refactor: removing std errors pkg

fix: adding migration for fixing wrong cloud integration unique index
feat(sqlschema): add support for partial unique indexes (#10604 )
2026-03-17 18:32:11 +00:00 · 2026-03-17 20:22:38 +05:30 · 2026-03-17 17:12:44 +05:30 · 2026-03-17 11:22:11 +00:00 · 2026-03-17 07:27:36 +00:00
45 changed files with 1515 additions and 724 deletions
--- a/ee/query-service/app/server.go
+++ b/ee/query-service/app/server.go
@@ -217,8 +217,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
+	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,
--- a/ee/sqlschema/postgressqlschema/provider.go
+++ b/ee/sqlschema/postgressqlschema/provider.go
@@ -223,7 +223,8 @@ SELECT
    i.indisunique AS unique,
    i.indisprimary AS primary,
    a.attname AS column_name,
-    array_position(i.indkey, a.attnum) AS column_position
+    array_position(i.indkey, a.attnum) AS column_position,
+    pg_get_expr(i.indpred, i.indrelid) AS predicate
 FROM
    pg_index i
    LEFT JOIN pg_class ct ON ct.oid = i.indrelid
@@ -246,7 +247,12 @@ ORDER BY index_name, column_position`, string(name))
 		}
 	}()

-	uniqueIndicesMap := make(map[string]*sqlschema.UniqueIndex)
+	type indexEntry struct {
+		columns   []sqlschema.ColumnName
+		predicate *string
+	}
+
+	uniqueIndicesMap := make(map[string]*indexEntry)
 	for rows.Next() {
 		var (
 			tableName  string
@@ -256,30 +262,50 @@ ORDER BY index_name, column_position`, string(name))
 			columnName string
 			// starts from 0 and is unused in this function, this is to ensure that the column names are in the correct order
 			columnPosition int
+			predicate      *string
 		)

-		if err := rows.Scan(&tableName, &indexName, &unique, &primary, &columnName, &columnPosition); err != nil {
+		if err := rows.Scan(&tableName, &indexName, &unique, &primary, &columnName, &columnPosition, &predicate); err != nil {
 			return nil, err
 		}

 		if unique {
 			if _, ok := uniqueIndicesMap[indexName]; !ok {
-				uniqueIndicesMap[indexName] = &sqlschema.UniqueIndex{
-					TableName:   name,
-					ColumnNames: []sqlschema.ColumnName{sqlschema.ColumnName(columnName)},
+				uniqueIndicesMap[indexName] = &indexEntry{
+					columns:   []sqlschema.ColumnName{sqlschema.ColumnName(columnName)},
+					predicate: predicate,
 				}
 			} else {
-				uniqueIndicesMap[indexName].ColumnNames = append(uniqueIndicesMap[indexName].ColumnNames, sqlschema.ColumnName(columnName))
+				uniqueIndicesMap[indexName].columns = append(uniqueIndicesMap[indexName].columns, sqlschema.ColumnName(columnName))
 			}
 		}
 	}

 	indices := make([]sqlschema.Index, 0)
-	for indexName, index := range uniqueIndicesMap {
-		if index.Name() == indexName {
-			indices = append(indices, index)
+	for indexName, entry := range uniqueIndicesMap {
+		if entry.predicate != nil {
+			index := &sqlschema.PartialUniqueIndex{
+				TableName:   name,
+				ColumnNames: entry.columns,
+				Where:       *entry.predicate,
+			}
+
+			if index.Name() == indexName {
+				indices = append(indices, index)
+			} else {
+				indices = append(indices, index.Named(indexName))
+			}
 		} else {
-			indices = append(indices, index.Named(indexName))
+			index := &sqlschema.UniqueIndex{
+				TableName:   name,
+				ColumnNames: entry.columns,
+			}
+
+			if index.Name() == indexName {
+				indices = append(indices, index)
+			} else {
+				indices = append(indices, index.Named(indexName))
+			}
 		}
 	}

--- a/frontend/src/container/NewWidget/RightContainer/RightContainer.styles.scss
+++ b/frontend/src/container/NewWidget/RightContainer/RightContainer.styles.scss
@@ -30,17 +30,6 @@
 		width: 100%;
 	}

-	.section-heading {
-		font-family: 'Space Mono';
-		color: var(--bg-vanilla-400);
-		font-size: 13px;
-		font-style: normal;
-		font-weight: 400;
-		line-height: 18px; /* 138.462% */
-		letter-spacing: 0.52px;
-		text-transform: uppercase;
-	}
-
 	.header {
 		display: flex;
 		padding: 14px 14px 14px 12px;
--- a/frontend/src/lib/uPlotV2/components/UPlotChart.tsx
+++ b/frontend/src/lib/uPlotV2/components/UPlotChart.tsx
@@ -7,7 +7,6 @@ import ErrorBoundaryFallback from 'pages/ErrorBoundaryFallback/ErrorBoundaryFall
 import uPlot, { AlignedData, Options } from 'uplot';

 import { usePlotContext } from '../context/PlotContext';
-import { applySpanGapsToAlignedData } from '../utils/dataUtils';
 import { UPlotChartProps } from './types';

 /**
@@ -85,13 +84,7 @@ export default function UPlotChart({
 		} as Options;

 		// Create new plot instance
-		const seriesSpanGaps = config.getSeriesSpanGapsOptions();
-		const preparedData =
-			seriesSpanGaps.length > 0
-				? applySpanGapsToAlignedData(data as AlignedData, seriesSpanGaps)
-				: (data as AlignedData);
-
-		const plot = new uPlot(plotConfig, preparedData, containerRef.current);
+		const plot = new uPlot(plotConfig, data as AlignedData, containerRef.current);

 		if (plotRef) {
 			plotRef(plot);
@@ -169,13 +162,7 @@ export default function UPlotChart({
 		}
 		// Update data if only data changed
 		else if (!sameData(prevProps, currentProps) && plotInstanceRef.current) {
-			const seriesSpanGaps = config.getSeriesSpanGapsOptions?.() ?? [];
-			const preparedData =
-				seriesSpanGaps.length > 0
-					? applySpanGapsToAlignedData(data as AlignedData, seriesSpanGaps)
-					: (data as AlignedData);
-
-			plotInstanceRef.current.setData(preparedData as AlignedData);
+			plotInstanceRef.current.setData(data as AlignedData);
 		}

 		prevPropsRef.current = currentProps;
--- a/frontend/src/lib/uPlotV2/config/UPlotConfigBuilder.ts
+++ b/frontend/src/lib/uPlotV2/config/UPlotConfigBuilder.ts
@@ -14,7 +14,6 @@ import {
 	STEP_INTERVAL_MULTIPLIER,
 } from '../constants';
 import { calculateWidthBasedOnStepInterval } from '../utils';
-import { SeriesSpanGapsOption } from '../utils/dataUtils';
 import {
 	ConfigBuilder,
 	ConfigBuilderProps,
@@ -162,13 +161,6 @@ export class UPlotConfigBuilder extends ConfigBuilder<
 		this.series.push(new UPlotSeriesBuilder(props));
 	}

-	getSeriesSpanGapsOptions(): SeriesSpanGapsOption[] {
-		return this.series.map((s) => {
-			const { spanGaps } = s.props;
-			return { spanGaps };
-		});
-	}
-
 	/**
 	 * Add a hook for extensibility
 	 */
--- a/frontend/src/lib/uPlotV2/config/UPlotSeriesBuilder.ts
+++ b/frontend/src/lib/uPlotV2/config/UPlotSeriesBuilder.ts
@@ -212,12 +212,7 @@ export class UPlotSeriesBuilder extends ConfigBuilder<SeriesProps, Series> {
 		return {
 			scale: scaleKey,
 			label,
-			// When spanGaps is numeric, we always disable uPlot's internal
-			// spanGaps behavior and rely on data-prep to implement the
-			// threshold-based null handling. When spanGaps is boolean we
-			// map it directly. When spanGaps is undefined we fall back to
-			// the default of false.
-			spanGaps: typeof spanGaps === 'number' ? false : !!spanGaps,
+			spanGaps: typeof spanGaps === 'boolean' ? spanGaps : false,
 			value: (): string => '',
 			pxAlign: true,
 			show,
--- a/frontend/src/lib/uPlotV2/config/tests/UPlotSeriesBuilder.test.ts
+++ b/frontend/src/lib/uPlotV2/config/tests/UPlotSeriesBuilder.test.ts
@@ -40,37 +40,6 @@ describe('UPlotSeriesBuilder', () => {
 		expect(typeof config.value).toBe('function');
 	});

-	it('maps boolean spanGaps directly to uPlot spanGaps', () => {
-		const trueBuilder = new UPlotSeriesBuilder(
-			createBaseProps({
-				spanGaps: true,
-			}),
-		);
-		const falseBuilder = new UPlotSeriesBuilder(
-			createBaseProps({
-				spanGaps: false,
-			}),
-		);
-
-		const trueConfig = trueBuilder.getConfig();
-		const falseConfig = falseBuilder.getConfig();
-
-		expect(trueConfig.spanGaps).toBe(true);
-		expect(falseConfig.spanGaps).toBe(false);
-	});
-
-	it('disables uPlot spanGaps when spanGaps is a number', () => {
-		const builder = new UPlotSeriesBuilder(
-			createBaseProps({
-				spanGaps: 10000,
-			}),
-		);
-
-		const config = builder.getConfig();
-
-		expect(config.spanGaps).toBe(false);
-	});
-
 	it('uses explicit lineColor when provided, regardless of mapping', () => {
 		const builder = new UPlotSeriesBuilder(
 			createBaseProps({
--- a/frontend/src/lib/uPlotV2/config/types.ts
+++ b/frontend/src/lib/uPlotV2/config/types.ts
@@ -175,16 +175,7 @@ export interface SeriesProps extends LineConfig, PointsConfig, BarConfig {
 	pointsFilter?: Series.Points.Filter;
 	pointsBuilder?: Series.Points.Show;
 	show?: boolean;
-	/**
-	 * Controls how nulls are treated for this series.
-	 *
-	 * - boolean: mapped directly to uPlot's spanGaps behavior
-	 * - number: interpreted as an X-axis threshold (same unit as ref values),
-	 *           where gaps smaller than this threshold are spanned by
-	 *           converting short null runs to undefined during data prep
-	 *           while uPlot's internal spanGaps is kept disabled.
-	 */
-	spanGaps?: boolean | number;
+	spanGaps?: boolean;
 	fillColor?: string;
 	fillMode?: FillMode;
 	isDarkMode?: boolean;
--- a/frontend/src/lib/uPlotV2/utils/tests/dataUtils.test.ts
+++ b/frontend/src/lib/uPlotV2/utils/tests/dataUtils.test.ts
@@ -1,11 +1,4 @@
-import uPlot from 'uplot';
-
-import {
-	applySpanGapsToAlignedData,
-	isInvalidPlotValue,
-	normalizePlotValue,
-	SeriesSpanGapsOption,
-} from '../dataUtils';
+import { isInvalidPlotValue, normalizePlotValue } from '../dataUtils';

