Auth

Repository interface for OAuth clients.

Interface

ClassDescription
ClientResource
UserResource
TokenResource
DeviceAuthorizeRequest
DeviceApproveRequest
RevokeTokenRequest
DisableTotpRequest
RefreshTokenRequest
LoginRequest
RegisterRequest
RegisterPasskeyRequest
WebAuthnOptionsRequest
RequestPasswordResetRequest
EnableTotpRequest
VerifyPasskeyChallengeRequest
VerifyEmailRequest
UpdateProfileRequest
CreateClientRequest
SetupClientsCommand
RotateSecretsCommand
CreateUserCommand
AuthController
PasskeyController
JwksController
AuthorizationServerMetadataController
LoginController
ClientController
TotpController
PasskeyLoginController
OAuthController

Application

ClassDescription
PasswordHasherInterface
JwtGeneratorInterface
TotpVerifierInterface
DpopJtiCacheInterface
PasskeyVerifierInterfacePort for WebAuthn ceremony verification operations.
UserPortInterface
PasswordResetTokenRepositoryInterface
ScopeAllowlistEnforces scope allowlists per grant type to prevent privilege escalation.
LoginUserHandler
RequestPasswordResetHandler
ApproveDeviceCodeHandlerHandler for approving an OAuth 2.0 Device Code authorization (RFC 8628).
EnableTotpHandler
CreateUserHandler
RevokeTokenHandlerHandler for revoking OAuth 2.0 tokens.
IssueTokenHandlerHandler for issuing OAuth 2.0 tokens across all supported grant types.
DisableTotpHandler
RegisterUserHandler
RefreshTokenHandlerHandler for the Refresh Token grant (token rotation).
RegisterPasskeyHandler
AuthenticatePasskeyHandler
RevokeTokenCommandCommand DTO for revoking an OAuth 2.0 token.
AuthenticatePasskeyCommand
RegisterPasskeyCommand
ApproveDeviceCodeCommandCommand DTO for approving an OAuth 2.0 device code authorization (RFC 8628).
DisableTotpCommand
RequestPasswordResetCommand
IssueTokenCommandCommand DTO for issuing an OAuth 2.0 token.
RegisterUserCommand
EnableTotpCommand
RefreshTokenCommandCommand DTO for refreshing an OAuth 2.0 access token.
CreateUserCommand
LoginUserCommand
TokenResponseDTODTO representing a successful token issuance response.
RegisterUserDTO
RequestPasswordResetDTO
LoginUserDTO

Infrastructure

ClassDescription
UserService
AccessTokenRepositoryPure domain repository for access tokens.
DeviceCodeRepositoryPure domain repository for device codes.
RefreshTokenRepositoryPure domain repository for refresh tokens.
PasswordResetTokenRepository
ThirdPartyCredentialRepository
AuthCodeRepositoryPure domain repository for authorization codes.
ClientRepositoryPure domain repository for OAuth clients.
PasskeyRepository
AccessTokenRepositoryAnti-corruption layer adapting the league/oauth2-server AccessTokenRepositoryInterface to our domain repository.
DeviceCodeRepositoryAnti-corruption layer adapting the league/oauth2-server DeviceCodeRepositoryInterface to our domain repository.
RefreshTokenRepositoryAnti-corruption layer adapting the league/oauth2-server RefreshTokenRepositoryInterface to our domain repository.
AuthCodeRepositoryAnti-corruption layer adapting the league/oauth2-server AuthCodeRepositoryInterface to our domain repository.
ClientRepositoryAnti-corruption layer adapting the league/oauth2-server ClientRepositoryInterface to our domain repository.
ScopeRepositoryAnti-corruption layer implementing the league/oauth2-server ScopeRepositoryInterface.
DpopTokenResponse
RedisDpopJtiCache
CachedAccessTokenRepositoryDecorator that caches token revocation status in Redis.
DpopAwareBearerTokenValidatorExtends BearerTokenValidator to read client_id from a dedicated JWT claim and validate the aud claim against the configured resource server identifier.
TotpService
PasskeyServiceWebAuthn ceremony handler using web-auth/webauthn-lib directly.
PasswordAuthenticator
RateLimitListenerKernel event listener that enforces rate limits on auth endpoints.
DpopJwkThumbprint
PasskeyAuthenticator
DpopBindingListener
SecurityUser
AuthorizationServerFactoryFactory for creating the league/oauth2-server AuthorizationServer instance.
DpopNonceManager
ScopeResolverMaps OAuth 2.0 scope identifier strings to domain Scope value objects.
LibraryAccessServiceApplication service for checking and resolving library access.
OAuth2AuthenticatorAuthenticates API requests using OAuth 2.0 Bearer tokens.
JwtGeneratorGenerates RS256-signed JWTs compatible with league/oauth2-server's BearerTokenValidator.
ResourceServerFactoryFactory for creating the league/oauth2-server ResourceServer instance.
PasswordHasher
UserProvider
AdminVoterVoter for administrative access control.
PlaylistVoterVoter for Playlist resource access control.
LibraryVoterVoter for Library resource access control.
SongVoterVoter for Song resource access control.
AlbumVoterVoter for Album resource access control.
DpopProofValidator
AuthenticatorCounterCheckerCustom counter checker that detects cloned authenticators.
TotpVerifier
BackupStatusChangedListener
BackupEligibilityChangedListener
UserRepository

Domain

ClassDescription
ThirdPartyCredentialRepositoryInterface
UserRepositoryInterface
DeviceCodeRepositoryInterface
PasskeyRepositoryInterface
RefreshTokenRepositoryInterface
AuthCodeRepositoryInterface
AccessTokenRepositoryInterface
ClientRepositoryInterfaceRepository interface for OAuth clients.
UserCreatedByOperator
PasswordChanged
TokenIssued
DeviceCodeApproved
EmailVerified
UserRegistered
PasskeyRegistered
TokenRevoked
PasskeyDeleted
TokenChainValidatorDomain service for validating refresh token chain integrity.
PasskeyStateInternal state for Passkey aggregate root.
Passkey
ClientOAuth 2.0 Client aggregate root.
UserStateInternal state for User aggregate root.
ClientStateInternal state for Client aggregate root.
DeviceCodeStateInternal state for DeviceCode aggregate root.
AuthCodeOAuth 2.0 Authorization Code aggregate root.
DeviceCodeOAuth 2.0 Device Authorization Grant aggregate root (RFC 8628).
RefreshTokenStateInternal state for RefreshToken aggregate root.
AccessTokenStateInternal state for AccessToken aggregate root.
ClientFingerprint Value ObjectValue object representing a client fingerprint.
DpopValidationResult Value Object
ChainId Value ObjectValue object representing a token chain family.
Scope Value ObjectRepresents a single OAuth 2.0 scope string.
AuthCodeStateInternal state for AuthCode aggregate root.
TokenMetadataImmutable value object representing OAuth token metadata.
TokenIdValue object for a unique OAuth token identifier.
RefreshTokenOAuth 2.0 Refresh Token aggregate root.
ThirdPartyCredential
AccessTokenOAuth 2.0 Access Token aggregate root.
User
ThirdPartyCredentialStateInternal state for ThirdPartyCredential aggregate root.