seniorClean Architecture
The 'Clean' way to handle Security and Auth.
Updated Apr 28, 2026
Short answer
Authentication is a 'Detail' (Adapter); Authorization is a 'Policy' (Domain/Use Case).
Deep explanation
Checking who a user is (AuthN) happens at the edge (Passport, JWT middleware). Checking what they can do (AuthZ) often involves business rules. Authorization should be handled by passing the user's role/permissions into the Use Case, which then decides if the action is allowed.
Unlock with a Pro subscription to view this section.
View pricingReal-world example
No real-world example available yet.
Unlock with a Pro subscription to view this section.
Upgrade to ProCommon mistakes
No common mistakes listed yet.
Unlock with a Pro subscription to view this section.
Upgrade to ProFollow-up questions
No follow-up questions available yet.
Unlock with a Pro subscription to view this section.
Upgrade to Pro