 describe('dataUtils', () => {
 	describe('isInvalidPlotValue', () => {
@@ -66,56 +59,4 @@ describe('dataUtils', () => {
 			expect(normalizePlotValue(42.5)).toBe(42.5);
 		});
 	});
-
-	describe('applyspanGapsToAlignedData', () => {
-		const xs: uPlot.AlignedData[0] = [0, 10, 20, 30];
-
-		it('returns original data when there are no series', () => {
-			const data: uPlot.AlignedData = [xs];
-			const result = applySpanGapsToAlignedData(data, []);
-
-			expect(result).toBe(data);
-		});
-
-		it('leaves data unchanged when spanGaps is undefined', () => {
-			const ys = [1, null, 2, null];
-			const data: uPlot.AlignedData = [xs, ys];
-			const options: SeriesSpanGapsOption[] = [{}];
-
-			const result = applySpanGapsToAlignedData(data, options);
-
-			expect(result[1]).toEqual(ys);
-		});
-
-		it('converts nulls to undefined when spanGaps is true', () => {
-			const ys = [1, null, 2, null];
-			const data: uPlot.AlignedData = [xs, ys];
-			const options: SeriesSpanGapsOption[] = [{ spanGaps: true }];
-
-			const result = applySpanGapsToAlignedData(data, options);
-
-			expect(result[1]).toEqual([1, undefined, 2, undefined]);
-		});
-
-		it('leaves data unchanged when spanGaps is false', () => {
-			const ys = [1, null, 2, null];
-			const data: uPlot.AlignedData = [xs, ys];
-			const options: SeriesSpanGapsOption[] = [{ spanGaps: false }];
-
-			const result = applySpanGapsToAlignedData(data, options);
-
-			expect(result[1]).toEqual(ys);
-		});
-
-		it('runs threshold-based null handling when spanGaps is numeric', () => {
-			const ys = [1, null, null, 2];
-			const data: uPlot.AlignedData = [xs, ys];
-			const options: SeriesSpanGapsOption[] = [{ spanGaps: 25 }];
-
-			const result = applySpanGapsToAlignedData(data, options);
-
-			// gap between x=0 and x=30 is 30, so with threshold 25 it should stay null
-			expect(result[1]).toEqual([1, null, null, 2]);
-		});
-	});
 });
--- a/frontend/src/lib/uPlotV2/utils/tests/nullHandling.test.ts
+++ b/frontend/src/lib/uPlotV2/utils/tests/nullHandling.test.ts
@@ -1,39 +0,0 @@
-import { nullToUndefThreshold } from '../nullHandling';
-
-describe('nullToUndefThreshold', () => {
-	it('converts short null gaps to undefined', () => {
-		const xs = [0, 10, 20, 30, 40];
-		const ys: Array<number | null | undefined> = [1, null, null, 2, 3];
-
-		const result = nullToUndefThreshold(xs, ys, 25);
-
-		expect(result).toEqual([1, undefined, undefined, 2, 3]);
-	});
-
-	it('keeps long null gaps as null', () => {
-		const xs = [0, 10, 100, 200];
-		const ys: Array<number | null | undefined> = [1, null, null, 2];
-
-		const result = nullToUndefThreshold(xs, ys, 50);
-
-		expect(result).toEqual([1, null, null, 2]);
-	});
-
-	it('leaves leading and trailing nulls as-is', () => {
-		const xs = [0, 10, 20, 30];
-		const ys: Array<number | null | undefined> = [null, null, 1, null];
-
-		const result = nullToUndefThreshold(xs, ys, 50);
-
-		expect(result).toEqual([null, null, 1, null]);
-	});
-
-	it('is a no-op when there are no nulls', () => {
-		const xs = [0, 10, 20];
-		const ys: Array<number | null | undefined> = [1, 2, 3];
-
-		const result = nullToUndefThreshold(xs, ys, 50);
-
-		expect(result).toEqual([1, 2, 3]);
-	});
-});
--- a/frontend/src/lib/uPlotV2/utils/dataUtils.ts
+++ b/frontend/src/lib/uPlotV2/utils/dataUtils.ts
@@ -1,5 +1,3 @@
-import { nullToUndefThreshold } from './nullHandling';
-
 /**
 * Checks if a value is invalid for plotting
 *
@@ -53,52 +51,3 @@ export function normalizePlotValue(
 	// Already a valid number
 	return value as number;
 }
-
-export interface SeriesSpanGapsOption {
-	spanGaps?: boolean | number;
-}
-
-/**
- * Apply per-series spanGaps (boolean | threshold) handling to an aligned dataset.
- *
- * The input data is expected to be of the form:
- * [xValues, series1Values, series2Values, ...]
- */
-export function applySpanGapsToAlignedData(
-	data: uPlot.AlignedData,
-	seriesOptions: SeriesSpanGapsOption[],
-): uPlot.AlignedData {
-	const [xValues, ...seriesValues] = data;
-
-	if (!Array.isArray(xValues) || seriesValues.length === 0) {
-		return data;
-	}
-
-	const transformedSeries = seriesValues.map((ys, idx) => {
-		const { spanGaps } = seriesOptions[idx] || {};
-
-		if (spanGaps === undefined) {
-			return ys;
-		}
-
-		if (typeof spanGaps === 'boolean') {
-			if (!spanGaps) {
-				return ys;
-			}
-
-			// spanGaps === true -> treat nulls as soft gaps (convert to undefined)
-			return (ys as Array<number | null | undefined>).map((v) =>
-				v === null ? undefined : v,
-			) as uPlot.AlignedData[0];
-		}
-
-		// Numeric spanGaps: threshold-based null handling
-		return nullToUndefThreshold(
-			xValues as uPlot.AlignedData[0],
-			ys as Array<number | null | undefined>,
-			spanGaps,
-		);
-	});
-
-	return [xValues, ...transformedSeries] as uPlot.AlignedData;
-}
--- a/frontend/src/lib/uPlotV2/utils/nullHandling.ts
+++ b/frontend/src/lib/uPlotV2/utils/nullHandling.ts
@@ -1,73 +0,0 @@
-import { AlignedData } from 'uplot';
-
-/**
- * Convert short runs of nulls between two defined points into undefined so that
- * uPlot treats them as "no point" but keeps the line continuous for gaps
- * smaller than the provided time threshold.
- */
-
-type AlignedXValues = AlignedData[0];
-type YValues = Array<number | null | undefined>;
-
-interface GapArgs {
-	xValues: AlignedXValues;
-	yValues: YValues;
-	maxGapThreshold: number;
-	startIndex: number;
-	endIndex: number;
-}
-
-function spanShortGap(args: GapArgs): void {
-	const { xValues, yValues, maxGapThreshold, startIndex, endIndex } = args;
-
-	const gapSize = xValues[endIndex] - xValues[startIndex];
-	if (gapSize >= maxGapThreshold) {
-		return;
-	}
-
-	for (let index = startIndex + 1; index < endIndex; index += 1) {
-		if (yValues[index] === null || yValues[index] === undefined) {
-			// Use undefined to indicate "no sample" so the line can span
-			yValues[index] = undefined;
-		}
-	}
-}
-
-export function nullToUndefThreshold(
-	xValues: AlignedXValues,
-	yValues: YValues,
-	maxGapThreshold: number,
-): YValues {
-	if (!Array.isArray(xValues) || !Array.isArray(yValues)) {
-		return yValues;
-	}
-
-	const length = Math.min(xValues.length, yValues.length);
-	if (length === 0 || maxGapThreshold <= 0) {
-		return yValues;
-	}
-
-	let previousDefinedIndex: number | null = null;
-
-	for (let index = 0; index < length; index += 1) {
-		const value = yValues[index];
-
-		if (value === null || value === undefined) {
-			continue;
-		}
-
-		if (previousDefinedIndex !== null && index - previousDefinedIndex > 1) {
-			spanShortGap({
-				xValues,
-				yValues,
-				maxGapThreshold,
-				startIndex: previousDefinedIndex,
-				endIndex: index,
-			});
-		}
-
-		previousDefinedIndex = index;
-	}
-
-	return yValues;
-}
--- a/pkg/apiserver/signozapiserver/provider.go
+++ b/pkg/apiserver/signozapiserver/provider.go
@@ -23,7 +23,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/gorilla/mux"
 )
@@ -238,13 +238,13 @@ func (provider *provider) AddToRouter(router *mux.Router) error {

 func newSecuritySchemes(role types.Role) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: ctxtypes.AuthTypeAPIKey.StringValue(), Scopes: []string{role.String()}},
-		{Name: ctxtypes.AuthTypeTokenizer.StringValue(), Scopes: []string{role.String()}},
+		{Name: authtypes.IdentNProviderAPIkey.StringValue(), Scopes: []string{role.String()}},
+		{Name: authtypes.IdentNProviderTokenizer.StringValue(), Scopes: []string{role.String()}},
 	}
 }

 func newAnonymousSecuritySchemes(scopes []string) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: ctxtypes.AuthTypeAnonymous.StringValue(), Scopes: scopes},
+		{Name: authtypes.IdentNProviderAnonymous.StringValue(), Scopes: scopes},
 	}
 }
--- a/pkg/apiserver/signozapiserver/session.go
+++ b/pkg/apiserver/signozapiserver/session.go
@@ -5,7 +5,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/gorilla/mux"
 )

