{
    "href": "/post/2021/03/02/ddd-authentication-and-credential-exchange/",
    "relId": "2021/03/02/ddd-authentication-and-credential-exchange",
    "title": "DDD, Authentication, and Credential Exchange",
    "author": "pmjones",
    "tags": [
        {
            "href": "/tag/programming/",
            "relId": "programming",
            "title": "Programming",
            "author": null,
            "created": null,
            "updated": [],
            "markup": "markdown"
        },
        {
            "href": "/tag/php/",
            "relId": "php",
            "title": "PHP",
            "author": null,
            "created": null,
            "updated": [],
            "markup": "markdown"
        },
        {
            "href": "/tag/adr/",
            "relId": "adr",
            "title": "Action Domain Responder",
            "author": null,
            "created": "2020-08-17 21:07:42 UTC",
            "updated": [
                "2020-08-17 21:07:42 UTC",
                "2020-09-22 15:41:16 UTC",
                "2020-10-14 18:20:29 UTC",
                "2020-10-14 18:36:31 UTC",
                "2020-10-14 18:36:53 UTC",
                "2020-10-14 18:37:08 UTC",
                "2020-10-14 18:37:48 UTC",
                "2020-10-14 18:39:26 UTC",
                "2020-10-14 19:03:17 UTC",
                "2020-10-14 19:03:35 UTC",
                "2020-10-26 18:12:53 UTC"
            ],
            "markup": "markdown"
        },
        {
            "href": "/tag/ddd/",
            "relId": "ddd",
            "title": "Ddd",
            "author": null,
            "created": "2021-03-02 15:20:33 UTC",
            "updated": [
                "2021-03-02 15:20:33 UTC"
            ],
            "markup": "markdown"
        }
    ],
    "created": "2021-03-02 15:20:33 UTC",
    "updated": [
        "2021-03-02 15:20:33 UTC"
    ],
    "markup": "markdown",
    "html": "<p>In a typical <a href=\"https://archfirst.org/domain-driven-design-6-layered-architecture/\">DDD layered architecture</a>, the Application layer will almost\nalways need to know who is using it, even if only to help determine\nauthorization. This is not a problem of authentication per se. Instead, it is a\nproblem of taking the identification values provided by a prior authentication\n(such as a JWT or a session ID) and matching them to a Domain layer User object.\nFurther, the problem must be solved in a way that does not tie the Application\nor Domain layers to any particular Presentation (User Interface) layer.</p>\n<p>The <a href=\"https://github.com/pmjones/credential-exchange\">Credential Exchange</a> technique identifies the Domain layer User by passing\nthe identifying information from the Presentation (User Interface) layer into\nthe Application layer, and letting the Application layer coordinate the creation\nof the Domain layer User instance via Infrastructure implementations.</p>\n<p>This technique eliminates any Presentation (User Interface) layer logic related\nto discovering the Domain layer User; for example, there is no need for error handling and other\nconditionals. The Application layer can capture any errors from Domain layer\nUser identification into a Domain Payload for return back to the Presentation\nlayer. The Domain layer can continue to depend only on its own interfaces for\nUser modeling, independent of any other layer.</p>\n<p>The components and collaborations in this technique are essentially a\nspecialized variation on the <a href=\"https://barryvanveen.nl/blog/59-different-kinds-of-service-bus-command-bus-service-bus-and-query-bus\">Query Bus</a> pattern, with the Credential as a\nQuery, the CredentialExchange as a QueryBus, and the CredentialHandler as a\nQueryHandler.</p>\n<p>You can read more about the Credential Exchange technique <a href=\"https://github.com/pmjones/credential-exchange\">here</a>,\nincluding <a href=\"https://github.com/pmjones/credential-exchange/tree/master/src\">source code</a> examples.</p>\n"
}