Identity Backend Template — Agent handbook¶
Role: User directory — accounts, roles, claims, profile APIs, interactive flows.
Not for: OAuth2/OIDC token server surface (use Authorization Server for issuance / clients / JWKS).
Canonical spec: ConnectSoft.Documentation — Identity
Split Identity vs Authorization Server¶
| Concern | Identity Backend | Authorization Server |
|---|---|---|
| User store / passwords | Yes | Integrates |
| Roles & claims data | Yes | Issues into tokens |
/connect/token, clients, signing keys |
No | Yes |
Agents must not merge these into one “auth blob” in prompts unless the product explicitly does.
Composition¶
- Submodule:
base-template/ - DI:
IdentityMicroserviceRegistration(name may vary) on top ofMicroserviceRegistrationBase
Blueprint hints¶
template: connectsoft-identity
user_store: relational # verify generated stack
mfa: TOTP # if blueprint demands
external_providers: [OpenIdConnect, ...]
Upstream / downstream agents¶
- Security Architect — threat model for credential storage
- Microservice Generator — services consume tokens minted by Auth Server
- API Gateway — validates JWT; may call profile APIs
Topic index (agents)¶
Start with Architecture and Authentication, then Parameters.