#ifndef OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP
#define OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP

#include <string>

namespace oatpp_authkit {

/**
 * @brief Library-owned authenticated-user value.
 *
 * Intentionally decoupled from any consumer-specific DTO so the library
 * stays portable. Consumers translate from their own UserDto (or whatever)
 * into this struct inside their IAuthBackend implementation.
 */
struct AuthPrincipal {
    /// Stable numeric id from the user store. NOTE (authkit#16 L-1): this is an
    /// `int`, so it only round-trips numeric ids. A store keyed on UUIDs / other
    /// non-numeric ids must not stuff them here — `requireUser` rejects a
    /// non-numeric bundle id with 401. Carry such identities in `username` (or
    /// extend this struct) instead.
    int         id{0};
    std::string username;
    std::string role;         ///< Arbitrary string; policy decides what "admin"/"readonly" mean.
};

} // namespace oatpp_authkit

#endif