🏠 Overview 🧩 Components 🧩 Org Scope JWT Resolver

Org Scope JWT Resolver

Component Detail

Infrastructure medium complexity Shared Component backend
0
Dependencies
2
Dependents
1
Entities
0
Integrations

Description

Extracts and validates the organization scope claim from the admin's JWT at request time, determining the highest organization level the user can access. Used by hierarchy and access control services to parameterize row-level security policies without additional database round-trips.

Feature: Multi-Organization Hierarchy

org-scope-jwt-resolver

Responsibilities

  • Parse JWT and extract organization scope claim
  • Validate claim integrity and token expiry
  • Resolve Global Admin role to unrestricted scope sentinel
  • Provide resolved scope to downstream services as a typed object

Interfaces

resolveScope(jwtToken): OrgScope
extractOrgClaim(jwtToken): string | null
isGlobalAdminToken(jwtToken): boolean
validateToken(jwtToken): boolean
getExpiresAt(jwtToken): Date

Relationships

Dependents (2)

Components that depend on this component

service Hierarchy Service service Hierarchy Access Control Service

Related Data Entities (1)

Data entities managed by this component

Organization 17 fields core