AuthService
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Handles all authentication business logic including credential verification, JWT access token issuance, and refresh token rotation. It enforces token expiry, coordinates session revocation for both users and administrators, and abstracts the token lifecycle away from the UI layer.
auth-service
Sources & reasoning
Line 42 explicitly designates email/password as the MVP login method, with BankID/Vipps deferred to Fase 2. Line 319 repeats this in the Fase 1 MVP scope list. This is the entry-point authentication mechanism that unblocks all other features at launch, mapping to MVP by ordinal phase position.
-
docs/source/likeperson.md · line 42**MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2**
-
docs/source/likeperson.md · line 319E-post/passord innlogging (BankID/Vipps i fase 2)
Responsibilities
- Verify email and password credentials against stored hashed passwords
- Issue short-lived JWT access tokens and paired rotating refresh tokens on successful login
- Rotate refresh tokens on each use and invalidate the previous token
- Expose session revocation for user-initiated logout and admin-initiated termination
- Return structured auth errors for invalid credentials, expired tokens, and revoked sessions
Interfaces
login(email: string, password: string): Promise<AuthToken>
refreshToken(refreshToken: string): Promise<AuthToken>
revokeSession(sessionId: string): Promise<void>
revokeAllSessions(userId: string): Promise<void>
Related Data Entities (2)
Data entities managed by this component