I am looking at developing a system (mainly based on the Internet) that has a well-defined domain.
Domain parts include objects such as Diary, Booking, Customeretc.
However, I created another object called User, whose purpose is only authentication and authorization (it was wrong to pollute the object Customerwith authentication-specific data). I believe that this is not part of the "make orders" domain, but specifically this should belong to the application layer (I am testing the hexagonal architecture).
I access my repositories using interfaces in my domain model and connect them to my save level using IoC.
My questions are as follows:
Should I put the authentication / authorization code in the application and save it outside the domain?
If I remove it from the domain, should I put the interface for
UserRepositoryat the application level (I think this makes sense)?
If I remove it from the domain, I end up with entities also in the application layer User, etc. This seems wrong.
What do people think?
[EDIT]
I went for a solution that requires a bit of both answers, so thanks for the answer, and I added +1 to you.
I made an authentication / authorization code in a subdomain (secondary adapter) in a separate project and because it requires access to its own persistence (several collections in a separate RavenDB database), I'm including these directs in a separate project, keeping them separate from the main save layer.