Skip to main content
The AuthService handles user authentication, including login operations and token management. It provides secure authentication for riders in the DPM Delivery Mobile app.

Service Creation

import { createAuthService } from '@/services/auth/auth.service';
import { httpClient } from '@/services/http.service';

const authService = createAuthService(httpClient);
Source: src/services/auth/auth.service.ts:5-9

Methods

login

Authenticates a rider using phone number and password. 
authService.login(data: LoginSchemaInput): ApiResponse<LoginResponse>

Parameters

data
LoginSchemaInput
required
Login credentials object
data.phone
string
required
The rider’s phone number. Must be a non-empty string.
data.password
string
required
The rider’s password. Must be a non-empty string matching the password validation rules.

Response

user
User
required
The authenticated user object
user.id
string
Unique user identifier
user.phone
string
User’s phone number
user.email
string | null
User’s email address (optional)
user.fullName
string
User’s full name
user.address
string | null
User’s address (optional)
user.profilePicture
string | null
URL to user’s profile picture (optional)
user.isVerified
boolean
Whether the user’s account is verified
user.role
Role
User’s role information
user.role.id
number
Role identifier
user.role.name
string
Role name (e.g., “rider”, “admin”)
user.wallet
Wallet | null
User’s wallet information (if available)
user.wallet.id
string
Wallet identifier
user.wallet.balance
string
Current wallet balance
user.wallet.totalEarned
string
Total amount earned
user.rider
RiderInfo
Rider-specific information
user.rider.id
string
Rider profile identifier
user.rider.bikeRegistrationNumber
string
Bike registration number
user.rider.bikeType
string
Type of bike (e.g., “motorcycle”, “bicycle”)
user.rider.bikeColor
string
Bike color
user.rider.bikeBrand
string
Bike brand/manufacturer
user.rider.bikeModel
string
Bike model
user.rider.bikeYear
number
Bike manufacturing year
user.rider.bikeImage
string
URL to bike image
user.rider.identificationDocumentNumber
string
ID document number
user.rider.identificationDocumentType
string
Type of ID document (e.g., “passport”, “driver_license”)
user.rider.identificationDocumentImage
string
URL to ID document image
user.rider.documentExpiryDate
string
ID document expiry date (ISO 8601 format)
user.isDefaultPassword
boolean
Whether the user is still using the default password
accessToken
string
required
JWT access token for authenticated API requests

Example Usage

import { authService } from '@/services';
import { Storage, StorageKeys } from '@/utils/storage';

try {
  const response = await authService.login({
    phone: '+237670000000',
    password: 'SecurePass123!',
  });

  // Store the access token
  await Storage.setToken(StorageKeys.AUTH_TOKEN, response.data.accessToken);

  // Store user data
  await Storage.setItem(StorageKeys.USER, JSON.stringify(response.data.user));

  console.log('Login successful:', response.data.user.fullName);
} catch (error) {
  if (error.isApiError) {
    console.error('Login failed:', error.message);
    // Handle specific error cases
    if (error.status === 401) {
      console.error('Invalid credentials');
    }
  }
}

Request Validation

The login request is validated using Zod schema: 
const loginSchema = z.object({
  phone: z
    .string()
    .min(1, 'Phone number is required'),
  password: z
    .string()
    .min(1, 'Password is required')
    .regex(validationRules.Password, 'Invalid password'),
});
Source: src/modules/auth/validations.ts:5-13

API Endpoint

The login method calls the following endpoint: 
POST /auth/login
Source: src/services/api/end-points.ts:7-9

Token Storage

After successful login, tokens should be stored securely: 
import { Storage, StorageKeys } from '@/utils/storage';

// Store access token
await Storage.setToken(StorageKeys.AUTH_TOKEN, accessToken);

// Store refresh token (if provided)
await Storage.setToken(StorageKeys.REFRESH_TOKEN, refreshToken);

// Store user data
await Storage.setItem(StorageKeys.USER, JSON.stringify(user));

Error Handling

The login method can throw the following errors:

401 Unauthorized

{
  "message": "Non autorisé: Veuillez vous reconnecter",
  "status": 401,
  "isApiError": true
}
Caused by:
  • Invalid phone number
  • Incorrect password
  • Account locked or disabled

422 Validation Error

{
  "message": "Erreur de validation",
  "status": 422,
  "data": {
    "message": "Validation failed",
    "errors": [
      {
        "field": "phone",
        "message": "Phone number is required"
      }
    ]
  },
  "isApiError": true
}
Caused by:
  • Missing required fields
  • Invalid field formats
  • Password doesn’t meet requirements

Network Errors

{
  "message": "Erreur de connexion: Vérifiez votre connexion internet",
  "code": "NETWORK_ERROR",
  "isApiError": true
}
Caused by:
  • No internet connection
  • Server unreachable
  • Request timeout

Authentication Flow

Type Definitions

LoginSchemaInput

interface LoginSchemaInput {
  phone: string;
  password: string;
}

LoginResponse

interface LoginResponse {
  user: User;
  accessToken: string;
}
Source: src/types/auth.types.ts:49-52

User

interface User {
  id: string;
  createdAt: string;
  updatedAt: string;
  deletedAt?: any;
  phone: string;
  email?: any;
  fullName: string;
  address?: string | null;
  profilePicture?: string | null;
  isVerified: boolean;
  role: Role;
  wallet: Wallet | null;
  rider: RiderInfo;
  isDefaultPassword: boolean;
}
Source: src/types/auth.types.ts:3-23

Security Considerations

  • Never store passwords in plain text or logs
  • Always use HTTPS for login requests
  • Implement rate limiting to prevent brute force attacks
  • Clear tokens on logout
  • Validate password strength on registration

Users Service

Manage user profile and wallet

Services Overview

Back to services overview

Build docs developers (and LLMs) love

Get started for freeTalk to us