Skip to main content

Overview

The authentication models handle login, token refresh, and session management for different platforms (web and mobile).

Payload Models

LoginPayload

Payload for login requests. Requires either email or phoneNumber, along with password. Source: src/app/core/models/auth/auth.payload.ts:8 
interface LoginPayload {
  email?: string;
  phoneNumber?: string;
  password: string;
  location?: Location;
  appAudience: AppAudience;
  expectedUserType: UserType;
}
email
string
User’s email address. Either email or phoneNumber is required.
phoneNumber
string
User’s phone number. Either email or phoneNumber is required.
password
string
required
User’s password for authentication.
location
Location
Geographic location of the user at login time.
appAudience
AppAudience
required
Identifies which application is making the request.Possible values: driver_app | passenger_app | admin_panel | api_client
expectedUserType
UserType
required
The expected user type for this login attempt.Enum values: passenger | driver | admin
{
  "email": "[email protected]",
  "password": "SecurePassword123!",
  "location": {
    "latitude": 40.7128,
    "longitude": -74.0060,
    "city": "New York",
    "country": "USA"
  },
  "appAudience": "driver_app",
  "expectedUserType": "driver"
}

Response Models

BaseAuthResponse

Common fields returned by the backend in login/refresh responses. Source: src/app/core/models/auth/auth.response.ts:4 
interface BaseAuthResponse {
  accessToken: string;
  accessTokenExpiresAt: number;
  refreshTokenExpiresAt?: number;
  sid?: string;
  sessionType: SessionType;
}
accessToken
string
required
JWT access token for authenticating API requests.
accessTokenExpiresAt
number
required
Expiration timestamp for the access token in epoch milliseconds.
refreshTokenExpiresAt
number
Expiration timestamp for the refresh token in epoch milliseconds. Present in login/refresh responses.
sid
string
Session ID (JTI). Primarily present in refresh responses.
sessionType
SessionType
required
Type of session being created.Enum values: web | mobile_app | admin_panel | api_client

LoginResponse

Unified response type for login requests. Returns different formats for mobile and web platforms. Source: src/app/core/models/auth/auth.response.ts:24 
type LoginResponse = LoginResponseMobile | LoginResponseWeb;

LoginResponseMobile

Login response for mobile applications. Includes refresh token in the response body. Source: src/app/core/models/auth/auth.response.ts:13 
interface LoginResponseMobile extends BaseAuthResponse {
  refreshToken: string;
}
refreshToken
string
required
JWT refresh token for obtaining new access tokens. Included in response body for mobile apps.
...BaseAuthResponse
BaseAuthResponse
All properties from BaseAuthResponse are included.
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "accessTokenExpiresAt": 1709654400000,
  "refreshTokenExpiresAt": 1712246400000,
  "sid": "550e8400-e29b-41d4-a716-446655440000",
  "sessionType": "mobile_app"
}

LoginResponseWeb

Login response for web applications. Refresh token is sent via HTTP-only cookie, not in response body. Source: src/app/core/models/auth/auth.response.ts:18 
interface LoginResponseWeb extends BaseAuthResponse {
  refreshToken?: never;
}
refreshToken
never
Explicitly absent from response body. Refresh token is set as HTTP-only cookie for web clients.
...BaseAuthResponse
BaseAuthResponse
All properties from BaseAuthResponse are included.
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "accessTokenExpiresAt": 1709654400000,
  "refreshTokenExpiresAt": 1712246400000,
  "sessionType": "web"
}

RefreshResponse

Unified response type for token refresh requests. Returns different formats for mobile and web platforms. Source: src/app/core/models/auth/auth.response.ts:35 
type RefreshResponse = RefreshResponseMobile | RefreshResponseWeb;

RefreshResponseMobile

Refresh response for mobile applications. Includes new refresh token in the response body. Source: src/app/core/models/auth/auth.response.ts:27 
interface RefreshResponseMobile extends BaseAuthResponse {
  refreshToken: string;
}
refreshToken
string
required
New JWT refresh token. Mobile apps receive the refresh token in the response body.
...BaseAuthResponse
BaseAuthResponse
All properties from BaseAuthResponse are included.
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "accessTokenExpiresAt": 1709654400000,
  "refreshTokenExpiresAt": 1712246400000,
  "sid": "550e8400-e29b-41d4-a716-446655440000",
  "sessionType": "mobile_app"
}

RefreshResponseWeb

Refresh response for web applications. New refresh token is sent via HTTP-only cookie. Source: src/app/core/models/auth/auth.response.ts:31 
interface RefreshResponseWeb extends BaseAuthResponse {
  refreshToken?: never;
}
refreshToken
never
Explicitly absent from response body. New refresh token is set as HTTP-only cookie.
...BaseAuthResponse
BaseAuthResponse
All properties from BaseAuthResponse are included.
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "accessTokenExpiresAt": 1709654400000,
  "sid": "550e8400-e29b-41d4-a716-446655440000",
  "sessionType": "web"
}

Auxiliary Types

SessionType

Enumeration of available session types for authentication. Source: src/app/core/models/auth/auth.auxiliary.ts:4 
enum SessionType {
  WEB = 'web',
  MOBILE_APP = 'mobile_app',
  ADMIN_PANEL = 'admin_panel',
  API_CLIENT = 'api_client',
}
WEB
string
Web browser session. Value: 'web'
MOBILE_APP
string
Mobile application session. Value: 'mobile_app'
ADMIN_PANEL
string
Admin panel session. Value: 'admin_panel'
API_CLIENT
string
API client session. Value: 'api_client'

DeviceInfo

Information about the device initiating the login. Source: src/app/core/models/auth/auth.auxiliary.ts:14 
interface DeviceInfo {
  os?: string;
  browser?: string;
  model?: string;
  appVersion?: string;
}
os
string
Operating system name and version (e.g., “iOS 16.5”, “Android 13”).
browser
string
Browser name and version (e.g., “Chrome 120”, “Safari 17”).
model
string
Device model (e.g., “iPhone 14 Pro”, “Samsung Galaxy S23”).
appVersion
string
Application version number (e.g., “2.3.1”).

Location

Geographic location information. Source: src/app/core/models/auth/auth.auxiliary.ts:24 
interface Location {
  latitude: number;
  longitude: number;
  city?: string;
  country?: string;
}
latitude
number
required
Geographic latitude coordinate.
longitude
number
required
Geographic longitude coordinate.
city
string
City name.
country
string
Country name.

AppAudience

Type alias identifying which application is making the request. Source: src/app/core/models/auth/auth.payload.ts:3 
type AppAudience = 'driver_app' | 'passenger_app' | 'admin_panel' | 'api_client';
driver_app
string
Request from the driver mobile application.
passenger_app
string
Request from the passenger mobile application.
admin_panel
string
Request from the administrative web panel.
api_client
string
Request from an external API client.

Build docs developers (and LLMs) love

Get started for freeTalk to us