# AuthService Component ## Purpose Handle user authentication (login/logout) with JWT tokens. ## Public API ### Methods #### login(email: str, password: str) -> AuthResult Authenticate user with email and password. **Parameters:** - `email`: User email address - `password`: User password **Returns:** - `AuthResult` with access_token, refresh_token, expires_in **Raises:** - `InvalidCredentialsError`: Email or password incorrect - `AccountLockedError`: Account temporarily locked - `ValidationError`: Invalid input format #### logout(user_id: str, token_id: str) -> bool Invalidate a specific session/token. **Parameters:** - `user_id`: User ID - `token_id`: JWT jti (token identifier) **Returns:** True if successful #### logout_all(user_id: str) -> int Invalidate all sessions for a user. **Parameters:** - `user_id`: User ID **Returns:** Number of sessions invalidated #### refresh(refresh_token: str) -> AuthResult Get new access token from refresh token. **Parameters:** - `refresh_token`: Valid refresh token **Returns:** New AuthResult with access_token **Raises:** - `InvalidTokenError`: Token expired or invalid --- ## Dependencies - `TokenService`: JWT generation/validation - `SessionStore`: Track active sessions - `UserRepository`: Fetch user data - `PasswordService`: Verify password (from F-003) ## Configuration ```python LOGIN_RATE_LIMIT = 10 # attempts per window RATE_LIMIT_WINDOW = 900 # 15 minutes ACCOUNT_LOCKOUT_DURATION = 1800 # 30 minutes