My App
ServiceIdentity

Database ownership của Identity

Schema/table ownership của Go Identity Service và rule boundary cross-service.

Database ownership của Identity

Schema owner

Identity Service owns schema:

identity

Go migrations nằm trong identity-service/db/migration.

Tables chính

Confirmed từ migrations:

TableIdentity sở hữu gì
identity.accountaccount, profile auth cơ bản, status
identity.credentialcredential, password/OAuth/magic-link record
identity.workspaceworkspace dùng cho auth membership
identity.workspace_membermember trong workspace
identity.branchbranch metadata cho auth context
identity.branch_memberbranch membership
identity.auth_sessionlogin session, refresh rotation, branch scope

Roles/permissions tables

Confirmed từ migrations:

TableGhi chú
identity.permissionpermission catalog trong Identity schema
identity.rolerole theo workspace
identity.role_permissionrole-permission mapping
identity.member_rolemember-role mapping
identity.branch_member_rolebranch member role mapping
identity.workspace_groupworkspace group
identity.member_groupgroup membership
identity.group_permissiongroup-permission mapping

Current auth/token code đọc role codes để đưa vào token/response.

Session table

identity.auth_session columns confirmed:

  • id
  • workspace_id
  • account_id
  • member_id
  • active_branch_id
  • status
  • jti
  • revoked_at
  • expires_at
  • created_at
  • updated_at

Session status constraint:

ACTIVE, REVOKED, EXPIRED

Integration tables

Confirmed nhưng chưa document sâu trong batch này:

  • identity.audit_log
  • identity.outbox_event

Boundary rule

Identity owns auth/membership tables.

Other services must not query Identity DB directly.

Other services nhận context qua:

  • API Gateway trusted headers.
  • Internal APIs/events later, khi được thiết kế và đóng.

Không thuộc Identity

Identity không own:

  • setup status
  • current-context
  • entitlement/package/capability/navigation
  • quote/order/subscription/payment lifecycle

TODO

  • Chưa đóng: event/outbox contract.
  • Chưa đóng: policy rõ cho role/permission ownership khi Entitlement capability graph hoàn tất.

API Surface Identity

Endpoint hiện tại của Go Identity Service và trạng thái validation.

Token issuing

Account token, branch token, refresh token và JWKS của Go Identity Service.

On this page

Database ownership của IdentitySchema ownerTables chínhRoles/permissions tablesSession tableIntegration tablesBoundary ruleKhông thuộc IdentityTODO