Identity Model — Aquilia Documentation
Comprehensive guide and documentation for Identity Model in the Aquilia framework. View API reference, examples, and implementation patterns.
Security & Auth / Identity Identity & Credentials Deep dive into credential types — passwords (Argon2id), API keys (scoped, rate-limited), and how they map to the Identity frozen dataclass. Identity Methods Identity is a frozen dataclass — immutable after creation. It provides convenience methods for attribute access, permissions, and serialization. from aquilia.auth.core import Identity, IdentityType, IdentityStatus identity = Identity( id="user_42", type=IdentityType.USER, attributes= , status=IdentityStatus.ACTIVE, tenant_id="org_1", ) # Attribute access identity.get_attribute("email") # "alice@example.com" identity.get_attribute("missing") # None identity.get_attribute("missing", "default") # "default" # Role / scope checks identity.has_role("admin") # True identity.has_role("superadmin") # False identity.has_scope("read") # True identity.has_scope("admin:write") # True # Status checks identity.is_active() # True (ACTIVE) # Also checks: SUSPENDED → False, DELETED → False, PENDING → False # Serialization data = identity.to_dict() restored = Identity.from_dict(data) PasswordCredential The PasswordCredential manages authentication secrets for interactive users using modern hashing. from aquilia.auth.core import PasswordCredential cred = PasswordCredential( identity_id="user_42", password_hash="$argon2id$v=19$m=65536,t=3,p=4$...", algorithm="argon2id", # primary hasher must_change=False, ) # Check rotation policy (default: 90 days) if cred.should_rotate(max_age_days=90): # Prompt user to change password ... # Touch on successful login — updates last_used_at cred.touch() # Serialization data = cred.to_dict() ApiKeyCredential The ApiKeyCredential facilitates secure machine-to-machine client validations with customizable rate limits and scopes. from aquilia.auth.core import ApiKeyCredential # Key format: ak_ _ # Example: ak_live_1234567890abcdef key = ApiKeyCredential( identity_id="service_7", key_id="key_abc123", key_hash="sha256:...", # SHA-256 of the raw key prefix="ak_live_", # First 8 chars for identification scopes=["read:users", "write:orders"], rate_limit=100, # 100 requests per minute expires_at=None, # Never expires (or set a datetime) ) # Security checks key.is_expired() # False key.has_scope("read:users") # True # Keys are hashed before storage — raw key only shown once at creation Identity Types Aquilia natively supports different types of entities accessing the platform. Each type has specialized lifecycles and authentication workflows: , , , , ].map((item, i) => ( ))} Identity Status Status Meaning ))} )
Go to Homepage