109,7 +110,7 @@ pub mod tests {
     #[serial_test::serial]
     #[tokio::test]
     async fn test_authorization_endpoint() {
-        let issuance_state = issuance_state(&InMemory, Service::default(), Default::default()).await;
+        let issuance_state = Arc::new(issuance_state(&InMemory, Service::default(), Default::default()).await);
 
         agent_issuance::state::initialize(&issuance_state).await.unwrap();
 
@@ -120,7 +121,8 @@ pub mod tests {
         let AuthorizationCode { issuer_state, .. } = authorization_code.unwrap();
         let issuer_state = issuer_state.unwrap();
 
-        let authorization_state = authorization_state(&InMemory, Service::default(), Default::default()).await;
+        let authorization_state =
+            Arc::new(authorization_state(&InMemory, Service::default(), Default::default()).await);
         agent_authorization::state::initialize(&authorization_state)
             .await
             .unwrap();

@@ -12,11 +12,12 @@ use axum::{
 };
 use http::{header, StatusCode};
 use serde::{Deserialize, Serialize};
+use std::sync::Arc;
 use tracing::info;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn get_consent(
-    State(state): State<AuthorizationState>,
+    State(state): State<Arc<AuthorizationState>>,
     StringifiedQuery(GetConsentQuery { request_uri }): StringifiedQuery<GetConsentQuery>,
 ) -> Result<Response, PublicError> {
     let ConsentPageViewModel {
@@ -47,7 +48,7 @@ pub struct ConsentForm {
 
 // TODO: investigate replay attacks as described here: https://github.com/impierce/ssi-agent/issues/241
 pub async fn post_consent(
-    State(state): State<AuthorizationState>,
+    State(state): State<Arc<AuthorizationState>>,
     Form(ConsentForm {
         client_id,
         request_uri,

@@ -7,10 +7,11 @@ use axum::{
     response::{IntoResponse, Response},
 };
 use oid4vci::authorization_request::AuthorizationRequest;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn par(
-    State(state): State<AuthorizationState>,
+    State(state): State<Arc<AuthorizationState>>,
     StringifiedForm(pushed_authorization_request): StringifiedForm<AuthorizationRequest>,
 ) -> Result<Response, PublicError> {
     let pushed_authorization_response =
@@ -103,7 +104,7 @@ pub mod tests {
     #[serial_test::serial]
     #[tokio::test]
     async fn test_pushed_authorization_request_endpoint() {
-        let issuance_state = issuance_state(&InMemory, Service::default(), Default::default()).await;
+        let issuance_state = Arc::new(issuance_state(&InMemory, Service::default(), Default::default()).await);
 
         agent_issuance::state::initialize(&issuance_state).await.unwrap();
 
@@ -114,7 +115,8 @@ pub mod tests {
         let AuthorizationCode { issuer_state, .. } = authorization_code.unwrap();
         let issuer_state = issuer_state.unwrap();
 
-        let authorization_state = authorization_state(&InMemory, Service::default(), Default::default()).await;
+        let authorization_state =
+            Arc::new(authorization_state(&InMemory, Service::default(), Default::default()).await);
         agent_authorization::state::initialize(&authorization_state)
             .await
             .unwrap();

@@ -9,10 +9,11 @@ use axum::{
     Form,
 };
 use oid4vci::token_request::TokenRequest;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn token(
-    State((authorization_state, issuance_state)): State<(AuthorizationState, IssuanceState)>,
+    State((authorization_state, issuance_state)): State<(Arc<AuthorizationState>, Arc<IssuanceState>)>,
     Form(token_request): Form<TokenRequest>,
 ) -> Result<Response, PublicError> {
     let token_response =
@@ -138,7 +139,7 @@ pub mod tests {
     #[serial_test::serial]
     #[tokio::test]
     async fn test_token_endpoint(#[case] is_pre_authorized: bool) {
-        let issuance_state = issuance_state(&InMemory, Service::default(), Default::default()).await;
+        let issuance_state = Arc::new(issuance_state(&InMemory, Service::default(), Default::default()).await);
 
         agent_issuance::state::initialize(&issuance_state).await.unwrap();
 
@@ -153,7 +154,8 @@ pub mod tests {
         credentials(&mut app, &credential_configuration_id).await;
         let grants = offers(&mut app, &credential_configuration_id).await.unwrap();
 
-        let authorization_state = authorization_state(&InMemory, Service::default(), Default::default()).await;
+        let authorization_state =
+            Arc::new(authorization_state(&InMemory, Service::default(), Default::default()).await);
 
         agent_authorization::state::initialize(&authorization_state)
             .await

@@ -1,3 +1,4 @@
+// Endpoint handlers
 pub mod authorization_server;
 
 pub mod error;
@@ -9,8 +10,9 @@ use agent_issuance::state::IssuanceState;
 use authorization_server::{authorize::authorize, par::par, token::token};
 use axum::routing::get;
 use axum::{routing::post, Router};
+use std::sync::Arc;
 
-pub fn router((authorization_state, issuance_state): (AuthorizationState, IssuanceState)) -> Router {
+pub fn router((authorization_state, issuance_state): (Arc<AuthorizationState>, Arc<IssuanceState>)) -> Router {
     Router::new()
         .nest(API_VERSION, Router::new())
         .route("/auth/consent", get(get_consent).post(post_consent))

@@ -9,9 +9,10 @@ use http_api_problem::ApiError;
 use hyper::StatusCode;
 use identity_credential::credential::Jwt;
 use serde::{Deserialize, Serialize};
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
-pub(crate) async fn credentials(State(state): State<HolderState>) -> Result<Response, ApiError> {
+pub(crate) async fn credentials(State(state): State<Arc<HolderState>>) -> Result<Response, ApiError> {
     let all_credentials = query_handler("all_holder_credentials", &state.query.all_holder_credentials)
         .await?
         .map(|all_credentials_view| all_credentials_view.credentials.into_values().collect::<Vec<_>>())
@@ -28,7 +29,7 @@ pub struct HolderCredentialsEndpointRequest {
 
 #[axum_macros::debug_handler]
 pub(crate) async fn post_credentials(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Json(HolderCredentialsEndpointRequest { credential }): Json<HolderCredentialsEndpointRequest>,
 ) -> Result<Response, ApiError> {
     let holder_credential_id = uuid::Uuid::new_v4().to_string();
@@ -50,7 +51,7 @@ pub(crate) async fn post_credentials(
 
 #[axum_macros::debug_handler]
 pub(crate) async fn credential(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(holder_credential_id): Path<String>,
 ) -> Result<Response, ApiError> {
     query_handler(&holder_credential_id, &state.query.holder_credential)

@@ -11,10 +11,11 @@ use axum::{
 };
 use http_api_problem::ApiError;
 use hyper::StatusCode;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn accept(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(received_offer_id): Path<String>,
 ) -> Result<Response, ApiError> {
     // TODO: General note that also applies to other endpoints: currently we are using Application Layer logic in the

@@ -10,9 +10,10 @@ use axum::{
 };
 use http_api_problem::ApiError;
 use hyper::StatusCode;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
-pub(crate) async fn offers(State(state): State<HolderState>) -> Result<Response, ApiError> {
+pub(crate) async fn offers(State(state): State<Arc<HolderState>>) -> Result<Response, ApiError> {
     let all_received_offers = query_handler("all_received_offers", &state.query.all_received_offers)
         .await?
         .map(|all_received_offers_view| {
@@ -28,7 +29,7 @@ pub(crate) async fn offers(State(state): State<HolderState>) -> Result<Response,
 
 #[axum_macros::debug_handler]
 pub(crate) async fn offer(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(received_offer_id): Path<String>,
 ) -> Result<Response, ApiError> {
     query_handler(&received_offer_id, &state.query.received_offer)

@@ -6,10 +6,11 @@ use axum::{
 };
 use http_api_problem::ApiError;
 use hyper::StatusCode;
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn reject(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(received_offer_id): Path<String>,
 ) -> Result<Response, ApiError> {
     let command = OfferCommand::RejectCredentialOffer {

@@ -12,9 +12,10 @@ use axum::{
 use http_api_problem::ApiError;
 use hyper::StatusCode;
 use serde::{Deserialize, Serialize};
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
-pub(crate) async fn get_presentations(State(state): State<HolderState>) -> Result<Response, ApiError> {
+pub(crate) async fn get_presentations(State(state): State<Arc<HolderState>>) -> Result<Response, ApiError> {
     let all_presentations = query_handler("all_presentations", &state.query.all_presentations)
         .await?
         .map(|all_presentations_view| all_presentations_view.presentations.into_values().collect::<Vec<_>>())
@@ -25,7 +26,7 @@ pub(crate) async fn get_presentations(State(state): State<HolderState>) -> Resul
 
 #[axum_macros::debug_handler]
 pub(crate) async fn presentation(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(presentation_id): Path<String>,
 ) -> Result<Response, ApiError> {
     query_handler(&presentation_id, &state.query.presentation)
@@ -42,7 +43,7 @@ pub struct PresentationsEndpointRequest {
 
 #[axum_macros::debug_handler]
 pub(crate) async fn post_presentations(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Json(PresentationsEndpointRequest { credential_ids }): Json<PresentationsEndpointRequest>,
 ) -> Result<Response, ApiError> {
     let mut credentials = vec![];

