go/httpauth-firebase
1
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity
Files
d1de096c72272ddb35387e1210d31b7570a84a3e
httpauth-firebase/docs/adr/ADR-001-provider-specific-naming.md
Rene Nochebuena d1de096c72 docs(httpauth-firebase): fix rbac tier reference from 1 to 0 
rbac is a Tier 0 module (no micro-lib dependencies). The dependency line
incorrectly cited it as Tier 1. The module's own tier (4) is unchanged —
it remains the auth layer above the transport infrastructure.
2026-03-19 13:44:45 +00:00

2.3 KiB
Raw Blame History

ADR-001: Provider-Specific Module Naming (httpauth-firebase)

Status: Accepted Date: 2026-03-18

Context

An auth middleware module originally named httpauth was designed to be provider-agnostic: it defined a TokenVerifier interface and duck-typed firebase.Client so the module never imported Firebase directly. The intent was that any JWT provider could be supported by implementing TokenVerifier.

Under global ADR-001, framework modules import their named dependencies directly rather than duck-typing them away. An auth module for Firebase should import firebase.google.com/go/v4/auth directly, since that is its explicit purpose. This raises the naming question: if the module imports Firebase, should it still be called httpauth?

Decision

The module is named httpauth-firebase:

  • Go module path: code.nochebuena.dev/go/httpauth-firebase
  • Directory: micro-lib/httpauth-firebase/
  • Package name: httpauth (short import alias; the module path carries the provider name)

A different auth provider would live in httpauth-auth0, httpauth-jwks, etc. All httpauth-* modules converge on the same output contract: rbac.Identity stored in context via rbac.SetInContext.

The TokenVerifier interface is retained solely for unit-test mockability — not for provider abstraction. In production, *auth.Client from firebase.google.com/go/v4/auth satisfies TokenVerifier directly without any adapter.

Consequences

  • The module name is honest: scanning the module list, a developer immediately knows this is Firebase-specific and not a generic auth abstraction.
  • Other auth providers are accommodated by creating sibling modules (httpauth-auth0, etc.) with identical output contracts, not by implementing an interface in this module.
  • The TokenVerifier interface remains exported so test code outside the package can implement it (mockVerifier in compliance_test.go). Its presence does not imply that swapping providers at runtime is a supported pattern.
  • Applications that switch from Firebase to another provider replace the module import; the rest of the auth stack (EnrichmentMiddleware, AuthzMiddleware) and all business logic remain unchanged because they depend on rbac.Identity, not on Firebase types.
Reference in New Issue View Git Blame Copy Permalink