@@ -73,7 +72,7 @@ func (provider *provider) addSessionRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/user.go
+++ b/pkg/apiserver/signozapiserver/user.go
@@ -5,7 +5,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/gorilla/mux"
 )

@@ -208,7 +208,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/authn/passwordauthn/emailpasswordauthn/authn.go
+++ b/pkg/authn/passwordauthn/emailpasswordauthn/authn.go
@@ -30,5 +30,5 @@ func (a *AuthN) Authenticate(ctx context.Context, email string, password string,
 		return nil, errors.New(errors.TypeUnauthenticated, types.ErrCodeIncorrectPassword, "invalid email or password")
 	}

-	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role), nil
+	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), nil
 }
--- a/pkg/http/middleware/api_key.go
+++ b/pkg/http/middleware/api_key.go
@@ -1,143 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"log/slog"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/sharder"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"golang.org/x/sync/singleflight"
-)
-
-const (
-	apiKeyCrossOrgMessage string = "::API-KEY-CROSS-ORG::"
-)
-
-type APIKey struct {
-	store   sqlstore.SQLStore
-	uuid    *authtypes.UUID
-	headers []string
-	logger  *slog.Logger
-	sharder sharder.Sharder
-	sfGroup *singleflight.Group
-}
-
-func NewAPIKey(store sqlstore.SQLStore, headers []string, logger *slog.Logger, sharder sharder.Sharder) *APIKey {
-	return &APIKey{
-		store:   store,
-		uuid:    authtypes.NewUUID(),
-		headers: headers,
-		logger:  logger,
-		sharder: sharder,
-		sfGroup: &singleflight.Group{},
-	}
-}
-
-func (a *APIKey) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var values []string
-		var apiKeyToken string
-		var apiKey types.StorableAPIKey
-
-		for _, header := range a.headers {
-			values = append(values, r.Header.Get(header))
-		}
-
-		ctx, err := a.uuid.ContextFromRequest(r.Context(), values...)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		apiKeyToken, ok := authtypes.UUIDFromContext(ctx)
-		if !ok {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		err = a.
-			store.
-			BunDB().
-			NewSelect().
-			Model(&apiKey).
-			Where("token = ?", apiKeyToken).
-			Scan(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		// allow the APIKey if expires_at is not set
-		if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		// get user from db
-		user := types.User{}
-		err = a.store.BunDB().NewSelect().Model(&user).Where("id = ?", apiKey.UserID).Scan(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		jwt := authtypes.Claims{
-			UserID: user.ID.String(),
-			Role:   apiKey.Role,
-			Email:  user.Email.String(),
-			OrgID:  user.OrgID.String(),
-		}
-
-		ctx = authtypes.NewContextWithClaims(ctx, jwt)
-
-		claims, err := authtypes.ClaimsFromContext(ctx)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
-			a.logger.ErrorContext(r.Context(), apiKeyCrossOrgMessage, "claims", claims, "error", err)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeAPIKey)
-
-		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("auth_type", ctxtypes.AuthTypeAPIKey.StringValue())
-		comment.Set("user_id", claims.UserID)
-		comment.Set("org_id", claims.OrgID)
-
-		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
-
-		next.ServeHTTP(w, r)
-
-		lastUsedCtx := context.WithoutCancel(r.Context())
-		_, _, _ = a.sfGroup.Do(apiKey.ID.StringValue(), func() (any, error) {
-			apiKey.LastUsed = time.Now()
-			_, err = a.
-				store.
-				BunDB().
-				NewUpdate().
-				Model(&apiKey).
-				Column("last_used").
-				Where("token = ?", apiKeyToken).
-				Where("revoked = false").
-				Exec(lastUsedCtx)
-			if err != nil {
-				a.logger.ErrorContext(lastUsedCtx, "failed to update last used of api key", "error", err)
-			}
-
-			return true, nil
-		})
-
-	})
-
-}
--- a/pkg/http/middleware/authn.go
+++ b/pkg/http/middleware/authn.go
@@ -1,150 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"log/slog"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sharder"
-	"github.com/SigNoz/signoz/pkg/tokenizer"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"golang.org/x/sync/singleflight"
-)
-
-const (
-	authCrossOrgMessage string = "::AUTH-CROSS-ORG::"
-)
-
-type AuthN struct {
-	tokenizer tokenizer.Tokenizer
-	headers   []string
-	sharder   sharder.Sharder
-	logger    *slog.Logger
-	sfGroup   *singleflight.Group
-}
-
-func NewAuthN(headers []string, sharder sharder.Sharder, tokenizer tokenizer.Tokenizer, logger *slog.Logger) *AuthN {
-	return &AuthN{
-		headers:   headers,
-		sharder:   sharder,
-		tokenizer: tokenizer,
-		logger:    logger,
-		sfGroup:   &singleflight.Group{},
-	}
-}
-
-func (a *AuthN) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var values []string
-		for _, header := range a.headers {
-			values = append(values, r.Header.Get(header))
-		}
-
-		ctx, err := a.contextFromRequest(r.Context(), values...)
-		if err != nil {
-			r = r.WithContext(ctx)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		r = r.WithContext(ctx)
-
-		claims, err := authtypes.ClaimsFromContext(ctx)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
-			a.logger.ErrorContext(r.Context(), authCrossOrgMessage, "claims", claims, "error", err)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeTokenizer)
-
-		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("auth_type", ctxtypes.AuthTypeTokenizer.StringValue())
-		comment.Set("tokenizer_provider", a.tokenizer.Config().Provider)
-		comment.Set("user_id", claims.UserID)
-		comment.Set("org_id", claims.OrgID)
-
-		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
-
-		next.ServeHTTP(w, r)
-
-		accessToken, err := authtypes.AccessTokenFromContext(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		lastObservedAtCtx := context.WithoutCancel(r.Context())
-		_, _, _ = a.sfGroup.Do(accessToken, func() (any, error) {
-			if err := a.tokenizer.SetLastObservedAt(lastObservedAtCtx, accessToken, time.Now()); err != nil {
-				a.logger.ErrorContext(lastObservedAtCtx, "failed to set last observed at", "error", err)
-				return false, err
-			}
-
-			return true, nil
-		})
-	})
-}
-
-func (a *AuthN) contextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
-	ctx, err := a.contextFromAccessToken(ctx, values...)
-	if err != nil {
-		return ctx, err
-	}
-
-	accessToken, err := authtypes.AccessTokenFromContext(ctx)
-	if err != nil {
-		return ctx, err
-	}
-
-	authenticatedUser, err := a.tokenizer.GetIdentity(ctx, accessToken)
-	if err != nil {
-		return ctx, err
-	}
-
-	return authtypes.NewContextWithClaims(ctx, authenticatedUser.ToClaims()), nil
-}
-
-func (a *AuthN) contextFromAccessToken(ctx context.Context, values ...string) (context.Context, error) {
-	var value string
-	for _, v := range values {
-		if v != "" {
-			value = v
-			break
-		}
-	}
-
-	if value == "" {
-		return ctx, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing authorization header")
-	}
-
-	// parse from
-	bearerToken, ok := parseBearerAuth(value)
-	if !ok {
-		// this will take care that if the value is not of type bearer token, directly use it
-		bearerToken = value
-	}
-
-	return authtypes.NewContextWithAccessToken(ctx, bearerToken), nil
-}
-
-func parseBearerAuth(auth string) (string, bool) {
-	const prefix = "Bearer "
-	// Case insensitive prefix match
-	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
-		return "", false
-	}
-
-	return auth[len(prefix):], true
-}
--- a/pkg/http/middleware/authz.go
+++ b/pkg/http/middleware/authz.go
@@ -44,7 +44,7 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {

 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsViewer(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -96,7 +96,7 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {

 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsEditor(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -147,7 +147,7 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {

