Struct AuthContext 

pub struct AuthContext {
    pub user_id: String,
    pub session_id: String,
    pub roles: Vec<String>,
    pub metadata: Value,
}

Per-connection authentication context, populated during WS upgrade.

This context is extracted from HTTP cookies (or other auth mechanisms) during the WebSocket handshake and attached to the connection. Every RPC call on that connection has access to this context.

Multi-tenancy with Keycloak

When using Keycloak for multi-tenancy, the AuthContext typically contains:

• user_id: Keycloak user ID (sub claim from JWT)
• session_id: Keycloak session ID
• roles: User roles within the tenant/realm
• metadata: Additional JWT claims (realm, tenant ID, custom attributes)

Fields

user_id: String

User identifier (e.g., Keycloak sub claim, user UUID)

session_id: String

Session identifier (e.g., Keycloak session ID)

roles: Vec<String>

User roles (e.g., [“user”, “admin”], Keycloak realm roles)

metadata: Value

Additional metadata (e.g., JWT claims, tenant/realm info, custom attributes) For Keycloak multi-tenancy, this typically includes:

• realm: Keycloak realm name
• tenant_id: Organization/tenant identifier
• Any custom claims from the JWT token

Implementations

impl AuthContext

pub fn new( user_id: String, session_id: String, roles: Vec<String>, metadata: Value, ) -> Self

Create a new AuthContext

pub fn anonymous() -> Self

Create an anonymous/unauthenticated context

This can be used as a fallback when methods accept Option<&AuthContext> and no authentication was provided.

pub fn is_authenticated(&self) -> bool

Check if this context represents an authenticated user

pub fn has_role(&self, role: &str) -> bool

Check if the user has a specific role

pub fn get_metadata_string(&self, key: &str) -> Option<String>

Get a metadata field as a string

pub fn tenant(&self) -> Option<String>

Get the tenant/realm from metadata (Keycloak multi-tenancy)

Trait Implementations

impl Clone for AuthContext

fn clone(&self) -> AuthContext

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuthContext

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AuthContext

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl JsonSchema for AuthContext

fn schema_name() -> Cow<'static, str>

The name of the generated JSON Schema.

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type.

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type.

fn inline_schema() -> bool

Whether JSON Schemas generated for this type should be included directly in parent schemas, rather than being re-used where possible using the $ref keyword.

impl Serialize for AuthContext

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.