Skip to content

Auth Context#431

Open
devhawk wants to merge 15 commits into
mainfrom
devhawk/auth
Open

Auth Context#431
devhawk wants to merge 15 commits into
mainfrom
devhawk/auth

Conversation

@devhawk

@devhawk devhawk commented Jun 12, 2026

Copy link
Copy Markdown
Collaborator

Adds authentication context (authenticatedUser, assumedRole, authenticatedRoles) as a first-class concept throughout the workflow execution stack, so that identity established at the entry point is automatically carried through to child workflows, queued execution, and recovery.

New APIs:

  • DBOS.authenticatedUser(), DBOS.assumedRole(), DBOS.authenticatedRoles() — static accessors to read auth context from within a running workflow
  • WorkflowOptions.withAuthentication(user, roles) / .withAuthenticatedUser() / .withAssumedRole() / .withAuthenticatedRoles() — set auth when starting a workflow inline
  • DBOSClient.EnqueueOptions.withAuthentication(user, roles) / .withAuthenticatedUser() / .withAssumedRole() / .withAuthenticatedRoles() — set auth when enqueueing remotely
  • StartWorkflowOptions gains the same three auth fields

Propagation

  • Auth fields stored in DBOSContext and carried forward when spawning child workflows (both direct invocation and startWorkflow)
  • Auth fields written to the workflow status row at persist time and restored on recovery, so identity is durable across crashes
  • Enqueued workflows carry auth through to dequeue and execution

@devhawk devhawk requested review from kraftp, maxdml and qianl15 June 12, 2026 00:21
@devhawk devhawk linked an issue Jun 12, 2026 that may be closed by this pull request
Auth Support #167
Open
kraftp
kraftp reviewed Jun 12, 2026
View reviewed changes
Comment thread transact/src/main/java/dev/dbos/transact/context/DBOSContext.java Outdated
kraftp
kraftp reviewed Jun 12, 2026
View reviewed changes
Comment thread transact/src/main/java/dev/dbos/transact/context/WorkflowOptions.java
this.timeout,
this.deadline,
Field.of(null),
this.assumedRole,

@kraftp kraftp Jun 12, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this clear the roles?

@devhawk devhawk Jun 13, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah it should also clear assumedRole

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kraftp kraftp kraftp approved these changes

@maxdml maxdml Awaiting requested review from maxdml

@qianl15 qianl15 Awaiting requested review from qianl15

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Auth Support

2 participants

@devhawk @kraftp