 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsAdmin(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
--- a/pkg/http/middleware/identn.go
+++ b/pkg/http/middleware/identn.go
@@ -0,0 +1,75 @@
+package middleware
+
+import (
+	"context"
+	"log/slog"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/sharder"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+const (
+	identityCrossOrgMessage string = "::IDENTITY-CROSS-ORG::"
+)
+
+type IdentN struct {
+	resolver identn.IdentNResolver
+	sharder  sharder.Sharder
+	logger   *slog.Logger
+}
+
+func NewIdentN(resolver identn.IdentNResolver, sharder sharder.Sharder, logger *slog.Logger) *IdentN {
+	return &IdentN{
+		resolver: resolver,
+		sharder:  sharder,
+		logger:   logger,
+	}
+}
+
+func (m *IdentN) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		idn := m.resolver.GetIdentN(r)
+		if idn == nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if pre, ok := idn.(identn.IdentNWithPreHook); ok {
+			r = pre.Pre(r)
+		}
+
+		identity, err := idn.GetIdentity(r)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx := r.Context()
+		claims := identity.ToClaims()
+		if err := m.sharder.IsMyOwnedKey(ctx, types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
+			m.logger.ErrorContext(ctx, identityCrossOrgMessage, "claims", claims, "error", err)
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, claims)
+
+		comment := ctxtypes.CommentFromContext(ctx)
+		comment.Set("identn_provider", claims.IdentNProvider)
+		comment.Set("user_id", claims.UserID)
+		comment.Set("org_id", claims.OrgID)
+		ctx = ctxtypes.NewContextWithComment(ctx, comment)
+
+		r = r.WithContext(ctx)
+		next.ServeHTTP(w, r)
+
+		if hook, ok := idn.(identn.IdentNWithPostHook); ok {
+			hook.Post(context.WithoutCancel(r.Context()), r, claims)
+		}
+	})
+}
--- a/pkg/identn/apikeyidentn/identn.go
+++ b/pkg/identn/apikeyidentn/identn.go
@@ -0,0 +1,131 @@
+package apikeyidentn
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"golang.org/x/sync/singleflight"
+)
+
+// todo: will move this in types layer with service account integration
+type apiKeyTokenKey struct{}
+
+type resolver struct {
+	store    sqlstore.SQLStore
+	headers  []string
+	settings factory.ScopedProviderSettings
+	sfGroup  *singleflight.Group
+}
+
+func New(providerSettings factory.ProviderSettings, store sqlstore.SQLStore, headers []string) identn.IdentN {
+	return &resolver{
+		store:    store,
+		headers:  headers,
+		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/apikeyidentn"),
+		sfGroup:  &singleflight.Group{},
+	}
+}
+
+func (r *resolver) Name() authtypes.IdentNProvider {
+	return authtypes.IdentNProviderAPIkey
+}
+
+func (r *resolver) Test(req *http.Request) bool {
+	for _, header := range r.headers {
+		if req.Header.Get(header) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func (r *resolver) Pre(req *http.Request) *http.Request {
+	token := r.extractToken(req)
+	if token == "" {
+		return req
+	}
+
+	ctx := context.WithValue(req.Context(), apiKeyTokenKey{}, token)
+	return req.WithContext(ctx)
+}
+
+func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
+	ctx := req.Context()
+
+	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
+	if !ok || apiKeyToken == "" {
+		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing api key")
+	}
+
+	var apiKey types.StorableAPIKey
+	err := r.store.
+		BunDB().
+		NewSelect().
+		Model(&apiKey).
+		Where("token = ?", apiKeyToken).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
+		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "api key has expired")
+	}
+
+	var user types.User
+	err = r.store.
+		BunDB().
+		NewSelect().
+		Model(&user).
+		Where("id = ?", apiKey.UserID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	identity := authtypes.Identity{
+		UserID: user.ID,
+		Role:   apiKey.Role,
+		Email:  user.Email,
+		OrgID:  user.OrgID,
+	}
+	return &identity, nil
+}
+
+func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
+	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
+	if !ok || apiKeyToken == "" {
+		return
+	}
+
+	_, _, _ = r.sfGroup.Do(apiKeyToken, func() (any, error) {
+		_, err := r.store.
+			BunDB().
+			NewUpdate().
+			Model(new(types.StorableAPIKey)).
+			Set("last_used = ?", time.Now()).
+			Where("token = ?", apiKeyToken).
+			Where("revoked = false").
+			Exec(ctx)
+		if err != nil {
+			r.settings.Logger().ErrorContext(ctx, "failed to update last used of api key", "error", err)
+		}
+		return true, nil
+	})
+}
+
+func (r *resolver) extractToken(req *http.Request) string {
+	for _, header := range r.headers {
+		if v := req.Header.Get(header); v != "" {
+			return v
+		}
+	}
+	return ""
+}
--- a/pkg/identn/identn.go
+++ b/pkg/identn/identn.go
@@ -0,0 +1,43 @@
+package identn
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+)
+
+type IdentNResolver interface {
+	// GetIdentN returns the first IdentN whose Test() returns true for the request.
+	// Returns nil if no resolver matched.
+	GetIdentN(r *http.Request) IdentN
+}
+
+type IdentN interface {
+	// Test checks if this identN can handle the request.
+	// This should be a cheap check (e.g., header presence) with no I/O.
+	Test(r *http.Request) bool
+
+	// GetIdentity returns the resolved identity.
+	// Only called when Test() returns true.
+	GetIdentity(r *http.Request) (*authtypes.Identity, error)
+
+	Name() authtypes.IdentNProvider
+}
+
+// IdentNWithPreHook is optionally implemented by resolvers that need to
+// enrich the request before authentication (e.g., storing the access token
+// in context so downstream handlers can use it even on auth failure).
+type IdentNWithPreHook interface {
+	IdentN
+
+	Pre(r *http.Request) *http.Request
+}
+
+// IdentNWithPostHook is optionally implemented by resolvers that need
+// post-response side-effects (e.g., updating last_observed_at).
+type IdentNWithPostHook interface {
+	IdentN
+
+	Post(ctx context.Context, r *http.Request, claims authtypes.Claims)
+}
--- a/pkg/identn/resolver.go
+++ b/pkg/identn/resolver.go
@@ -0,0 +1,31 @@
+package identn
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+)
+
+type identNResolver struct {
+	identNs  []IdentN
+	settings factory.ScopedProviderSettings
+}
+
+func NewIdentNResolver(providerSettings factory.ProviderSettings, identNs ...IdentN) IdentNResolver {
+	return &identNResolver{
+		identNs:  identNs,
+		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn"),
+	}
+}
+
+// GetIdentN returns the first IdentN whose Test() returns true.
+// Returns nil if no resolver matched.
+func (c *identNResolver) GetIdentN(r *http.Request) IdentN {
+	for _, idn := range c.identNs {
+		if idn.Test(r) {
+			c.settings.Logger().DebugContext(r.Context(), "identN matched", "provider", idn.Name())
+			return idn
+		}
+	}
+	return nil
+}
--- a/pkg/identn/tokenizeridentn/identn.go
+++ b/pkg/identn/tokenizeridentn/identn.go
@@ -0,0 +1,103 @@
+package tokenizeridentn
+
+import (
+	"context"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/tokenizer"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"golang.org/x/sync/singleflight"
+)
+
+type resolver struct {
+	tokenizer tokenizer.Tokenizer
+	headers   []string
+	settings  factory.ScopedProviderSettings
+	sfGroup   *singleflight.Group
+}
+
+func New(providerSettings factory.ProviderSettings, tokenizer tokenizer.Tokenizer, headers []string) identn.IdentN {
+	return &resolver{
+		tokenizer: tokenizer,
+		headers:   headers,
+		settings:  factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"),
+		sfGroup:   &singleflight.Group{},
+	}
+}
+
+func (r *resolver) Name() authtypes.IdentNProvider {
+	return authtypes.IdentNProviderTokenizer
+}
+
+func (r *resolver) Test(req *http.Request) bool {
+	for _, header := range r.headers {
+		if req.Header.Get(header) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func (r *resolver) Pre(req *http.Request) *http.Request {
+	accessToken := r.extractToken(req)
+	if accessToken == "" {
+		return req
+	}
+
+	ctx := authtypes.NewContextWithAccessToken(req.Context(), accessToken)
+	return req.WithContext(ctx)
+}
+
+func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
+	ctx := req.Context()
+
+	accessToken, err := authtypes.AccessTokenFromContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return r.tokenizer.GetIdentity(ctx, accessToken)
+}
+
+func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
+	accessToken, err := authtypes.AccessTokenFromContext(ctx)
+	if err != nil {
+		return
+	}
+
+	_, _, _ = r.sfGroup.Do(accessToken, func() (any, error) {
+		if err := r.tokenizer.SetLastObservedAt(ctx, accessToken, time.Now()); err != nil {
+			r.settings.Logger().ErrorContext(ctx, "failed to set last observed at", "error", err)
+			return false, err
+		}
+		return true, nil
+	})
+}
+
+func (r *resolver) extractToken(req *http.Request) string {
+	var value string
+	for _, header := range r.headers {
+		if v := req.Header.Get(header); v != "" {
+			value = v
+			break
+		}
+	}
+
+	accessToken, ok := r.parseBearerAuth(value)
+	if !ok {
+		return value
+	}
+	return accessToken
+}
+
+func (r *resolver) parseBearerAuth(auth string) (string, bool) {
+	const prefix = "Bearer "
+	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
+		return "", false
+	}
+	return auth[len(prefix):], true
+}
--- a/pkg/modules/dashboard/impldashboard/handler.go
+++ b/pkg/modules/dashboard/impldashboard/handler.go
@@ -15,7 +15,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/transition"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
@@ -109,7 +108,7 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {

 	diff := 0
 	// Allow multiple deletions for API key requests; enforce for others
-	if authType, ok := ctxtypes.AuthTypeFromContext(ctx); ok && authType == ctxtypes.AuthTypeTokenizer {
+	if claims.IdentNProvider == authtypes.IdentNProviderTokenizer.StringValue() {
 		diff = 1
 	}

--- a/pkg/modules/session/implsession/module.go
+++ b/pkg/modules/session/implsession/module.go
@@ -158,7 +158,7 @@ func (module *module) CreateCallbackAuthNSession(ctx context.Context, authNProvi
 		return "", errors.WithAdditionalf(err, "root user can only authenticate via password")
 	}

-	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role), map[string]string{})
+	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), map[string]string{})
 	if err != nil {
 		return "", err
 	}
--- a/pkg/query-service/app/server.go
+++ b/pkg/query-service/app/server.go
@@ -196,13 +196,12 @@ func (s *Server) createPublicServer(api *APIHandler, web web.Web) (*http.Server,
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
+	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,
 		s.config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
 	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
 	r.Use(middleware.NewComment().Wrap)

--- a/pkg/signoz/openapi.go
+++ b/pkg/signoz/openapi.go
@@ -26,7 +26,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/swaggest/jsonschema-go"
 	"github.com/swaggest/openapi-go"
@@ -82,8 +82,8 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta

 	reflector.SpecSchema().SetTitle("SigNoz")
 	reflector.SpecSchema().SetDescription("OpenTelemetry-Native Logs, Metrics and Traces in a single pane")
-	reflector.SpecSchema().SetAPIKeySecurity(ctxtypes.AuthTypeAPIKey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
-	reflector.SpecSchema().SetHTTPBearerTokenSecurity(ctxtypes.AuthTypeTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")
+	reflector.SpecSchema().SetAPIKeySecurity(authtypes.IdentNProviderAPIkey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
+	reflector.SpecSchema().SetHTTPBearerTokenSecurity(authtypes.IdentNProviderTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")

 	collector := handler.NewOpenAPICollector(reflector)

--- a/pkg/signoz/provider.go
+++ b/pkg/signoz/provider.go
@@ -172,6 +172,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewMigrateRulesV4ToV5Factory(sqlstore, telemetryStore),
 		sqlmigration.NewAddStatusUserFactory(sqlstore, sqlschema),
 		sqlmigration.NewDeprecateUserInviteFactory(sqlstore, sqlschema),
+		sqlmigration.NewFixCloudIntegrationUniqueIndexFactory(sqlstore, sqlschema),
 	)
 }

