Garment.id
🇺🇸 English
  • 🇮🇩 Indonesian
  • 🇺🇸 English
Home
Core APITenant APISupport CenterChangelog
Home
Core APITenant APISupport CenterChangelog
Github
Instagram
|
🇺🇸 English
  • 🇮🇩 Indonesian
  • 🇺🇸 English
🇺🇸 English
  • 🇮🇩 Indonesian
  • 🇺🇸 English
  1. Home
  • Introduction
  • 01 - Project Structure
  • 02 - Context Boundaries
  • 03 - Central Auth Runtime
  • 04 - Central Billing
  • 05 - Tenant Runtime
  • 06 - FE Integration Contracts
  • 07 - Security, Middleware, and RLS
  • 08 - Events, Jobs, Listeners, Notifications, Observers
  • 09 - Testing and Quality Gates
  • 10 - Operations Runbook
  • 11 - Architecture Decisions (ADR Ringkas)
  • 12 - API Endpoint Catalog (v1)
  • 13 - Class Catalog by Context
  • 14 - Feature Development Playbook
  • 15 - Migration and Model Conventions
  • 16 - Service, Support, and Trait Contracts
  • 17 - Auth Business Scenarios and Decision Tree
  • 18 - Config Reference and Impact
  • 19 - Migration and Model Cookbook
  • 20 - Billing and Provisioning Business Flows
  • 21 - FE Error Handling Matrix
  • 22 - Incident Playbooks
  • 23 - Data Ownership Matrix
  • 24 - Documentation Governance and Changelog
  • 25 - Tenant Authorization Backend Guide
Home
Core APITenant APISupport CenterChangelog
Home
Core APITenant APISupport CenterChangelog
Github
Instagram
|
🇺🇸 English
  • 🇮🇩 Indonesian
  • 🇺🇸 English
🇺🇸 English
  • 🇮🇩 Indonesian
  • 🇺🇸 English
  1. Home

17 - Auth Business Scenarios and Decision Tree

Dokumen ini merangkum skenario bisnis auth yang paling sering terjadi beserta keputusan implementasinya.

Scenario Map#

Core Scenarios#

1. User Login Standard#

Flow:
1.
POST /api/v1/auth/login
2.
optional 2FA challenge jika policy aktif
3.
untuk user multi-tenant: POST /api/v1/auth/select-tenant
4.
GET /api/v1/auth/me untuk bootstrap FE state

2. Token Refresh#

Flow:
1.
FE detect access token expired
2.
POST /api/v1/auth/refresh
3.
jika refresh success: retry request
4.
jika refresh gagal: force logout + redirect login

3. Suspicious Auth Activity#

Trigger umum:
refresh token replay
device fingerprint mismatch
repeated invalid refresh attempts
Aksi:
log activity
optional notification ke user/admin
invalidasi sesi sesuai policy

4. Password and Step-up Protected Action#

Flow:
1.
endpoint sensitif minta password.confirmed atau stepup.confirmed
2.
FE jalankan confirm flow
3.
request sensitif dieksekusi ulang

5. Tenant Context Mismatch#

Kondisi:
X-Tenant-ID tidak sama dengan tenant pada token
Expected result:
403 FORBIDDEN dengan code yang sesuai
FE harus reset context dan minta user pilih tenant ulang

Decision Tree for New Auth Endpoint#

FE Integration Rules#

gunakan GET /auth/me sebagai sumber state user + authz.
jangan hardcode permission di FE tanpa authz payload.
selalu log request_id saat error agar trace backend cepat.

Test Scenarios (Minimum)#

Untuk endpoint auth baru minimal cover:
success path
unauthorized
forbidden (ability/context)
validation error
regression pada refresh/logout flow

Related Docs#

docs/03-central-auth-runtime.md
docs/06-fe-integration-contracts.md
docs/07-security-middleware-and-rls.md
docs/11-architecture-decisions.md
Diubah pada 2026-03-03 22:25:30
Sebelumnya
16 - Service, Support, and Trait Contracts
Berikutnya
18 - Config Reference and Impact
Built with