Auth Service
Component Detail
Service Layer
high complexity
Shared Component
backend
1
Dependencies
7
Dependents
4
Entities
0
Integrations
Description
Backend service implementing the Authentication Module's stable sign-in/sign-out/refresh contract using bcrypt password hashing, short-lived JWT access token issuance, and rotating refresh token management with per-tenant signing key isolation.
auth-service
Sources & reasoning
Auth Service is the core implementation of the Authentication Module's contract. The feature description explicitly calls for bcrypt hashing, JWT issuance, rotating refresh tokens, per-tenant signing key isolation, and a stable extension-point contract - each mapped to a distinct responsibility here.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Verify email/password credentials against stored bcrypt hashes
- Issue short-lived JWT access tokens with per-tenant signing keys
- Manage rotating refresh tokens including invalidation on use
- Expose stable sign-in, sign-out, refresh, and identity-lookup endpoints
- Issue and validate time-limited signed password-reset tokens
Interfaces
signIn(email, password) → { accessToken, refreshToken }
signOut(refreshToken) → void
refresh(refreshToken) → { accessToken, refreshToken }
requestPasswordReset(email) → void
completePasswordReset(resetToken, newPassword) → void
lookupIdentity(accessToken) → UserIdentity
Relationships
Dependents (7)
Components that depend on this component
Related Data Entities (4)
Data entities managed by this component