Skip to content

Commit ee1ff0d

Browse files
authored
Add Principal to the base HistoryEvent (#733)
<!-- Describe what has changed in this PR --> **What changed?** Added a `Principal` message to `temporal.api.common.v1` and a principal field on the base `HistoryEvent` proto to support server-computed caller identity on history events. The change is already tested with the server PR. Here’s a sneak peek at the history event with the principal set: ``` { "eventId": "5", "eventTime": "2026-03-18T02:09:49.481998Z", "eventType": "EVENT_TYPE_WORKFLOW_EXECUTION_SIGNALED", "taskId": "1048704", "principal": { "type": "jwt", "name": "signal-sender" }, ``` <!-- Tell your future self why have you made these changes --> **Why?** Today, the identity field on history events is client-supplied and can be set to any value, making it unsuitable for auditing. Principal Attribution attaches a server-computed, immutable identifier derived from trusted authentication context (JWT claims, mTLS certificates) to history events, enabling reliable answers to "who did this?" for compliance, security auditing, and root cause analysis. <!-- Are there any breaking changes on binary or code level? --> **Breaking changes** None. This is a purely additive proto change. <!-- If this breaks the Server, please provide the Server PR to merge right after this PR was merged. --> **Server PR** N/A
1 parent db5f593 commit ee1ff0d

4 files changed

Lines changed: 45 additions & 0 deletions

File tree

openapi/openapiv2.json

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13044,6 +13044,10 @@
1304413044
},
1304513045
"description": "Links associated with the event."
1304613046
},
13047+
"principal": {
13048+
"$ref": "#/definitions/v1Principal",
13049+
"description": "Server-computed authenticated caller identity associated with this event."
13050+
},
1304713051
"workflowExecutionStartedEventAttributes": {
1304813052
"$ref": "#/definitions/v1WorkflowExecutionStartedEventAttributes"
1304913053
},
@@ -14634,6 +14638,20 @@
1463414638
},
1463514639
"description": "PostResetOperation represents an operation to be performed on the new workflow execution after a workflow reset."
1463614640
},
14641+
"v1Principal": {
14642+
"type": "object",
14643+
"properties": {
14644+
"type": {
14645+
"type": "string",
14646+
"description": "Low-cardinality category of the principal (e.g., \"jwt\", \"users\")."
14647+
},
14648+
"name": {
14649+
"type": "string",
14650+
"description": "Identifier within that category (e.g., sub JWT claim, email address)."
14651+
}
14652+
},
14653+
"description": "Principal is an authenticated caller identity computed by the server from trusted\nauthentication context."
14654+
},
1463714655
"v1Priority": {
1463814656
"type": "object",
1463914657
"properties": {

openapi/openapiv3.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10193,6 +10193,10 @@ components:
1019310193
items:
1019410194
$ref: '#/components/schemas/Link'
1019510195
description: Links associated with the event.
10196+
principal:
10197+
allOf:
10198+
- $ref: '#/components/schemas/Principal'
10199+
description: Server-computed authenticated caller identity associated with this event.
1019610200
workflowExecutionStartedEventAttributes:
1019710201
$ref: '#/components/schemas/WorkflowExecutionStartedEventAttributes'
1019810202
workflowExecutionCompletedEventAttributes:
@@ -11727,6 +11731,18 @@ components:
1172711731
description: |-
1172811732
UpdateWorkflowOptions represents updating workflow execution options after a workflow reset.
1172911733
Keep the parameters in sync with temporal.api.workflowservice.v1.UpdateWorkflowExecutionOptionsRequest.
11734+
Principal:
11735+
type: object
11736+
properties:
11737+
type:
11738+
type: string
11739+
description: Low-cardinality category of the principal (e.g., "jwt", "users").
11740+
name:
11741+
type: string
11742+
description: Identifier within that category (e.g., sub JWT claim, email address).
11743+
description: |-
11744+
Principal is an authenticated caller identity computed by the server from trusted
11745+
authentication context.
1173011746
Priority:
1173111747
type: object
1173211748
properties:

temporal/api/common/v1/message.proto

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,15 @@ message Link {
246246
}
247247
}
248248

249+
// Principal is an authenticated caller identity computed by the server from trusted
250+
// authentication context.
251+
message Principal {
252+
// Low-cardinality category of the principal (e.g., "jwt", "users").
253+
string type = 1;
254+
// Identifier within that category (e.g., sub JWT claim, email address).
255+
string name = 2;
256+
}
257+
249258
// Priority contains metadata that controls relative ordering of task processing
250259
// when tasks are backed up in a queue. Initially, Priority will be used in
251260
// matching (workflow and activity) task queues. Later it may be used in history

temporal/api/history/v1/message.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1136,6 +1136,8 @@ message HistoryEvent {
11361136
temporal.api.sdk.v1.UserMetadata user_metadata = 301;
11371137
// Links associated with the event.
11381138
repeated temporal.api.common.v1.Link links = 302;
1139+
// Server-computed authenticated caller identity associated with this event.
1140+
temporal.api.common.v1.Principal principal = 303;
11391141
// The event details. The type must match that in `event_type`.
11401142
oneof attributes {
11411143
WorkflowExecutionStartedEventAttributes workflow_execution_started_event_attributes = 6;

0 commit comments

Comments
 (0)