Profile
User identity beyond authentication — ProfileService, profile types, flexible attributes, visibility controls, and the relationship to Principals.
Overview
A Profile represents a user's public-facing identity. While a Principal handles authentication, Profiles hold the information others see — name, avatar, email, and extensible attributes. A single Principal can own multiple Profiles.
Profile Model
Profile Types
| Type | Purpose |
|---|---|
GENERIC | Standard user profile — one per Principal by default |
ORGANIZATION | Linked to an Organization entity for org-level identity |
CHILD | Sub-profile managed by a parent — for dependent accounts |
Every Principal has a primaryProfileId that determines which Profile is used by default in the UI and API responses.
Flexible Attributes
Profile data is stored as typed attributes rather than fixed columns. Each attribute has metadata for merging, deduplication, and progressive enrichment.
Common Attribute Types
| Type ID | Purpose |
|---|---|
bosca.profiles.name | Display name |
bosca.profiles.email | Email address |
bosca.profiles.avatar | Profile picture URL |
bosca.profiles.locale | Language/locale preference |
bosca.profiles.name.given | First name |
bosca.profiles.name.family | Last name |
source field tracks where each attribute came from — "oauth2" for data pulled from a third-party login, "signup" for registration data, "manual" for user edits. This enables progressive enrichment without overwriting higher-confidence data. GraphQL API
Fetching the Current Profile
Editing a Profile
Managing Attributes
Visibility
Each Profile and its individual attributes have a ProfileVisibility setting that controls who can see the data. This allows users to share their name publicly while keeping their email private, for example.
ProfileService
The service interface for profile management:
Relationship to Principals
A Principal is the security identity (credentials, tokens, groups). A Profile is the social identity (name, avatar, preferences). They are linked by Profile.principal, and the Principal's primaryProfileId points back to the default Profile.
During signup, a Profile is created automatically from the registration data or OAuth2 provider response. Additional Profiles can be created later for different contexts (e.g., an organization profile vs. a personal profile).