--- a/pkg/signoz/signoz.go
+++ b/pkg/signoz/signoz.go
@@ -16,6 +16,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/identn/apikeyidentn"
+	"github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
@@ -65,6 +68,7 @@ type SigNoz struct {
 	Sharder                sharder.Sharder
 	StatsReporter          statsreporter.StatsReporter
 	Tokenizer              pkgtokenizer.Tokenizer
+	IdentNResolver         identn.IdentNResolver
 	Authz                  authz.AuthZ
 	Modules                Modules
 	Handlers               Handlers
@@ -390,6 +394,11 @@ func New(
 	// Initialize all modules
 	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter)

+	// Initialize identN resolver
+	tokenizeridentN := tokenizeridentn.New(providerSettings, tokenizer, []string{"Authorization", "Sec-WebSocket-Protocol"})
+	apikeyIdentN := apikeyidentn.New(providerSettings, sqlstore, []string{"SIGNOZ-API-KEY"})
+	identNResolver := identn.NewIdentNResolver(providerSettings, tokenizeridentN, apikeyIdentN)
+
 	userService := impluser.NewService(providerSettings, impluser.NewStore(sqlstore, providerSettings), modules.User, orgGetter, authz, config.User.Root)

 	// Initialize the querier handler via callback (allows EE to decorate with anomaly detection)
@@ -468,6 +477,7 @@ func New(
 		Emailing:               emailing,
 		Sharder:                sharder,
 		Tokenizer:              tokenizer,
+		IdentNResolver:         identNResolver,
 		Authz:                  authz,
 		Modules:                modules,
 		Handlers:               handlers,
--- a/pkg/sqlmigration/069_fix_cloud_integration_index.go
+++ b/pkg/sqlmigration/069_fix_cloud_integration_index.go
@@ -0,0 +1,252 @@
+package sqlmigration
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type fixCloudIntegrationUniqueIndex struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewFixCloudIntegrationUniqueIndexFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(
+		factory.MustNewName("fix_cloud_integration_index"),
+		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+			return &fixCloudIntegrationUniqueIndex{
+				sqlstore:  sqlstore,
+				sqlschema: sqlschema,
+			}, nil
+		},
+	)
+}
+
+func (migration *fixCloudIntegrationUniqueIndex) Register(migrations *migrate.Migrations) error {
+	if err := migrations.Register(migration.Up, migration.Down); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+type cloudIntegrationRow struct {
+	bun.BaseModel `bun:"table:cloud_integration"`
+
+	ID        string    `bun:"id"`
+	AccountID string    `bun:"account_id"`
+	Provider  string    `bun:"provider"`
+	OrgID     string    `bun:"org_id"`
+	Config    string    `bun:"config"`
+	UpdatedAt time.Time `bun:"updated_at"`
+}
+
+type cloudIntegrationAccountConfig struct {
+	Regions []string `json:"regions"`
+}
+
+// duplicateGroup holds the keeper (first element) and losers (rest) for a duplicate (account_id, provider, org_id) group.
+type duplicateGroup struct {
+	keeper *cloudIntegrationRow
+	losers []*cloudIntegrationRow
+}
+
+func (migration *fixCloudIntegrationUniqueIndex) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	// Step 1: Drop the wrong index on (id, provider, org_id)
+	dropSqls := migration.sqlschema.Operator().DropIndex(
+		(&sqlschema.UniqueIndex{
+			TableName:   "cloud_integration",
+			ColumnNames: []sqlschema.ColumnName{"id", "provider", "org_id"},
+		}).Named("unique_cloud_integration"),
+	)
+	for _, sql := range dropSqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	// Step 2: Fetch all active rows with non-null account_id, ordered for grouping
+	var activeRows []*cloudIntegrationRow
+	err = tx.NewSelect().
+		Model(&activeRows).
+		Where("removed_at IS NULL").
+		Where("account_id IS NOT NULL").
+		OrderExpr("account_id, provider, org_id, updated_at DESC").
+		Scan(ctx)
+	if err != nil && !errors.Is(err, sql.ErrNoRows) {
+		return err
+	}
+
+	// Group by (account_id, provider, org_id)
+	groups := groupCloudIntegrationRows(activeRows)
+
+	now := time.Now()
+	var loserIDs []string
+
+	for _, group := range groups {
+		if len(group.losers) == 0 {
+			continue
+		}
+
+		// Step 3: Merge config from losers into keeper
+		if err = mergeCloudIntegrationConfigs(ctx, tx, group); err != nil {
+			return err
+		}
+
+		// Step 4: Reassign orphaned cloud_integration_service rows
+		for _, loser := range group.losers {
+			// Delete services from loser that would conflict with keeper's services (same type)
+			_, err = tx.NewDelete().
+				TableExpr("cloud_integration_service").
+				Where("cloud_integration_id = ?", loser.ID).
+				Where("type IN (?)",
+					tx.NewSelect().
+						TableExpr("cloud_integration_service").
+						Column("type").
+						Where("cloud_integration_id = ?", group.keeper.ID),
+				).
+				Exec(ctx)
+			if err != nil {
+				return err
+			}
+
+			// Reassign remaining services to the keeper
+			_, err = tx.ExecContext(ctx,
+				"UPDATE cloud_integration_service SET cloud_integration_id = ? WHERE cloud_integration_id = ?",
+				group.keeper.ID, loser.ID,
+			)
+			if err != nil {
+				return err
+			}
+
+			loserIDs = append(loserIDs, loser.ID)
+		}
+	}
+
+	// Step 5: Soft-delete all loser rows
+	if len(loserIDs) > 0 {
+		_, err = tx.NewUpdate().
+			TableExpr("cloud_integration").
+			Set("removed_at = ?", now).
+			Set("updated_at = ?", now).
+			Where("id IN (?)", bun.In(loserIDs)).
+			Exec(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Step 6: Create correct partial unique index on (account_id, provider, org_id) WHERE removed_at IS NULL
+	createSqls := migration.sqlschema.Operator().CreateIndex(
+		&sqlschema.PartialUniqueIndex{
+			TableName:   "cloud_integration",
+			ColumnNames: []sqlschema.ColumnName{"account_id", "provider", "org_id"},
+			Where:       "removed_at IS NULL",
+		},
+	)
+	for _, sql := range createSqls {
+		if _, err = tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *fixCloudIntegrationUniqueIndex) Down(ctx context.Context, db *bun.DB) error {
+	return nil
+}
+
+// groupCloudIntegrationRows groups rows by (account_id, provider, org_id).
+// Rows must be pre-sorted by account_id, provider, org_id, updated_at DESC
+// so the first row in each group is the keeper (most recently updated).
+func groupCloudIntegrationRows(rows []*cloudIntegrationRow) []duplicateGroup {
+	if len(rows) == 0 {
+		return nil
+	}
+
+	var groups []duplicateGroup
+	var current duplicateGroup
+	current.keeper = rows[0]
+
+	for i := 1; i < len(rows); i++ {
+		row := rows[i]
+		if row.AccountID == current.keeper.AccountID &&
+			row.Provider == current.keeper.Provider &&
+			row.OrgID == current.keeper.OrgID {
+			current.losers = append(current.losers, row)
+		} else {
+			groups = append(groups, current)
+			current = duplicateGroup{keeper: row}
+		}
+	}
+	groups = append(groups, current)
+
+	return groups
+}
+
+// mergeCloudIntegrationConfigs unions the EnabledRegions from all rows in the group into the keeper's config and updates
+func mergeCloudIntegrationConfigs(ctx context.Context, tx bun.Tx, group duplicateGroup) error {
+	regionSet := make(map[string]struct{})
+
+	// Parse keeper's config
+	parseRegions(group.keeper.Config, regionSet)
+
+	// Parse each loser's config
+	for _, loser := range group.losers {
+		parseRegions(loser.Config, regionSet)
+	}
+
+	// Build merged config
+	mergedRegions := make([]string, 0, len(regionSet))
+	for region := range regionSet {
+		mergedRegions = append(mergedRegions, region)
+	}
+
+	merged := cloudIntegrationAccountConfig{Regions: mergedRegions}
+	mergedJSON, err := json.Marshal(merged)
+	if err != nil {
+		return err
+	}
+
+	// Update keeper's config
+	_, err = tx.NewUpdate().
+		TableExpr("cloud_integration").
+		Set("config = ?", string(mergedJSON)).
+		Where("id = ?", group.keeper.ID).
+		Exec(ctx)
+	return err
+}
+
+// parseRegions unmarshals a config JSON string and adds its regions to the set.
+func parseRegions(configJSON string, regionSet map[string]struct{}) {
+	if configJSON == "" {
+		return
+	}
+
+	var config cloudIntegrationAccountConfig
+	if err := json.Unmarshal([]byte(configJSON), &config); err != nil {
+		return
+	}
+
+	for _, region := range config.Regions {
+		regionSet[region] = struct{}{}
+	}
+}
--- a/pkg/sqlschema/index.go
+++ b/pkg/sqlschema/index.go
@@ -8,8 +8,9 @@ import (
 )

 var (
-	IndexTypeUnique = IndexType{s: valuer.NewString("uq")}
-	IndexTypeIndex  = IndexType{s: valuer.NewString("ix")}
+	IndexTypeUnique        = IndexType{s: valuer.NewString("uq")}
+	IndexTypeIndex         = IndexType{s: valuer.NewString("ix")}
+	IndexTypePartialUnique = IndexType{s: valuer.NewString("puq")}
 )

 type IndexType struct{ s valuer.String }
@@ -22,6 +23,7 @@ type Index interface {
 	// The name of the index.
 	//   - Indexes are named as `ix_<table_name>_<column_names>`. The column names are separated by underscores.
 	//   - Unique constraints are named as `uq_<table_name>_<column_names>`. The column names are separated by underscores.
+	//   - Partial unique indexes are named as `puq_<table_name>_<column_names>_<predicate_hash>`.
 	// The name is autogenerated and should not be set by the user.
 	Name() string

