Skip to content

E1-F2: User Authentication

Epic: E1: User & Profile Management

Size: S (Small)

Problem / Outcome

Users need to log in to access ticketing features.

Scope

In-Scope:

  • POST /auth/login endpoint
  • JWT token generation
  • Refresh token mechanism
  • Logout endpoint

Out-of-Scope:

  • SSO authentication
  • 2FA

Acceptance Criteria

  • AC1: Given valid credentials, when user logs in, then JWT access token and refresh token are returned
  • AC2: Given invalid credentials, when user logs in, then error "Invalid credentials" is returned
  • AC3: Given valid refresh token, when user requests new access token, then new tokens are issued

Data Model Impact

Session table:
- id (UUID, PK)
- user_id (UUID, FK)
- refresh_token_hash (VARCHAR)
- expires_at (TIMESTAMP)

Permissions/Roles

  • Public (no auth required for login)

How to Verify

npm test -- --grep "authentication"

Expected: Login returns valid JWT, refresh works, invalid credentials rejected.

Dependencies

  • E1-F1: User Registration API

Implementation Tasks

See E1: User & Profile Tasks

Last Updated: January 2026