Skip to content

Principal

crudauth.Principal dataclass 

Principal(
    user_id: Any,
    scopes: tuple[str, ...] = (),
    transport: str = "",
    user: Any = None,
    is_superuser: bool = False,
    email_verified: bool = False,
    metadata: dict[str, Any] = dict(),
)

An authenticated identity, independent of which transport authenticated it.

Every transport (session, bearer, api key, ...) returns the same shape, keyed by user_id. Narrowing transports never changes the identity model.

Attributes:

Name Type Description
user_id Any

Immutable identity handle (the user's primary key).
scopes tuple[str, ...]

Flat capability scopes carried by this credential. Session principals carry empty scopes in v1; bearer/api-key principals carry whatever was issued.
transport str

Name of the transport that authenticated this request ("session", "bearer", ...).
user Any

The resolved user row (your User ORM instance), or None if a transport chose not to resolve it.
is_superuser bool

Whether the user holds the superuser flag.
email_verified bool

Whether the user's email is verified.
Example 
@app.get("/whoami")
async def whoami(user: Principal = Depends(auth.current_user())):
    return {"id": user.user_id, "via": user.transport, "email": user.user.email}

has_scopes 

has_scopes(required: list[str] | tuple[str, ...]) -> bool

True if this principal's scopes are a superset of required.