Credential Store
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Persistence layer that stores user credentials including bcrypt password hashes, failed-attempt counters, lockout state, and reset token records. Provides the data access surface the Auth Service uses for all credential operations.
credential-store
Sources & reasoning
Source explicitly designates email/password as the MVP authentication mechanism with BankID/Vipps deferred to Phase 2. Phase 1 MVP deliverables list it directly under Meander Mobile App scope, so target_release is the verbatim phase name 'MVP'.
-
docs/source/likeperson.md · line 27MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2
-
docs/source/likeperson.md · line 150Email/password sign-in for MVP; BankID and Vipps in Phase 2
-
docs/source/likeperson.md · line 239E-post/passord innlogging (BankID/Vipps i fase 2)
Responsibilities
- Persist and retrieve bcrypt-hashed passwords keyed by user email
- Track failed login attempt counts and lockout expiry timestamps
- Store password reset tokens with expiry and single-use semantics
- Update password hashes on successful reset confirmation
- Expose query methods for credential lookup and lockout state inspection
Interfaces
findCredentialByEmail(email): Credential
updatePasswordHash(userId, hash): void
incrementFailedAttempts(userId): number
saveResetToken(userId, token, expiresAt): void
consumeResetToken(token): UserId
Related Data Entities (2)
Data entities managed by this component