auth
Workspace API / types/auth
types/auth
Authentication types for JWT tokens, sessions, and MFA.
Interfaces
RefreshToken
Defined in: types/auth.ts:13
Refresh token stored in database for token rotation security.
Properties
token_id
token_id:
string
Defined in: types/auth.ts:15
Unique token identifier
user_id
user_id:
string
Defined in: types/auth.ts:17
User who owns this token
token_hash
token_hash:
string
Defined in: types/auth.ts:19
SHA-256 hash of the actual token (never store raw)
expires_at
expires_at:
Date
Defined in: types/auth.ts:21
When this token expires
created_at
created_at:
Date
Defined in: types/auth.ts:23
When this token was created
last_used_at?
optionallast_used_at:Date
Defined in: types/auth.ts:25
Last time this token was used to refresh
user_agent?
optionaluser_agent:string
Defined in: types/auth.ts:27
Browser user agent for security tracking
ip_address?
optionalip_address:string
Defined in: types/auth.ts:29
Client IP address for security tracking
is_revoked
is_revoked:
boolean
Defined in: types/auth.ts:31
Whether token has been revoked (logout, security event)
UserSession
Defined in: types/auth.ts:37
User session for tracking active logins.
Properties
session_id
session_id:
string
Defined in: types/auth.ts:39
Unique session identifier
user_id
user_id:
string
Defined in: types/auth.ts:41
User who owns this session
organization_id?
optionalorganization_id:string
Defined in: types/auth.ts:43
Current organization context (optional)
session_token
session_token:
string
Defined in: types/auth.ts:45
Session token for validation
expires_at
expires_at:
Date
Defined in: types/auth.ts:47
When this session expires
created_at
created_at:
Date
Defined in: types/auth.ts:49
When this session was created
last_activity_at
last_activity_at:
Date
Defined in: types/auth.ts:51
Last activity timestamp
user_agent?
optionaluser_agent:string
Defined in: types/auth.ts:53
Browser user agent
ip_address?
optionalip_address:string
Defined in: types/auth.ts:55
Client IP address
is_active
is_active:
boolean
Defined in: types/auth.ts:57
Whether session is currently active
MfaCode
Defined in: types/auth.ts:63
Multi-factor authentication code stored in database.
Properties
user_id
user_id:
string
Defined in: types/auth.ts:65
User this code belongs to
code
code:
string
Defined in: types/auth.ts:67
The MFA verification code
expires_at
expires_at:
Date
Defined in: types/auth.ts:69
When this code expires (typically 5-10 minutes)
created_at
created_at:
Date
Defined in: types/auth.ts:71
When this code was generated
attempts
attempts:
number
Defined in: types/auth.ts:73
Number of failed verification attempts
is_used
is_used:
boolean
Defined in: types/auth.ts:75
Whether code has been successfully used
LoginRequest
Defined in: types/auth.ts:85
Login request payload.
Properties
email
email:
string
Defined in: types/auth.ts:87
User's email address
password
password:
string
Defined in: types/auth.ts:89
User's password (plain text, will be verified against hash)
RegisterRequest
Defined in: types/auth.ts:95
User registration request payload.
Properties
email
email:
string
Defined in: types/auth.ts:97
Email address (must be unique)
password
password:
string
Defined in: types/auth.ts:99
Password (will be hashed before storage)
firstName?
optionalfirstName:string
Defined in: types/auth.ts:101
User's first name
lastName?
optionallastName:string
Defined in: types/auth.ts:103
User's last name
title?
optionaltitle:string
Defined in: types/auth.ts:105
Professional title
phone?
optionalphone:string
Defined in: types/auth.ts:107
Phone number
inviteToken?
optionalinviteToken:string
Defined in: types/auth.ts:109
Organization invitation token (joins org on registration)
MfaVerifyRequest
Defined in: types/auth.ts:115
MFA code verification request.
Properties
email
email:
string
Defined in: types/auth.ts:117
User's email address
code
code:
string
Defined in: types/auth.ts:119
MFA code from email
AuthResponse
Defined in: types/auth.ts:125
Authentication response returned from login/register endpoints.
Properties
success
success:
boolean
Defined in: types/auth.ts:127
Whether authentication succeeded
accessToken?
optionalaccessToken:string
Defined in: types/auth.ts:129
JWT access token (short-lived)
refreshToken?
optionalrefreshToken:string
Defined in: types/auth.ts:131
JWT refresh token (long-lived)
user?
optionaluser:object
Defined in: types/auth.ts:133
Authenticated user info
id
id:
string
email
email:
string
name?
optionalname:string
organizations?
optionalorganizations:any[]
Defined in: types/auth.ts:139
User's organization memberships
message?
optionalmessage:string
Defined in: types/auth.ts:141
Human-readable message
mfaRequired?
optionalmfaRequired:boolean
Defined in: types/auth.ts:143
If true, MFA verification required before tokens issued
RefreshTokenRequest
Defined in: types/auth.ts:149
Token refresh request payload.
Properties
refreshToken
refreshToken:
string
Defined in: types/auth.ts:151
The refresh token to exchange for new tokens
JwtPayload
Defined in: types/auth.ts:161
JWT token payload structure embedded in access/refresh tokens.
Properties
userId
userId:
string
Defined in: types/auth.ts:163
User's unique identifier
email
email:
string
Defined in: types/auth.ts:165
User's email address
organizations
organizations:
JwtOrganizationRole[]
Defined in: types/auth.ts:167
User's organization memberships with roles
service_account?
optionalservice_account:boolean
Defined in: types/auth.ts:169
True if this is a service account token (no user)
iat?
optionaliat:number
Defined in: types/auth.ts:171
Issued at timestamp (auto-set by JWT library)
exp?
optionalexp:number
Defined in: types/auth.ts:173
Expiration timestamp (auto-set by JWT library)
JwtOrganizationRole
Defined in: types/auth.ts:180
Organization role embedded in JWT for stateless authorization. Uses legacy role names for backward compatibility.
Properties
organizationId
organizationId:
string
Defined in: types/auth.ts:182
Organization's unique identifier
organizationName
organizationName:
string
Defined in: types/auth.ts:184
Organization's display name
role
role:
"admin"|"member"|"guest"
Defined in: types/auth.ts:186
User's role in this organization