Auth
Auth is the centralized authentication and authorization hub for the Samna ecosystem. It handles user management, OAuth flows, claims based access control, and token issuance for all Samna services and applications.
The service manages the full identity lifecycle from user registration and invitation through to session management and fine grained permission control across organizations and locations.
How It Works
Every service in the Samna ecosystem authenticates through Auth. Users sign in through OAuth providers or internal credentials, receive JWT tokens, and those tokens are validated by downstream services using the published JWKS endpoint. Access control is managed through a hierarchical claims system scoped to organizations and locations.
| Concept | What it does |
|---|---|
| User | A person or system identity in the platform |
| Organization | A company or tenant, the top of the hierarchy |
| Location | A physical site within an organization |
| Claim | A permission with an access level, the core of authorization |
| App | A registered application with OAuth configuration |
| Provider | An OAuth or OIDC identity provider |
| Client | Service to service credentials |
| Activation | Invitation and password reset codes |
| Module | A functional module within an organization |
| Asset | Media files attached to organizations and locations |
| Audit | Operation log for all changes |
Auth Flow
User → Auth (OAuth/login) → JWT token
Services → Auth Middleware → fetches JWKS from Auth → validates locally