Skip to main content

TenantResolver

plexus_auth_core::tenant::resolver

Trait TenantResolver 

Source 
pub trait TenantResolver:
    Send
    + Sync
    + 'static {
    // Required method
    fn resolve<'life0, 'life1, 'async_trait>(
        &'life0 self,
        auth: &'life1 AuthContext,
    ) -> Pin<Box<dyn Future<Output = Result<Tenant, TenantError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Derives a sealed Tenant for an authenticated caller.

Backends register one resolver per hub via the hub builder (with_tenant_resolver); the framework invokes it once per request at dispatch entry, post-authentication and pre-method-scope-check.

§Failure handling

A TenantError result is converted by the dispatch layer to AuthzError::Forbidden { reason: TenantBoundary }; the underlying variant is captured in the AuditRecord (with AuditDenyReason::TenantBoundary) for operator investigation. The wire response is the generic forbidden error — no information is leaked about whether the failure was a missing claim, a backend lookup miss, or a malformed identifier.

§Bounds

The Send + Sync + 'static bounds are required by the framework’s dispatch invocation pattern; the resolver is shared as an Arc<dyn TenantResolver> across all concurrent requests.

Required Methods§

Source

fn resolve<'life0, 'life1, 'async_trait>( &'life0 self, auth: &'life1 AuthContext, ) -> Pin<Box<dyn Future<Output = Result<Tenant, TenantError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Derive the tenant for the verified caller.

Implementations should:

  • Return Ok(Tenant) when the caller resolves cleanly.
  • Return Err(TenantError::UnresolvedFromAuthContext) when no tenant can be derived (anonymous caller, missing claim, empty lookup) — this is the typical denial path.
  • Return Err(TenantError::BackendResolverFailed(...)) when an internal lookup mechanism failed (database error, upstream service timeout, etc.).

The Ok value is constructed through this crate’s framework- internal helpers (mint_tenant_from_str, crate-private), which validate and seal the value. Resolver implementations therefore cannot bypass the validation rules pinned on Tenant.

Implementors§