Auth Identity and Actor Types

In this document, you’ll learn about concepts related to identity and actors in the Auth Module.

What is an Auth Identity?#

The AuthIdentity data model represents a registered user.

When a user is registered, a record of AuthIdentity is created. This record is used to validate the user’s authentication in future requests.

Actor Types#

An actor type is a type of user that can be authenticated. This user is a record of a data model defined by a module.

For example, the customer actor type belongs to the Customer Module’s Customer data model. Similarly, the user actor type belongs to the User Module’s User data model.

Protect Routes by Actor Type#

When you protect routes with the authenticate middleware, you specify in its first parameter the actor type that must be authenticated to access the specified API routes.

For example:

src/api/middlewares.ts
1import { 2  defineMiddlewares,3  authenticate,4} from "@medusajs/medusa"5
6export default defineMiddlewares({7  routes: [8    {9      matcher: "/custom/admin*",10      middlewares: [11        authenticate("user", ["session", "bearer", "api-key"]),12      ],13    },14  ],15})

By specifying user as the first parameter of authenticate, only authenticated users of actor type user (admin users) can access API routes starting with /custom/admin.

Custom Actor Types#

You can define custom actor types that point to the data model of your module.

For example, if you have a custom module with a Manager data model, you can authenticate managers with the manager actor type.

Learn how to create a custom actor type in this guide.