ADR-005: Authentication — Clerk
Status: Accepted Date: May 2026
Context
BayanCore requires robust authentication with RBAC, SSO, and multi-tenant support.
Decision
Clerk is selected as the authentication provider.
Features Used:
- Multi-tenant organizations
- Role-based access control
- SSO (SAML/OIDC)
- Session management
- User profile management
Consequences
- Positive: Rapid development, security best practices built-in, excellent DX
- Trade-offs: External dependency, cost at scale
- Risks: Service outage affects all authentication
Alternatives Considered
- Auth0: More expensive, complex pricing
- Keycloak: Self-hosted, higher operational burden
- Custom Auth: Maximum control but security risk