23 lines
619 B
Markdown
23 lines
619 B
Markdown
# Security Model
|
|
|
|
## Principles
|
|
|
|
- Tokens are internal-only and never exposed to untrusted clients directly.
|
|
- Permissions are centrally managed in the gateway.
|
|
- Providers only validate identity; they do not set sessions or permissions.
|
|
|
|
## JWTs
|
|
|
|
- Access tokens are short-lived and contain minimal claims.
|
|
- Refresh tokens are stored hashed and revocable.
|
|
|
|
## Multi-tenant isolation
|
|
|
|
- User membership is scoped by tenant.
|
|
- Roles and permissions are evaluated per tenant.
|
|
|
|
## Operational safeguards
|
|
|
|
- Rotate JWT secrets regularly.
|
|
- Use TLS in production.
|
|
- Enable HTTP-only cookies for refresh tokens when needed.
|