partition by org_id and add auth

lib/customer_service_web/api_spec.ex

@@ -1,5 +1,5 @@
 defmodule CustomerServiceWeb.ApiSpec do
-  alias OpenApiSpex.{OpenApi, Info, Server}
+  alias OpenApiSpex.{OpenApi, Info, Server, Components, SecurityScheme}
   alias OpenApiSpex.{Info, OpenApi, Paths, Server}
   alias CustomerServiceWeb.{Endpoint, Router}
   @behaviour OpenApi
@@ -8,17 +8,31 @@ defmodule CustomerServiceWeb.ApiSpec do
   def spec do
     %OpenApi{
       servers: [
-        # Populate the Server info from a phoenix endpoint
         Server.from_endpoint(Endpoint)
       ],
       info: %Info{
         title: "Customer Service",
         version: "1.0"
       },
-      # Populate the paths from a phoenix router
-      paths: Paths.from_router(Router)
+      paths: Paths.from_router(Router),
+      components: %Components{
+        securitySchemes: %{
+          "bearerAuth" => %SecurityScheme{
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "JWT",
+            description: "Zitadel JWT bearer token for authentication"
+          },
+          "x-organization-id" => %SecurityScheme{
+            type: "apiKey",
+            in: "header",
+            name: "x-organization-id",
+            description: "Organization identifier for tenant isolation"
+          }
+        }
+      },
+      security: [%{"bearerAuth" => [], "x-organization-id" => []}]
     }
-    # Discover request/response schemas from path specs
     |> OpenApiSpex.resolve_schema_modules()
   end
 end