Interface: ServicePrincipal
Interface: ServicePrincipal
Defined in: auth-shared/src/jwt/principals.ts:61
Machine-to-machine principal. Set on req.user when the caller is a
service account (token issued by /oauth/token client_credentials).
Services carry no email, no org membership, no role list. They carry an
opaque clientId and an explicit scopes array. Downstream code should
branch on kind rather than try to treat user and service uniformly.
Properties
clientId
clientId:
string
Defined in: auth-shared/src/jwt/principals.ts:65
e.g. ‘rm-prod-abc123’
jti?
optionaljti?:string
Defined in: auth-shared/src/jwt/principals.ts:74
JWT ID — used for per-request revocation checks.
kind
kind:
"service"
Defined in: auth-shared/src/jwt/principals.ts:62
scopes
scopes:
string[]
Defined in: auth-shared/src/jwt/principals.ts:71
e.g. [‘permissions:register’, ‘users:read’]
serviceName?
optionalserviceName?:string
Defined in: auth-shared/src/jwt/principals.ts:68
Optional friendly name if the auth server put it in the claims.