Auth (Backend)¶
This section covers the backend implementation of authentication and multi-tenancy in PetFolio Service. For cross-cutting concepts (claim contract, OAuth flow, token lifecycle, user flow diagrams), see the Auth and Multi-Tenancy overview.
Design decisions
For the full rationale, alternatives considered, and security analysis, see ADR-001: Authentication and Multi-Tenancy.
What is built¶
These components exist in the codebase today and are covered in detail in the sub-pages.
| Component | Layer | Responsibility | Sub-page |
|---|---|---|---|
ICurrentUserService |
Domain | Interface: UserId, Email, IsAuthenticated |
Claims and Identity |
ITenantProvider |
Domain | Interface: AccountId |
Multi-Tenancy |
IClaimsPrincipalAccessor |
Domain | Abstraction over how the ClaimsPrincipal is accessed |
Claims and Identity |
IMultiTenant |
Domain | Marks entities that are scoped to an account | Multi-Tenancy |
CurrentUserService |
Infrastructure | Implements ICurrentUserService + ITenantProvider by reading claims |
Claims and Identity |
HttpContextClaimsPrincipalAccessor |
API | Bridges HttpContext.User to IClaimsPrincipalAccessor |
Claims and Identity |
PetfolioDbContext |
Infrastructure | Global query filters + SaveChangesAsync account stamping |
Multi-Tenancy |
AuthProvider value object |
Domain | Stores which OAuth provider a user registered with | Key Concepts |
TestCurrentUserService |
Tests | Stub for integration tests | Testing |
Sub-pages¶
| Page | What it covers |
|---|---|
| Claims and Identity | How an HTTP request becomes typed user properties (UserId, Email, IsAuthenticated) |
| Multi-Tenancy | How the database isolates data per account using query filters and account stamping |
| Testing | How to test auth and tenancy: stubs, mocks, and integration patterns |