Overview The Auth models define data structures for authentication, login, token refresh, and session management. These models handle the authentication flow in the Rodando Passenger app.
Authentication Request Models LoginPayload Payload for user login requests.
User ID (alternative to email/phone)
User’s email address (required if phoneNumber not provided)
User’s phone number (required if email not provided)
User’s current geographic location Application platform making the request. One of: 'driver_app', 'passenger_app', 'admin_panel', or 'api_client'
Expected user type for validation. One of: 'passenger', 'driver', or 'admin'
export type AppAudience = 'driver_app' | 'passenger_app' | 'admin_panel' | 'api_client' ; export interface LoginPayload { id ?: string ; email ?: string ; phoneNumber ?: string ; password : string ; location ?: Location ; appAudience : AppAudience ; expectedUserType : UserType ; }
Either email or phoneNumber must be provided, but not both.
Authentication Response Models BaseAuthResponse Base interface containing common fields returned by login and refresh endpoints.
JWT access token for authenticating API requests
Access token expiration time in epoch milliseconds
Refresh token expiration time in epoch milliseconds
Session ID (JWT token identifier). Primarily present in refresh responses
Type of session created. One of: 'web', 'mobile_app', 'admin_panel', or 'api_client'
export interface BaseAuthResponse { accessToken : string ; accessTokenExpiresAt : number ; refreshTokenExpiresAt ?: number ; sid ?: string ; sessionType : SessionType ; }
LoginResponseMobile Login response for mobile applications. Includes refresh token in response body.
JWT refresh token (included in body for mobile apps)
Extends all fields from BaseAuthResponse.
export interface LoginResponseMobile extends BaseAuthResponse { refreshToken : string ; }
LoginResponseWeb Login response for web applications. Refresh token sent via HTTP-only cookie.
Refresh token is NOT included in body for web (sent as HTTP-only cookie)
Extends all fields from BaseAuthResponse.
export interface LoginResponseWeb extends BaseAuthResponse { refreshToken ?: never ; }
LoginResponse Unified type for login responses across platforms.
export type LoginResponse = LoginResponseMobile | LoginResponseWeb ;
RefreshResponseMobile Token refresh response for mobile applications.
New refresh token (included in body for mobile apps)
Extends all fields from BaseAuthResponse.
export interface RefreshResponseMobile extends BaseAuthResponse { refreshToken : string ; }
RefreshResponseWeb Token refresh response for web applications.
Refresh token is NOT included in body for web (sent as HTTP-only cookie)
Extends all fields from BaseAuthResponse.
export interface RefreshResponseWeb extends BaseAuthResponse { refreshToken ?: never ; }
RefreshResponse Unified type for refresh responses across platforms.
export type RefreshResponse = RefreshResponseMobile | RefreshResponseWeb ;
Session and Device Models SessionType Enum defining available session types.
export enum SessionType { WEB = 'web' , MOBILE_APP = 'mobile_app' , ADMIN_PANEL = 'admin_panel' , API_CLIENT = 'api_client' , }
Values:
WEB - Web browser sessionMOBILE_APP - Mobile application sessionADMIN_PANEL - Admin panel sessionAPI_CLIENT - API client session
DeviceInfo Information about the client device.
Operating system (e.g., ‘iOS’, ‘Android’, ‘Windows’)
export interface DeviceInfo { os ?: string ; browser ?: string ; model ?: string ; appVersion ?: string ; }
Location Geographic location information.
export interface Location { latitude : number ; longitude : number ; city ?: string ; country ?: string ; }
Error Models ApiError Standard error structure for API responses.
Application-specific error code
Validation errors by field name Example: { "email": ["Email is required", "Invalid email format"] }
Raw error data from the server
URL that caused the error
export interface ApiError { status ?: number ; message : string ; code ?: string ; validation ?: Record < string , string []>; raw ?: any ; url ?: string | null ; }
Supporting Types ApiResponse Generic wrapper for all API responses.
Whether the request was successful
Response data (generic type)
Error details if request failed
Pagination metadata for list responses
export interface ApiResponse < T > { success : boolean ; message : string ; data : T ; error ?: ApiError ; meta ?: PaginationMeta ; }
Pagination information for list responses.
