export interface IToken {
  token: string;
  expiresAt: number;
  assignedRoles: string[];
}

/**
 * an identity is assumed by authentication as a user
 * an identity is ephemeral and has to be renewed regularly
 */
export interface IIdentity {
  name: string;
  userId: string;
  type: 'machine' | 'human';
  role: 'admin' | 'user' | 'api' | 'cluster';
  expiresAt: number;
  /** the jwt token should contain above data for verification */
  jwt: string;
}

export interface IUser {
  id: string;
  data: {
    type: 'machine' | 'human';
    role: 'admin' | 'user' | 'api' | 'cluster';
    username?: string;
    password?: string;
    tokens?: IToken[];
  }
}