@@ -133,3 +135,101 @@ func (index *UniqueIndex) ToDropSQL(fmter SQLFormatter) []byte {

 	return sql
 }
+
+type PartialUniqueIndex struct {
+	TableName   TableName
+	ColumnNames []ColumnName
+	Where       string
+	name        string
+}
+
+func (index *PartialUniqueIndex) Name() string {
+	if index.name != "" {
+		return index.name
+	}
+
+	var b strings.Builder
+	b.WriteString(IndexTypePartialUnique.String())
+	b.WriteString("_")
+	b.WriteString(string(index.TableName))
+	b.WriteString("_")
+	for i, column := range index.ColumnNames {
+		if i > 0 {
+			b.WriteString("_")
+		}
+		b.WriteString(string(column))
+	}
+	b.WriteString("_")
+	b.WriteString((&whereNormalizer{input: index.Where}).hash())
+	return b.String()
+}
+
+func (index *PartialUniqueIndex) Named(name string) Index {
+	copyOfColumnNames := make([]ColumnName, len(index.ColumnNames))
+	copy(copyOfColumnNames, index.ColumnNames)
+
+	return &PartialUniqueIndex{
+		TableName:   index.TableName,
+		ColumnNames: copyOfColumnNames,
+		Where:       index.Where,
+		name:        name,
+	}
+}
+
+func (index *PartialUniqueIndex) IsNamed() bool {
+	return index.name != ""
+}
+
+func (*PartialUniqueIndex) Type() IndexType {
+	return IndexTypePartialUnique
+}
+
+func (index *PartialUniqueIndex) Columns() []ColumnName {
+	return index.ColumnNames
+}
+
+func (index *PartialUniqueIndex) Equals(other Index) bool {
+	if other.Type() != IndexTypePartialUnique {
+		return false
+	}
+
+	otherPartial, ok := other.(*PartialUniqueIndex)
+	if !ok {
+		return false
+	}
+
+	return index.Name() == other.Name() && slices.Equal(index.Columns(), other.Columns()) && (&whereNormalizer{input: index.Where}).normalize() == (&whereNormalizer{input: otherPartial.Where}).normalize()
+}
+
+func (index *PartialUniqueIndex) ToCreateSQL(fmter SQLFormatter) []byte {
+	sql := []byte{}
+
+	sql = append(sql, "CREATE UNIQUE INDEX IF NOT EXISTS "...)
+	sql = fmter.AppendIdent(sql, index.Name())
+	sql = append(sql, " ON "...)
+	sql = fmter.AppendIdent(sql, string(index.TableName))
+	sql = append(sql, " ("...)
+
+	for i, column := range index.ColumnNames {
+		if i > 0 {
+			sql = append(sql, ", "...)
+		}
+
+		sql = fmter.AppendIdent(sql, string(column))
+	}
+
+	sql = append(sql, ") WHERE "...)
+	sql = append(sql, index.Where...)
+
+	return sql
+}
+
+func (index *PartialUniqueIndex) ToDropSQL(fmter SQLFormatter) []byte {
+	sql := []byte{}
+
+	sql = append(sql, "DROP INDEX IF EXISTS "...)
+	sql = fmter.AppendIdent(sql, index.Name())
+
+	return sql
+}
+
--- a/pkg/sqlschema/index_test.go
+++ b/pkg/sqlschema/index_test.go
@@ -38,6 +38,110 @@ func TestIndexToCreateSQL(t *testing.T) {
 			},
 			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "my_index" ON "users" ("id", "name", "email")`,
 		},
+		{
+			name: "PartialUnique_1Column",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_94610c77" ON "users" ("email") WHERE "deleted_at" IS NULL`,
+		},
+		{
+			name: "PartialUnique_2Columns",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"org_id", "email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_org_id_email_94610c77" ON "users" ("org_id", "email") WHERE "deleted_at" IS NULL`,
+		},
+		{
+			name: "PartialUnique_Named",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+				name:        "my_partial_index",
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "my_partial_index" ON "users" ("email") WHERE "deleted_at" IS NULL`,
+		},
+		{
+			name: "PartialUnique_WhereWithParentheses",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `("deleted_at" IS NULL)`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_94610c77" ON "users" ("email") WHERE ("deleted_at" IS NULL)`,
+		},
+		{
+			name: "PartialUnique_WhereWithQuotedIdentifier",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"order" IS NULL`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_14c5f5f2" ON "users" ("email") WHERE "order" IS NULL`,
+		},
+		{
+			name: "PartialUnique_WhereWithQuotedLiteral",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `status = 'somewhere'`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_9817c709" ON "users" ("email") WHERE status = 'somewhere'`,
+		},
+		{
+			name: "PartialUnique_WhereWith2Columns",
+			index: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email", "status"},
+				Where:       `email = 'test@example.com' AND status = 'active'`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_status_e70e78c3" ON "users" ("email", "status") WHERE email = 'test@example.com' AND status = 'active'`,
+		},
+		// postgres docs example
+		{
+			name: "PartialUnique_WhereWithPostgresDocsExample_1",
+			index: &PartialUniqueIndex{
+				TableName:   "access_log",
+				ColumnNames: []ColumnName{"client_ip"},
+				Where:       `NOT (client_ip > inet '192.168.100.0' AND client_ip < inet '192.168.100.255')`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_access_log_client_ip_5a596410" ON "access_log" ("client_ip") WHERE NOT (client_ip > inet '192.168.100.0' AND client_ip < inet '192.168.100.255')`,
+		},
+		// postgres docs example
+		{
+			name: "PartialUnique_WhereWithPostgresDocsExample_2",
+			index: &PartialUniqueIndex{
+				TableName:   "orders",
+				ColumnNames: []ColumnName{"order_nr"},
+				Where:       `billed is not true`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_orders_order_nr_6d31bb0e" ON "orders" ("order_nr") WHERE billed is not true`,
+		},
+		// sqlite docs example
+		{
+			name: "PartialUnique_WhereWithSqliteDocsExample_1",
+			index: &PartialUniqueIndex{
+				TableName:   "person",
+				ColumnNames: []ColumnName{"team_id"},
+				Where:       `is_team_leader`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_person_team_id_c8604a29" ON "person" ("team_id") WHERE is_team_leader`,
+		},
+		// sqlite docs example
+		{
+			name: "PartialUnique_WhereWithSqliteDocsExample_2",
+			index: &PartialUniqueIndex{
+				TableName:   "purchaseorder",
+				ColumnNames: []ColumnName{"parent_po"},
+				Where:       `parent_po IS NOT NULL`,
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "puq_purchaseorder_parent_po_dbe2929d" ON "purchaseorder" ("parent_po") WHERE parent_po IS NOT NULL`,
+		},
 	}

