| UserService | |
| AccessTokenRepository | Pure domain repository for access tokens. |
| DeviceCodeRepository | Pure domain repository for device codes. |
| RefreshTokenRepository | Pure domain repository for refresh tokens. |
| PasswordResetTokenRepository | |
| ThirdPartyCredentialRepository | |
| AuthCodeRepository | Pure domain repository for authorization codes. |
| ClientRepository | Pure domain repository for OAuth clients. |
| PasskeyRepository | |
| AccessTokenRepository | Anti-corruption layer adapting the league/oauth2-server AccessTokenRepositoryInterface
to our domain repository. |
| DeviceCodeRepository | Anti-corruption layer adapting the league/oauth2-server DeviceCodeRepositoryInterface
to our domain repository. |
| RefreshTokenRepository | Anti-corruption layer adapting the league/oauth2-server RefreshTokenRepositoryInterface
to our domain repository. |
| AuthCodeRepository | Anti-corruption layer adapting the league/oauth2-server AuthCodeRepositoryInterface
to our domain repository. |
| ClientRepository | Anti-corruption layer adapting the league/oauth2-server ClientRepositoryInterface
to our domain repository. |
| ScopeRepository | Anti-corruption layer implementing the league/oauth2-server ScopeRepositoryInterface. |
| DpopTokenResponse | |
| RedisDpopJtiCache | |
| CachedAccessTokenRepository | Decorator that caches token revocation status in Redis. |
| DpopAwareBearerTokenValidator | Extends BearerTokenValidator to read client_id from a dedicated JWT claim
and validate the aud claim against the configured resource server identifier. |
| TotpService | |
| PasskeyService | WebAuthn ceremony handler using web-auth/webauthn-lib directly. |
| PasswordAuthenticator | |
| RateLimitListener | Kernel event listener that enforces rate limits on auth endpoints. |
| DpopJwkThumbprint | |
| PasskeyAuthenticator | |
| DpopBindingListener | |
| SecurityUser | |
| AuthorizationServerFactory | Factory for creating the league/oauth2-server AuthorizationServer instance. |
| DpopNonceManager | |
| ScopeResolver | Maps OAuth 2.0 scope identifier strings to domain Scope value objects. |
| LibraryAccessService | Application service for checking and resolving library access. |
| OAuth2Authenticator | Authenticates API requests using OAuth 2.0 Bearer tokens. |
| JwtGenerator | Generates RS256-signed JWTs compatible with league/oauth2-server's BearerTokenValidator. |
| ResourceServerFactory | Factory for creating the league/oauth2-server ResourceServer instance. |
| PasswordHasher | |
| UserProvider | |
| AdminVoter | Voter for administrative access control. |
| PlaylistVoter | Voter for Playlist resource access control. |
| LibraryVoter | Voter for Library resource access control. |
| SongVoter | Voter for Song resource access control. |
| AlbumVoter | Voter for Album resource access control. |
| DpopProofValidator | |
| AuthenticatorCounterChecker | Custom counter checker that detects cloned authenticators. |
| TotpVerifier | |
| BackupStatusChangedListener | |
| BackupEligibilityChangedListener | |
| UserRepository | |