using Invercargill.DataStructures;
using Invercargill;

namespace Spry.Authorisation {

    /**
     * Interface representing an authenticated identity.
     * 
     * Implementations provide identity data that gets embedded in tokens
     * and can be retrieved on subsequent requests.
     * 
     * Built-in implementation: Spry.Authentication.User (via UserIdentityProvider)
     * Custom implementations: OAuth providers, certificate auth, etc.
     */
    public interface Identity : GLib.Object {

        /**
         * Unique identifier for this identity.
         * Used to look up the full identity object.
         */
        public abstract string id { get; }

        /**
         * Human-readable name for this identity.
         * Typically username or email.
         */
        public abstract string username { get; }

        /**
         * Permissions granted to this identity.
         * Returns an immutable lot of strings for serialization.
         */
        public abstract ImmutableLot<string> permissions { owned get; }

        /**
         * Additional data to embed in the token.
         * Implementation-specific data (e.g., roles, preferences).
         */
        public abstract Properties data { owned get; }
    }
}