25 lines
857 B
Markdown
25 lines
857 B
Markdown
# Phase 2 Implementation: Identity Core
|
|
|
|
## Delivered
|
|
- Identity route group in `panel-api/routes/api_v1/identity.php`.
|
|
- Controllers for auth, tenants, and RBAC module boundaries:
|
|
- `AuthController`
|
|
- `TenantController`
|
|
- `RbacController`
|
|
- Scope evaluator service for allow/deny decision logic:
|
|
- `ScopeEvaluator::isAllowed(...)`
|
|
- Identity schema additions:
|
|
- `api_tokens`
|
|
- `sessions`
|
|
- `mfa_factors`
|
|
|
|
## Behavior Contract
|
|
- Every protected endpoint requires bearer auth middleware.
|
|
- Access checks are explicit through RBAC grant evaluation.
|
|
- Session/token tables support rotation, revocation, and forensic tracking.
|
|
|
|
## Next phase options
|
|
- Wire persistent Eloquent models and form requests.
|
|
- Add tenant-aware middleware that injects active tenant context.
|
|
- Replace placeholder auth responses with JWT + refresh token issue/rotation.
|