Summary
Define and ratify the pluggable identity and access contract for GitStore by separating Authentication (AuthN), Authorization (AuthZ), and User Management (UserDir), with provider-driven runtime selection.
Scope
In Scope
- Canonical internal
Principal contract (subject, issuer, groups/roles/scopes, claims, auth method).
- Provider interfaces and capability model for AuthN, AuthZ, and UserDir.
- Config model for provider selection and execution order.
- Local, secure-local, and production reference profiles.
- Guardrails for explicit
authn=none mode.
- Decision record for GraphQL-first login surface and deprecation target for REST login.
Out of Scope
- End-to-end implementation of every external provider adapter.
- Full user-account UX flows.
- Migration/backward compatibility guarantees (alpha stage).
Acceptance Criteria
Dependencies
Implementation Plan
- Finalize contract document and ADR.
- Define configuration schema additions (
authn, authz, userdir).
- Define capability validation rules at startup.
- Define migration sequence for resolver/service auth checks.
Tracking
- Design doc:
docs/implementation/pluggable_auth_design.md
- Follow-up implementation initiative will depend on this item.
Summary
Define and ratify the pluggable identity and access contract for GitStore by separating Authentication (AuthN), Authorization (AuthZ), and User Management (UserDir), with provider-driven runtime selection.
Scope
In Scope
Principalcontract (subject,issuer, groups/roles/scopes, claims, auth method).authn=nonemode.Out of Scope
Acceptance Criteria
Principalcontract is documented and approved.authn,authz, anduserdirwith capability flags.local,secure-local,production).authn=noneconstraints are documented (explicit opt-in + production guardrail).Dependencies
Implementation Plan
authn,authz,userdir).Tracking
docs/implementation/pluggable_auth_design.md