Auth Service
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
6
Entities
0
Integrations
Description
Decoupled authentication module that verifies email and password credentials, issues short-lived JWT access tokens and rotating refresh tokens, and handles password reset flows. Enforces brute-force lockout policy and emits transactional reset emails.
auth-service
Sources & reasoning
Source explicitly designates email/password as the MVP authentication mechanism with BankID/Vipps deferred to Phase 2. Phase 1 MVP deliverables list it directly under Meander Mobile App scope, so target_release is the verbatim phase name 'MVP'.
-
docs/source/likeperson.md · line 27MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2
-
docs/source/likeperson.md · line 150Email/password sign-in for MVP; BankID and Vipps in Phase 2
-
docs/source/likeperson.md · line 239E-post/passord innlogging (BankID/Vipps i fase 2)
Responsibilities
- Verify submitted credentials against bcrypt-hashed passwords in the Credential Store
- Issue and rotate JWT access tokens and refresh tokens on successful login
- Track failed login attempts and lock accounts that exceed the threshold
- Generate reset tokens and trigger transactional password reset emails
- Validate reset tokens and update stored password hashes on confirmation
Interfaces
login(email, password): AuthToken
refresh(refreshToken): AuthToken
requestPasswordReset(email): void
confirmPasswordReset(token, newPassword): void
logout(refreshToken): void
Related Data Entities (6)
Data entities managed by this component