Authentication
Identity Model
The identity service is the source of truth for authentication, distributor provisioning, customer identity, roles, and downstream JWT claims.
Current JWT Claims
Downstream authorization depends on explicit claims including:
roleaccount_typedistributor_idvip_enabled- the user subject identifier
Authorization Controls
| Surface | Control |
|---|---|
| Distributor-only actions | JWT role=distributor plus account_type=distributor |
| Moderator review | JWT role=moderator |
| Service-to-service actions | X-S2S-Token validated against S2S_WEBHOOK_SECRET |
| WebSockets | Bearer-token validation before accepting session access |
Production Secret Requirements
Production mode rejects development fallbacks and requires explicit configuration for:
APP_SECRET_KEYJWT_SECRET_KEYS2S_WEBHOOK_SECRETCHAT_ENCRYPTION_KEY
Handover Notes
- Historical seed-domain modules related to influencer/referral flows remain in the identity repository, but they are not part of the active WHOT runtime surface.
- Administrative access must remain role-based. Email addresses are not a valid substitute for privilege checks.