Authentication

Authentication/authorization are inherited from the Base Template. Tenant resolution is core to this service since it owns the tenant registry.

Tenant context

Resolved via TenantResolutionStrategy (ConfigurationFirstThenJwtThenHeaders):

• JWT claim tid, HTTP header X-Tenant-Id, messaging header tenant-id.

The resolved tenant feeds the NHibernate SaasTenantFilter and outbound MassTransit messages. gRPC propagates tenant-id metadata per ADR-0100; Tenants adds TenantGrpcServerInterceptor.

Note

Tenant creation operations register new partitions and have different scoping considerations than ordinary tenant-scoped reads. The grain (TenantLifecycleGrain) validates that the operation's TenantId matches the grain key.

See also

• Configuration
• Base Template