Auth Service
Component Detail
Service Layer
high complexity
Shared Component
backend
3
Dependencies
5
Dependents
5
Entities
0
Integrations
Description
Core authentication service that handles email and password credential validation, JWT access token issuance, rotating refresh token management, and session revocation. Enforces per-tenant signing key isolation and exposes a stable contract consumed by every Meander product. Designed to be extractable into a standalone service without API changes for consumers.
auth-service
Responsibilities
- Validate email and password credentials against bcrypt hashes stored in the users table
- Issue short-lived JWT access tokens with 15-minute TTL and tenant-scoped claims
- Issue and rotate opaque refresh tokens with single-use enforcement
- Revoke sessions on sign-out, forced expiry, or admin-initiated revocation
- Enforce per-tenant signing key isolation from first deployment
Interfaces
POST /auth/login
POST /auth/refresh
POST /auth/logout
login(email: String, password: String) → AuthResult
refresh(refreshToken: String) → TokenPair
revoke(sessionId: String) → void
revokeAllSessions(userId: String) → void
lookupIdentity(accessToken: String) → Identity
Relationships
Dependencies (3)
Components this component depends on
Dependents (5)
Components that depend on this component
Related Data Entities (5)
Data entities managed by this component