defmodule BreakGlass.UserProvider do @moduledoc """ Behaviour that host applications implement to supply a user term on successful break-glass authentication. ## Callback The single callback, `build_user/1`, receives an `attrs` map that is guaranteed to contain the following four keys: | Key | Type | Description | |---------------------|----------------|---------------------------------------------------| | `:email` | `String.t()` | The configured break-glass email address | | `:sentinel_id` | `integer()` | The configured sentinel ID (never a real PK) | | `:authenticated_at` | `DateTime.t()` | UTC timestamp of successful authentication | | `:break_glass` | `true` | Always `true`; allows host-app guards to identify | | | | a break-glass session | The return value is `term()` — the library does not inspect it after invoking the callback. The host application is free to return any value, including a struct, a plain map, or any other term that suits its auth stack. ## Example defmodule MyApp.BreakGlassUserProvider do @behaviour BreakGlass.UserProvider @impl true def build_user(attrs) do %MyApp.User{ id: attrs.sentinel_id, email: attrs.email, authenticated_at: attrs.authenticated_at, break_glass: attrs.break_glass } end end """ @doc """ Builds and returns the host application's user term from the given `attrs` map. `attrs` is guaranteed to contain `:email`, `:sentinel_id`, `:authenticated_at`, and `:break_glass` (always `true`). The return value is an opaque `term()` that the library passes through unchanged. """ @callback build_user(attrs :: map()) :: term() end