38 lines
1.5 KiB
C#
38 lines
1.5 KiB
C#
namespace Gateway.Security;
|
|
|
|
/// <summary>
|
|
/// Holds authenticated identity information for the current request.
|
|
/// Populated by MultiProviderAuthMiddleware.
|
|
/// </summary>
|
|
public sealed class ClientContext
|
|
{
|
|
public string? SessionId { get; set; }
|
|
public string? ClientId { get; set; } // OID (JWT) or platform client ID (session)
|
|
public string? TenantId { get; set; }
|
|
public string? ClientName { get; set; }
|
|
public string? ClientCategory { get; set; }
|
|
public string? UserId { get; set; }
|
|
public string? Email { get; set; }
|
|
public string? Role { get; set; }
|
|
public bool IsDevBypass { get; set; }
|
|
public string? AuthProvider { get; set; }
|
|
|
|
/// <summary>
|
|
/// Raw Entra Object ID (oid claim) — always set for Microsoft tokens.
|
|
/// Used for identity and activity logging. Distinct from ClientId which may fall
|
|
/// back to sub for tokens where oid isn't surfaced as a named claim.
|
|
/// </summary>
|
|
public string? EntraOid { get; set; }
|
|
|
|
/// <summary>
|
|
/// True when the token was issued by the standard Entra (staff) tenant.
|
|
/// </summary>
|
|
public bool IsStaff { get; set; }
|
|
|
|
/// <summary>True if we have a valid ClientId.</summary>
|
|
public bool IsAuthenticated => !string.IsNullOrWhiteSpace(ClientId);
|
|
|
|
/// <summary>True if this is an admin session (IsStaff + Role set).</summary>
|
|
public bool IsAdmin => IsStaff && !string.IsNullOrWhiteSpace(Role);
|
|
}
|