As title is suggesting, I am interested in general opinion on where is the best to put all security related code(like code for JWT, standard authentication, etc.)
I am thinking about it quite a while and I do not have a clue what should be suitable place for this.
Does somebody has any experience with this. What is for you correct place for this, according to DDD?
As mentioned by @inf3rno in Access Control in Domain Driven Design, Vaughn Vernon briefly touches upon this in his book Implementing Domain-Driven Design.
Security and permissions should be centralized in its own bounded context, which is then used by other bounded contexts. Have a look at the Identity Access bounded context for inspiration, but I recommend following Schneier's Law, which states that you should not build your own security system.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments