Definable uses JSON Web Tokens (JWT) as the primary authentication mechanism, providing a stateless, secure way to verify user identity across API requests.
JSON Web Tokens are an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.In Definable, JWTs are used to:
Authenticate users after login
Maintain session state without server-side storage
Pass user identity information securely between services
JWTs work in conjunction with the Role-Based Access Control (RBAC) system:
The JWT establishes user identity
The RBAC middleware uses this identity to determine:
The userβs role in the requested organization
Permissions associated with that role
Whether the user can perform the requested action
Copy
@app.get("/api/protected")async def protected_route( user: dict = Depends(RBAC("resource", "action"))): # If execution reaches here, the user is authenticated # and authorized to access this endpoint return {"message": "You have access", "user_id": user["id"]}