 	for _, testCase := range testCases {
@@ -49,3 +153,109 @@ func TestIndexToCreateSQL(t *testing.T) {
 		})
 	}
 }
+
+func TestIndexEquals(t *testing.T) {
+	testCases := []struct {
+		name   string
+		a      Index
+		b      Index
+		equals bool
+	}{
+		{
+			name: "PartialUnique_Same",
+			a: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			b: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			equals: true,
+		},
+		{
+			name: "PartialUnique_NormalizedPostgresWhere",
+			a: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			b: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `(deleted_at IS NULL)`,
+			},
+			equals: true,
+		},
+		{
+			name: "PartialUnique_DifferentWhere",
+			a: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			b: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"active" = true`,
+			},
+			equals: false,
+		},
+		{
+			name: "PartialUnique_NotEqual_Unique",
+			a: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			b: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+			},
+			equals: false,
+		},
+		{
+			name: "Unique_NotEqual_PartialUnique",
+			a: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+			},
+			b: &PartialUniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Where:       `"deleted_at" IS NULL`,
+			},
+			equals: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.equals, testCase.a.Equals(testCase.b))
+		})
+	}
+}
+
+func TestPartialUniqueIndexName(t *testing.T) {
+	a := &PartialUniqueIndex{
+		TableName:   "users",
+		ColumnNames: []ColumnName{"email"},
+		Where:       `"deleted_at" IS NULL`,
+	}
+	b := &PartialUniqueIndex{
+		TableName:   "users",
+		ColumnNames: []ColumnName{"email"},
+		Where:       `(deleted_at IS NULL)`,
+	}
+	c := &PartialUniqueIndex{
+		TableName:   "users",
+		ColumnNames: []ColumnName{"email"},
+		Where:       `"active" = true`,
+	}
+
+	assert.Equal(t, "puq_users_email_94610c77", a.Name())
+	assert.Equal(t, a.Name(), b.Name())
+	assert.NotEqual(t, a.Name(), c.Name())
+}
--- a/pkg/sqlschema/normalizer.go
+++ b/pkg/sqlschema/normalizer.go
@@ -0,0 +1,162 @@
+package sqlschema
+
+import (
+	"fmt"
+	"hash/fnv"
+	"strings"
+)
+
+type whereNormalizer struct {
+	input string
+}
+
+func (n *whereNormalizer) hash() string {
+	hasher := fnv.New32a()
+	_, _ = hasher.Write([]byte(n.normalize()))
+	return fmt.Sprintf("%08x", hasher.Sum32())
+}
+
+func (n *whereNormalizer) normalize() string {
+	where := strings.TrimSpace(n.input)
+	where = n.stripOuterParentheses(where)
+
+	var output strings.Builder
+	output.Grow(len(where))
+
+	for i := 0; i < len(where); i++ {
+		switch where[i] {
+		case ' ', '\t', '\n', '\r':
+			if output.Len() > 0 {
+				last := output.String()[output.Len()-1]
+				if last != ' ' {
+					output.WriteByte(' ')
+				}
+			}
+		case '\'':
+			end := n.consumeSingleQuotedLiteral(where, i, &output)
+			i = end
+		case '"':
+			token, end := n.consumeDoubleQuotedToken(where, i)
+			output.WriteString(token)
+			i = end
+		default:
+			output.WriteByte(where[i])
+		}
+	}
+
+	return strings.TrimSpace(output.String())
+}
+
+func (n *whereNormalizer) stripOuterParentheses(s string) string {
+	for {
+		s = strings.TrimSpace(s)
+		if len(s) < 2 || s[0] != '(' || s[len(s)-1] != ')' || !n.hasWrappingParentheses(s) {
+			return s
+		}
+		s = s[1 : len(s)-1]
+	}
+}
+
+func (n *whereNormalizer) hasWrappingParentheses(s string) bool {
+	depth := 0
+	inSingleQuotedLiteral := false
+	inDoubleQuotedToken := false
+
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '\'':
+			if inDoubleQuotedToken {
+				continue
+			}
+			if inSingleQuotedLiteral && i+1 < len(s) && s[i+1] == '\'' {
+				i++
+				continue
+			}
+			inSingleQuotedLiteral = !inSingleQuotedLiteral
+		case '"':
+			if inSingleQuotedLiteral {
+				continue
+			}
+			if inDoubleQuotedToken && i+1 < len(s) && s[i+1] == '"' {
+				i++
+				continue
+			}
+			inDoubleQuotedToken = !inDoubleQuotedToken
+		case '(':
+			if inSingleQuotedLiteral || inDoubleQuotedToken {
+				continue
+			}
+			depth++
+		case ')':
+			if inSingleQuotedLiteral || inDoubleQuotedToken {
+				continue
+			}
+			depth--
+			if depth == 0 && i != len(s)-1 {
+				return false
+			}
+		}
+	}
+
+	return depth == 0
+}
+
+func (n *whereNormalizer) consumeSingleQuotedLiteral(s string, start int, output *strings.Builder) int {
+	output.WriteByte(s[start])
+	for i := start + 1; i < len(s); i++ {
+		output.WriteByte(s[i])
+		if s[i] == '\'' {
+			if i+1 < len(s) && s[i+1] == '\'' {
+				i++
+				output.WriteByte(s[i])
+				continue
+			}
+			return i
+		}
+	}
+
+	return len(s) - 1
+}
+
+func (n *whereNormalizer) consumeDoubleQuotedToken(s string, start int) (string, int) {
+	var ident strings.Builder
+
+	for i := start + 1; i < len(s); i++ {
+		if s[i] == '"' {
+			if i+1 < len(s) && s[i+1] == '"' {
+				ident.WriteByte('"')
+				i++
+				continue
+			}
+
+			if n.isSimpleUnquotedIdentifier(ident.String()) {
+				return ident.String(), i
+			}
+
+			return s[start : i+1], i
+		}
+
+		ident.WriteByte(s[i])
+	}
+
+	return s[start:], len(s) - 1
+}
+
+func (n *whereNormalizer) isSimpleUnquotedIdentifier(s string) bool {
+	if s == "" || strings.ToLower(s) != s {
+		return false
+	}
+
+	for i := 0; i < len(s); i++ {
+		ch := s[i]
+		if (ch >= 'a' && ch <= 'z') || ch == '_' {
+			continue
+		}
+		if i > 0 && ch >= '0' && ch <= '9' {
+			continue
+		}
+		return false
+	}
+
+	return true
+}
--- a/pkg/sqlschema/normalizer_test.go
+++ b/pkg/sqlschema/normalizer_test.go
@@ -0,0 +1,57 @@
+package sqlschema
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWhereNormalizerNormalize(t *testing.T) {
+	testCases := []struct {
+		name   string
+		input  string
+		output string
+	}{
+		{
+			name:   "BooleanComparison",
+			input:  `"active" = true`,
+			output: `active = true`,
+		},
+		{
+			name:   "QuotedStringLiteralPreserved",
+			input:  `status = 'somewhere'`,
+			output: `status = 'somewhere'`,
+		},
+		{
+			name:   "EscapedStringLiteralPreserved",
+			input:  `status = 'it''s active'`,
+			output: `status = 'it''s active'`,
+		},
+		{
+			name:   "OuterParenthesesRemoved",
+			input:  `(("deleted_at" IS NULL))`,
+			output: `deleted_at IS NULL`,
+		},
+		{
+			name:   "InnerParenthesesPreserved",
+			input:  `("deleted_at" IS NULL OR ("active" = true AND "status" = 'open'))`,
+			output: `deleted_at IS NULL OR (active = true AND status = 'open')`,
+		},
+		{
+			name:   "MultipleClausesWhitespaceCollapsed",
+			input:  "  (  \"deleted_at\" IS NULL  \n AND\t\"active\" = true  AND status = 'open' )  ",
+			output: `deleted_at IS NULL AND active = true AND status = 'open'`,
+		},
+		{
+			name:   "ComplexBooleanClauses",
+			input:  `NOT ("deleted_at" IS NOT NULL AND ("active" = false OR "status" = 'archived'))`,
+			output: `NOT (deleted_at IS NOT NULL AND (active = false OR status = 'archived'))`,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.output, (&whereNormalizer{input: testCase.input}).normalize())
+		})
+	}
+}
--- a/pkg/sqlschema/operator_test.go
+++ b/pkg/sqlschema/operator_test.go
@@ -1146,3 +1146,100 @@ func TestOperatorAlterTable(t *testing.T) {
 		})
 	}
 }
+
+func TestOperatorDiffIndices(t *testing.T) {
+	testCases := []struct {
+		name         string
+		oldIndices   []Index
+		newIndices   []Index
+		expectedSQLs [][]byte
+	}{
+		{
+			name: "UniqueToPartialUnique_DropAndCreate",
+			oldIndices: []Index{
+				&UniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+				},
+			},
+			newIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"deleted_at" IS NULL`,
+				},
+			},
+			expectedSQLs: [][]byte{
+				[]byte(`DROP INDEX IF EXISTS "uq_users_email"`),
+				[]byte(`CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_94610c77" ON "users" ("email") WHERE "deleted_at" IS NULL`),
+			},
+		},
+		{
+			name: "PartialUnique_SameWhere_NoOp",
+			oldIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"deleted_at" IS NULL`,
+				},
+			},
+			newIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"deleted_at" IS NULL`,
+				},
+			},
+			expectedSQLs: [][]byte{},
+		},
+		{
+			name: "PartialUnique_NormalizedWhere_NoOp",
+			oldIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `(deleted_at IS NULL)`,
+				},
+			},
+			newIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"deleted_at" IS NULL`,
+				},
+			},
+			expectedSQLs: [][]byte{},
+		},
+		{
+			name: "PartialUnique_DifferentWhere_DropAndCreate",
+			oldIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"deleted_at" IS NULL`,
+				},
+			},
+			newIndices: []Index{
+				&PartialUniqueIndex{
+					TableName:   "users",
+					ColumnNames: []ColumnName{"email"},
+					Where:       `"active" = true`,
+				},
+			},
+			expectedSQLs: [][]byte{
+				[]byte(`DROP INDEX IF EXISTS "puq_users_email_94610c77"`),
+				[]byte(`CREATE UNIQUE INDEX IF NOT EXISTS "puq_users_email_202121f8" ON "users" ("email") WHERE "active" = true`),
+			},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			fmter := NewFormatter(schema.NewNopFormatter().Dialect())
+			operator := NewOperator(fmter, OperatorSupport{})
+
+			actuals := operator.DiffIndices(testCase.oldIndices, testCase.newIndices)
+			assert.Equal(t, testCase.expectedSQLs, actuals)
+		})
+	}
+}
--- a/pkg/sqlschema/sqlitesqlschema/provider.go
+++ b/pkg/sqlschema/sqlitesqlschema/provider.go
@@ -3,6 +3,7 @@ package sqlitesqlschema
 import (
 	"context"
 	"strconv"
+	"strings"

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
@@ -114,7 +115,29 @@ func (provider *provider) GetIndices(ctx context.Context, tableName sqlschema.Ta
 			return nil, err
 		}

-		if unique {
+		if unique && partial {
+			var indexSQL string
+			if err := provider.
+				sqlstore.
+				BunDB().
+				NewRaw("SELECT sql FROM sqlite_master WHERE type = 'index' AND name = ?", name).
+				Scan(ctx, &indexSQL); err != nil {
+				return nil, err
+			}
+
+			where := extractWhereClause(indexSQL)
+			index := &sqlschema.PartialUniqueIndex{
+				TableName:   tableName,
+				ColumnNames: columns,
+				Where:       where,
+			}
+
+			if index.Name() == name {
+				indices = append(indices, index)
+			} else {
+				indices = append(indices, index.Named(name))
+			}
+		} else if unique {
 			index := &sqlschema.UniqueIndex{
 				TableName:   tableName,
 				ColumnNames: columns,
@@ -148,3 +171,73 @@ func (provider *provider) ToggleFKEnforcement(ctx context.Context, db bun.IDB, o

