Account / Identity
Intent
Keep authentication and identity state correct, observable, and isolated from other bounded contexts.
Boundaries
-
Treat identity as a separate context: other modules depend on identity signals/tokens, not on Firebase Auth types.
-
Do not leak platform objects (Firebase User, JWT claims) into Domain models.
Signal-First Auth State
-
Represent the current session as signals (user, isAuthenticated, userId, claims).
-
Convert Observable streams to signals at the store/facade boundary.
-
Ensure cleanup is automatic (use Angular signal interop helpers and lifecycle-aware patterns).
Authorization
-
Prefer explicit permissions signals (e.g., canReadWorkspace, canManageMembers) derived from claims/membership.
-
Keep permission rules centralized (one store/service), not duplicated across components.
Routing
-
Use functional guards and inject() .
-
Guard by signals (not by async subscribe-in-guard side effects).
Error Handling
-
Map provider errors (Firebase/HTTP) to app-level error types before exposing to UI.
-
UI should render stable error states; avoid throwing raw platform errors.
Security Checklist
-
Never rely on the client for authorization.
-
Treat security rules / server checks as the enforcement mechanism.
-
Avoid persisting secrets in source code; use environment configuration.