@@ -6,10 +6,11 @@ use axum::{
 };
 use http_api_problem::ApiError;
 use hyper::{header, StatusCode};
+use std::sync::Arc;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn presentation_signed(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     Path(presentation_id): Path<String>,
 ) -> Result<Response, ApiError> {
     match query_handler(&presentation_id, &state.query.presentation).await? {

@@ -1,5 +1,6 @@
 // TODO: further refactor the API's folder structure to reflect the API's routes.
 #[allow(clippy::module_inception)]
+// Endpoint handlers
 pub mod holder;
 pub mod openid4vci;
 
@@ -17,8 +18,9 @@ use holder::{
     credentials::{credential, post_credentials},
     presentations::{get_presentations, post_presentations, presentation, presentation_signed::presentation_signed},
 };
+use std::sync::Arc;
 
-pub fn router(holder_state: HolderState) -> Router {
+pub fn router(holder_state: Arc<HolderState>) -> Router {
     Router::new()
         .nest(
             API_VERSION,

@@ -9,11 +9,12 @@ use http_api_problem::ApiError;
 use hyper::StatusCode;
 use oid4vci::credential_offer::CredentialOffer;
 use serde_json::Value;
+use std::sync::Arc;
 use tracing::info;
 
 #[axum_macros::debug_handler]
 pub(crate) async fn offers_params(
-    State(state): State<HolderState>,
+    State(state): State<Arc<HolderState>>,
     // TODO: Can this be changed to `StringifiedForm`?
     Form(payload): Form<serde_json::Value>,
 ) -> Result<Response, ApiError> {

@@ -1,3 +1,5 @@
+use std::sync::Arc;
+
 use crate::handlers::{command_handler, query_handler};
 use crate::API_VERSION;
 use agent_identity::{connection::command::ConnectionCommand, state::IdentityState};
@@ -28,7 +30,7 @@ pub struct PostConnectionsEndpointRequest {
 
 #[axum_macros::debug_handler]
 pub(crate) async fn post_connections(
-    State(state): State<IdentityState>,
+    State(state): State<Arc<IdentityState>>,
     Json(PostConnectionsEndpointRequest {
         alias,
         domain,
@@ -76,7 +78,7 @@ pub struct GetConnectionsEndpointRequest {
 
 #[axum_macros::debug_handler]
 pub(crate) async fn get_connections(
-    State(state): State<IdentityState>,
+    State(state): State<Arc<IdentityState>>,
     Form(GetConnectionsEndpointRequest { alias, domain, did }): Form<GetConnectionsEndpointRequest>,
 ) -> Result<Response, ApiError> {
     debug!("Request Params - alias: {alias:?}, domain: {domain:?}, did: {did:?}");
@@ -107,7 +109,7 @@ pub(crate) async fn get_connections(
 
 #[axum_macros::debug_handler]
 pub(crate) async fn get_connection(
-    State(state): State<IdentityState>,
+    State(state): State<Arc<IdentityState>>,
     Path(connection_id): Path<String>,
 ) -> Result<Response, ApiError> {
     query_handler(&connection_id, &state.query.connection)

@@ -9,6 +9,7 @@ use axum::{
 use http_api_problem::ApiError;
 use hyper::StatusCode;
 use serde::{Deserialize, Serialize};
+use std::sync::Arc;
 use tracing::debug;
 
 #[derive(Deserialize, Serialize)]
@@ -18,7 +19,7 @@ pub struct GetDocumentsEndpoint {
 }
 
 pub(crate) async fn get_documents(
-    State(state): State<IdentityState>,
+    State(state): State<Arc<IdentityState>>,
     Form(GetDocumentsEndpoint { did_method }): Form<GetDocumentsEndpoint>,
 ) -> Result<Response, ApiError> {
     debug!("Request Params - did_method: {did_method:?}");
@@ -45,7 +46,7 @@ pub(crate) async fn get_documents(
 
 #[axum_macros::debug_handler]
 pub(crate) async fn get_document(
-    State(state): State<IdentityState>,
+    State(state): State<Arc<IdentityState>>,
     Path(document_id): Path<String>,
 ) -> Result<Response, ApiError> {
     query_handler(&document_id, &state.query.document)

@@ -1,3 +1,4 @@
+// Endpoint handlers
 pub mod connections;
 pub mod documents;
 pub mod profiles;
@@ -14,14 +15,15 @@ use axum::{
 use connections::{get_connection, get_connections, post_connections};
 use documents::{get_document, get_documents};
 use services::{linked_vp::linked_vp, service, services};
+use std::sync::Arc;
 use well_known::{did::did, did_configuration::did_configuration};
 
 use crate::{
     identity::profiles::{get_profile, patch_profile},
     API_VERSION,
 };
 
-pub fn router(identity_state: IdentityState) -> Router {
+pub fn router(identity_state: Arc<IdentityState>) -> Router {
     Router::new()
         .nest(
             API_VERSION,