Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotServiceActor = apperror.Authorization("This operation requires a service actor.") ErrNotAdminActor = apperror.Authorization("This operation requires an admin actor.") ErrAuthenticationRequired = apperror.Authentication("Authentication required.") ErrInsufficientTokenScope = apperror.Authentication("Insufficient token scope.") ErrInsufficientPermissions = apperror.Authorization("Insufficient permissions.") )
Functions ¶
Types ¶
type Actor ¶
type Actor struct {
ID uuid.UUID
Type ActorType
ClientID string
Scopes []string
Permissions []string
IsAdmin bool
Locale string
}
Actor is the authenticated caller's security context passed into use cases. Populated by the interface layer (HTTP, Console, gRPC, etc.) after authentication.
Type distinguishes human users from automated service callers.
Scopes define what the credential is permitted to do. A standard interactive login carries broad default scopes (full access to own resources). A restricted credential carries only explicitly granted scopes.
Permissions define what the actor itself is permitted to do, regardless of the credential. Populated for user actors from the identity provider. Always empty for service actors.
IsAdmin is true when the actor holds the service-wide admin realm role. Locale is the user's preferred locale from the JWT locale claim (e.g. "en-US"). Empty for service actors.
func ActorFromContext ¶
ActorFromContext retrieves the authenticated Actor from the context, or returns nil if not present.