 	return errors.NewInternalf(errors.CodeInternal, "foreign_keys(actual: %s, expected: %s), maybe a transaction is in progress?", strconv.FormatBool(val), strconv.FormatBool(on))
 }
+
+func extractWhereClause(sql string) string {
+	lastWhere := -1
+	inSingleQuotedLiteral := false
+	inDoubleQuotedIdentifier := false
+	inBacktickQuotedIdentifier := false
+	inBracketQuotedIdentifier := false
+
+	for i := 0; i < len(sql); i++ {
+		switch sql[i] {
+		case '\'':
+			if inDoubleQuotedIdentifier || inBacktickQuotedIdentifier || inBracketQuotedIdentifier {
+				continue
+			}
+			if inSingleQuotedLiteral && i+1 < len(sql) && sql[i+1] == '\'' {
+				i++
+				continue
+			}
+			inSingleQuotedLiteral = !inSingleQuotedLiteral
+		case '"':
+			if inSingleQuotedLiteral || inBacktickQuotedIdentifier || inBracketQuotedIdentifier {
+				continue
+			}
+			if inDoubleQuotedIdentifier && i+1 < len(sql) && sql[i+1] == '"' {
+				i++
+				continue
+			}
+			inDoubleQuotedIdentifier = !inDoubleQuotedIdentifier
+		case '`':
+			if inSingleQuotedLiteral || inDoubleQuotedIdentifier || inBracketQuotedIdentifier {
+				continue
+			}
+			inBacktickQuotedIdentifier = !inBacktickQuotedIdentifier
+		case '[':
+			if inSingleQuotedLiteral || inDoubleQuotedIdentifier || inBacktickQuotedIdentifier || inBracketQuotedIdentifier {
+				continue
+			}
+			inBracketQuotedIdentifier = true
+		case ']':
+			if inBracketQuotedIdentifier {
+				inBracketQuotedIdentifier = false
+			}
+		}
+
+		if inSingleQuotedLiteral || inDoubleQuotedIdentifier || inBacktickQuotedIdentifier || inBracketQuotedIdentifier {
+			continue
+		}
+
+		if strings.EqualFold(sql[i:min(i+5, len(sql))], "WHERE") &&
+			(i == 0 || !isSQLiteIdentifierChar(sql[i-1])) &&
+			(i+5 == len(sql) || !isSQLiteIdentifierChar(sql[i+5])) {
+			lastWhere = i
+			i += 4
+		}
+	}
+
+	if lastWhere == -1 {
+		return ""
+	}
+
+	return strings.TrimSpace(sql[lastWhere+len("WHERE"):])
+}
+
+func isSQLiteIdentifierChar(ch byte) bool {
+	return (ch >= 'a' && ch <= 'z') ||
+		(ch >= 'A' && ch <= 'Z') ||
+		(ch >= '0' && ch <= '9') ||
+		ch == '_'
+}
+
--- a/pkg/sqlschema/sqlitesqlschema/provider_test.go
+++ b/pkg/sqlschema/sqlitesqlschema/provider_test.go
@@ -0,0 +1,52 @@
+package sqlitesqlschema
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestExtractWhereClause(t *testing.T) {
+	testCases := []struct {
+		name  string
+		sql   string
+		where string
+	}{
+		{
+			name:  "UppercaseWhere",
+			sql:   `CREATE UNIQUE INDEX "idx" ON "users" ("email") WHERE "deleted_at" IS NULL`,
+			where: `"deleted_at" IS NULL`,
+		},
+		{
+			name:  "LowercaseWhere",
+			sql:   `CREATE UNIQUE INDEX "idx" ON "users" ("email") where "deleted_at" IS NULL`,
+			where: `"deleted_at" IS NULL`,
+		},
+		{
+			name:  "NewlineBeforeWhere",
+			sql:   "CREATE UNIQUE INDEX \"idx\" ON \"users\" (\"email\")\nWHERE \"deleted_at\" IS NULL",
+			where: `"deleted_at" IS NULL`,
+		},
+		{
+			name:  "ExtraWhitespace",
+			sql:   "CREATE UNIQUE INDEX \"idx\" ON \"users\" (\"email\")   \n \t where   \"deleted_at\" IS NULL  ",
+			where: `"deleted_at" IS NULL`,
+		},
+		{
+			name:  "WhereInStringLiteral",
+			sql:   `CREATE UNIQUE INDEX "idx" ON "users" ("email") WHERE status = 'somewhere'`,
+			where: `status = 'somewhere'`,
+		},
+		{
+			name:  "BooleanLiteral",
+			sql:   `CREATE UNIQUE INDEX "idx" ON "users" ("email") WHERE active = true`,
+			where: `active = true`,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.where, extractWhereClause(testCase.sql))
+		})
+	}
+}
--- a/pkg/tokenizer/jwttokenizer/provider.go
+++ b/pkg/tokenizer/jwttokenizer/provider.go
@@ -125,7 +125,7 @@ func (provider *provider) GetIdentity(ctx context.Context, accessToken string) (
 		return nil, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "claim role mismatch")
 	}

-	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role), nil
+	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role, authtypes.IdentNProviderTokenizer), nil
 }

 func (provider *provider) DeleteToken(ctx context.Context, accessToken string) error {
--- a/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
+++ b/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
@@ -47,7 +47,7 @@ func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID)
 		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
 	}

-	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
+	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role), authtypes.IdentNProviderTokenizer), nil
 }

 func (store *store) GetByAccessToken(ctx context.Context, accessToken string) (*authtypes.StorableToken, error) {
--- a/pkg/types/authtypes/authn.go
+++ b/pkg/types/authtypes/authn.go
@@ -25,10 +25,11 @@ var (
 type AuthNProvider struct{ valuer.String }

 type Identity struct {
-	UserID valuer.UUID  `json:"userId"`
-	OrgID  valuer.UUID  `json:"orgId"`
-	Email  valuer.Email `json:"email"`
-	Role   types.Role   `json:"role"`
+	UserID        valuer.UUID    `json:"userId"`
+	OrgID         valuer.UUID    `json:"orgId"`
+	IdenNProvider IdentNProvider `json:"identNProvider"`
+	Email         valuer.Email   `json:"email"`
+	Role          types.Role     `json:"role"`
 }

 type CallbackIdentity struct {
@@ -78,12 +79,13 @@ func NewStateFromString(state string) (State, error) {
 	}, nil
 }

-func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role) *Identity {
+func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role, identNProvider IdentNProvider) *Identity {
 	return &Identity{
-		UserID: userID,
-		OrgID:  orgID,
-		Email:  email,
-		Role:   role,
+		UserID:        userID,
+		OrgID:         orgID,
+		Email:         email,
+		Role:          role,
+		IdenNProvider: identNProvider,
 	}
 }

@@ -116,10 +118,11 @@ func (typ *Identity) UnmarshalBinary(data []byte) error {

 func (typ *Identity) ToClaims() Claims {
 	return Claims{
-		UserID: typ.UserID.String(),
-		Email:  typ.Email.String(),
-		Role:   typ.Role,
-		OrgID:  typ.OrgID.String(),
+		UserID:         typ.UserID.String(),
+		Email:          typ.Email.String(),
+		Role:           typ.Role,
+		OrgID:          typ.OrgID.String(),
+		IdentNProvider: typ.IdenNProvider.StringValue(),
 	}
 }

--- a/pkg/types/authtypes/claims.go
+++ b/pkg/types/authtypes/claims.go
@@ -13,10 +13,11 @@ type claimsKey struct{}
 type accessTokenKey struct{}

 type Claims struct {
-	UserID string
-	Email  string
-	Role   types.Role
-	OrgID  string
+	UserID         string
+	Email          string
+	Role           types.Role
+	OrgID          string
+	IdentNProvider string
 }

 // NewContextWithClaims attaches individual claims to the context.
@@ -53,6 +54,7 @@ func (c *Claims) LogValue() slog.Value {
 		slog.String("email", c.Email),
 		slog.String("role", c.Role.String()),
 		slog.String("org_id", c.OrgID),
+		slog.String("identn_provider", c.IdentNProvider),
 	)
 }

--- a/pkg/types/authtypes/identn.go
+++ b/pkg/types/authtypes/identn.go
@@ -0,0 +1,11 @@
+package authtypes
+
+import "github.com/SigNoz/signoz/pkg/valuer"
+
+var (
+	IdentNProviderTokenizer = IdentNProvider{valuer.NewString("tokenizer")}
+	IdentNProviderAPIkey    = IdentNProvider{valuer.NewString("api_key")}
+	IdentNProviderAnonymous = IdentNProvider{valuer.NewString("anonymous")}
+)
+
+type IdentNProvider struct{ valuer.String }
--- a/pkg/types/authtypes/uuid.go
+++ b/pkg/types/authtypes/uuid.go
@@ -1,41 +0,0 @@
-package authtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-type uuidKey struct{}
-
-type UUID struct {
-}
-
-func NewUUID() *UUID {
-	return &UUID{}
-}
-
-func (u *UUID) ContextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
-	var value string
-	for _, v := range values {
-		if v != "" {
-			value = v
-			break
-		}
-	}
-
-	if value == "" {
-		return ctx, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "missing Authorization header")
-	}
-
-	return NewContextWithUUID(ctx, value), nil
-}
-
-func NewContextWithUUID(ctx context.Context, uuid string) context.Context {
-	return context.WithValue(ctx, uuidKey{}, uuid)
-}
-
-func UUIDFromContext(ctx context.Context) (string, bool) {
-	uuid, ok := ctx.Value(uuidKey{}).(string)
-	return uuid, ok
-}
--- a/pkg/types/ctxtypes/auth.go
+++ b/pkg/types/ctxtypes/auth.go
@@ -1,31 +0,0 @@
-package ctxtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type AuthType struct {
-	valuer.String
-}
-
-var (
-	AuthTypeTokenizer = AuthType{valuer.NewString("tokenizer")}
-	AuthTypeAPIKey    = AuthType{valuer.NewString("api_key")}
-	AuthTypeInternal  = AuthType{valuer.NewString("internal")}
-	AuthTypeAnonymous = AuthType{valuer.NewString("anonymous")}
-)
-
-type authTypeKey struct{}
-
-// SetAuthType stores the auth type (e.g., AuthTypeJWT, AuthTypeAPIKey, AuthTypeInternal) in context.
-func SetAuthType(ctx context.Context, authType AuthType) context.Context {
-	return context.WithValue(ctx, authTypeKey{}, authType)
-}
-
-// AuthTypeFromContext retrieves the auth type from context if set.
-func AuthTypeFromContext(ctx context.Context) (AuthType, bool) {
-	v, ok := ctx.Value(authTypeKey{}).(AuthType)
-	return v, ok
-}
Author	SHA1	Message	Date
swapnil-signoz	1502338f17	refactor: removing std errors pkg	2026-03-17 20:22:38 +05:30
swapnil-signoz	fdf75f03ac	fix: adding migration for fixing wrong cloud integration unique index	2026-03-17 17:12:44 +05:30
Pandey	12b02a1002	feat(sqlschema): add support for partial unique indexes (#10604 ) * feat(sqlschema): add support for partial unique indexes * feat(sqlschema): add support for multiple indexes * feat(sqlschema): add support for multiple indexes * feat(sqlschema): move normalizer to its own struct * feat(sqlschema): move normalizer tests to normalizer * feat(sqlschema): move normalizer tests to normalizer * feat(sqlschema): add more index tests from docs	2026-03-17 11:22:11 +00:00
Vikrant Gupta	4ce220ba92	feat(authn): introduce identN (#10601 ) Some checks failed build-staging / prepare (push) Has been cancelled Details build-staging / js-build (push) Has been cancelled Details build-staging / go-build (push) Has been cancelled Details build-staging / staging (push) Has been cancelled Details Release Drafter / update_release_draft (push) Has been cancelled Details * feat(authn): introduce identity resolvers * feat(authn): clean the interface DI * feat(authn): renmae the interface to identN * feat(authn): pending identN rename * feat(authn): still handling renames * feat(authn): deprecate authtype * feat(authn): clean the rotate handling * feat(authn): still handling renames	2026-03-17 07:27:36 +00:00