Current page number (1-based)
export interface PaginationMeta { page ?: number ; limit ?: number ; total ?: number ; totalPages ?: number ; }
Usage Examples Login (Mobile App) import { LoginPayload , LoginResponseMobile , SessionType } from '@/app/core/models/auth' ; import { UserType } from '@/app/core/models/user/user.auxiliary' ; import { HttpClient } from '@angular/common/http' ; import { ApiResponse } from '@/app/core/models/api' ; const loginData : LoginPayload = { email: '[email protected] ' , password: 'SecurePassword123!' , appAudience: 'passenger_app' , expectedUserType: UserType . Passenger , location: { latitude: 23.1136 , longitude: - 82.3666 , city: 'La Habana' , country: 'Cuba' } }; this . http . post < ApiResponse < LoginResponseMobile >>( '/auth/login' , loginData ) . subscribe ( response => { if ( response . success ) { const { accessToken , refreshToken , sessionType } = response . data ; // Store tokens securely localStorage . setItem ( 'accessToken' , accessToken ); localStorage . setItem ( 'refreshToken' , refreshToken ); console . log ( 'Session type:' , sessionType ); // 'mobile_app' } });
Login with Phone Number const loginData : LoginPayload = { phoneNumber: '+53 5555 1234' , password: 'MyPassword456!' , appAudience: 'passenger_app' , expectedUserType: UserType . Passenger };
Token Refresh (Mobile) import { RefreshResponseMobile } from '@/app/core/models/auth/auth.response' ; const refreshToken = localStorage . getItem ( 'refreshToken' ); this . http . post < ApiResponse < RefreshResponseMobile >>( '/auth/refresh' , { refreshToken } ). subscribe ( response => { if ( response . success ) { const { accessToken , refreshToken : newRefreshToken , sid } = response . data ; // Update stored tokens localStorage . setItem ( 'accessToken' , accessToken ); localStorage . setItem ( 'refreshToken' , newRefreshToken ); console . log ( 'Session ID:' , sid ); } });
Handling Authentication Errors import { ApiError } from '@/app/core/models/api' ; import { catchError } from 'rxjs/operators' ; import { throwError } from 'rxjs' ; this . http . post < ApiResponse < LoginResponseMobile >>( '/auth/login' , loginData ) . pipe ( catchError (( error ) => { const apiError : ApiError = { status: error . status , message: error . error ?. message || 'Login failed' , code: error . error ?. code , validation: error . error ?. validation , url: error . url }; if ( apiError . validation ) { // Handle validation errors Object . keys ( apiError . validation ). forEach ( field => { console . error ( ` ${ field } :` , apiError . validation ! [ field ]. join ( ', ' )); }); } return throwError (() => apiError ); }) ) . subscribe ({ next : ( response ) => console . log ( 'Login successful' ), error : ( error : ApiError ) => console . error ( 'Login error:' , error . message ) });
Checking Token Expiration import { LoginResponseMobile } from '@/app/core/models/auth/auth.response' ; function isTokenExpired ( response : LoginResponseMobile ) : boolean { const now = Date . now (); return now >= response . accessTokenExpiresAt ; } function shouldRefreshToken ( response : LoginResponseMobile ) : boolean { const now = Date . now (); const fiveMinutes = 5 * 60 * 1000 ; // Refresh if token expires in less than 5 minutes return ( response . accessTokenExpiresAt - now ) < fiveMinutes ; }
Session Type Handling import { SessionType } from '@/app/core/models/auth/auth.auxiliary' ; function getSessionStorageKey ( sessionType : SessionType ) : string { switch ( sessionType ) { case SessionType . MOBILE_APP : return 'mobile_session' ; case SessionType . WEB : return 'web_session' ; case SessionType . ADMIN_PANEL : return 'admin_session' ; default : return 'api_session' ; } }
Authentication Flow Typical authentication flow in the Rodando Passenger app:
User Login : Send LoginPayload to /auth/loginReceive Tokens : Get LoginResponseMobile with access and refresh tokensStore Tokens : Securely store both tokens (use secure storage on mobile)Use Access Token : Include in Authorization header for API requestsMonitor Expiration : Check accessTokenExpiresAt before requestsRefresh When Needed : Use refresh token to get new access tokenUpdate Tokens : Replace old tokens with new ones from refresh response
// Authorization header format const headers = { 'Authorization' : `Bearer ${ accessToken } ` };
Security Best Practices
Never log or expose tokens in production
Use secure storage for tokens on mobile devices
Always use HTTPS for authentication requests
Implement automatic token refresh before expiration
Clear tokens on logout
Validate expectedUserType matches actual user type
