@@ -220,6 +220,11 @@ Login flow:
|
||||
```http
|
||||
Authorization: Bearer <access_token>
|
||||
```
|
||||
3. Optional whoami/debug check: call `GET /api/auth/me` with the bearer token to view current JWT identity/role claims.
|
||||
|
||||
Auth audit logging:
|
||||
- vCTP emits structured `auth_audit` log events for login decisions, token validation denials, and role authorization denials.
|
||||
- Logs include request metadata and decision reason, but do not log credentials or raw bearer tokens.
|
||||
|
||||
Auth modes:
|
||||
- `settings.auth_mode: disabled`: middleware bypassed.
|
||||
|
||||
Reference in New Issue
Block a user