new changes
This commit is contained in:
Niranjan
24
architecture/2026/12-identity-phase-implementation.md
Normal file
24
architecture/2026/12-identity-phase-implementation.md
Normal file
@@ -0,0 +1,24 @@
|
||||
# Phase 2 Implementation: Identity Core
|
||||
|
||||
## Delivered
|
||||
- Identity route group in `panel-api/routes/api_v1/identity.php`.
|
||||
- Controllers for auth, tenants, and RBAC module boundaries:
|
||||
- `AuthController`
|
||||
- `TenantController`
|
||||
- `RbacController`
|
||||
- Scope evaluator service for allow/deny decision logic:
|
||||
- `ScopeEvaluator::isAllowed(...)`
|
||||
- Identity schema additions:
|
||||
- `api_tokens`
|
||||
- `sessions`
|
||||
- `mfa_factors`
|
||||
|
||||
## Behavior Contract
|
||||
- Every protected endpoint requires bearer auth middleware.
|
||||
- Access checks are explicit through RBAC grant evaluation.
|
||||
- Session/token tables support rotation, revocation, and forensic tracking.
|
||||
|
||||
## Next phase options
|
||||
- Wire persistent Eloquent models and form requests.
|
||||
- Add tenant-aware middleware that injects active tenant context.
|
||||
- Replace placeholder auth responses with JWT + refresh token issue/rotation.
|
||||
Reference in New Issue
Block a user