Class AuthService

Namespace

Builvero.Application.Services

Assembly

Builvero.Application.dll

Service for handling user authentication, including signup, login, email verification, and OAuth flows. Manages JWT token generation and user session creation.

public class AuthService : IAuthService

Inheritance

object

AuthService

Implements

IAuthService

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Remarks

This service implements the complete authentication workflow:

• User signup with invitation code validation
• Email/password login with credential verification
• Email verification code generation and validation
• OAuth authentication (Google, LinkedIn) with account linking
• JWT token generation with role claims

All authentication operations include profile photo URL mapping using environment-aware logic.

Constructors

AuthService(IUserRepository, IInvitationRepository, IEmailVerificationCodeRepository, IOAuthAccountRepository, IPasswordHasher, IEmailService, ITokenGenerator, IOptions<JwtOptions>, IConfiguration, IS3Service, IHostEnvironment)

Initializes a new instance of the AuthService class.

public AuthService(IUserRepository userRepository, IInvitationRepository invitationRepository, IEmailVerificationCodeRepository verificationCodeRepository, IOAuthAccountRepository oauthAccountRepository, IPasswordHasher passwordHasher, IEmailService emailService, ITokenGenerator tokenGenerator, IOptions<JwtOptions> jwtOptions, IConfiguration configuration, IS3Service s3Service, IHostEnvironment environment)

Parameters

userRepository IUserRepository

Repository for user data access

invitationRepository IInvitationRepository

Repository for invitation code validation

verificationCodeRepository IEmailVerificationCodeRepository

Repository for email verification codes

oauthAccountRepository IOAuthAccountRepository

Repository for OAuth account linking

passwordHasher IPasswordHasher

Service for password hashing and verification

emailService IEmailService

Service for sending verification emails

tokenGenerator ITokenGenerator

Service for generating JWT tokens

jwtOptions IOptions<JwtOptions>

JWT configuration options

configuration IConfiguration

Application configuration for building verification links

s3Service IS3Service

Service for S3 operations (profile photo management)

environment IHostEnvironment

Hosting environment for environment-aware behavior

Methods

GenerateJwtTokenAsync(Guid, string, string, string, CancellationToken)

Generates a JWT (JSON Web Token) for user authentication.

public Task<string> GenerateJwtTokenAsync(Guid userId, string email, string role, string status, CancellationToken cancellationToken = default)

Parameters

userId Guid

The unique identifier of the user.

email string

The email address of the user.

role string

The role of the user (e.g., "User", "Admin", "Moderator").

status string

The status of the user account (e.g., "Active").

cancellationToken CancellationToken

Cancellation token to cancel the operation.

Returns

Task<string>

A JWT token string that can be used for authenticated API requests.

Remarks

The generated token includes the following claims:

• NameIdentifier: User's unique identifier (GUID)
• Email: User's email address
• Role: User's role

The token is signed using HMAC-SHA256 with a symmetric key from JWT configuration. Token expiration is set to 24 hours from generation time. The token issuer and audience are configured via JwtOptions.

HandleOAuthCallbackAsync(OAuthProvider, string, string, string?, string?, string?, CancellationToken)

Handles OAuth authentication callback from external providers (Google, LinkedIn, etc.).

public Task<AuthResponse> HandleOAuthCallbackAsync(OAuthProvider provider, string providerUserId, string email, string? name, string? photoUrl, string? invitationCode, CancellationToken cancellationToken = default)

Parameters

provider OAuthProvider

The OAuth provider (e.g., Google, LinkedIn).

providerUserId string

The unique user identifier from the OAuth provider.

email string

The email address from the OAuth provider.

name string

The user's full name from the OAuth provider, if available.

photoUrl string

The user's profile photo URL from the OAuth provider, if available.

invitationCode string

Optional invitation code for new user registration.

cancellationToken CancellationToken

Cancellation token to cancel the operation.

Returns

Task<AuthResponse>

An AuthResponse containing the JWT token and user information.

Remarks

This method handles two scenarios:

1. Existing OAuth Account: If an OAuth account already exists for this provider and provider user ID, the user is logged in immediately.
2. New OAuth Account: If no OAuth account exists, the method checks if a user with the email exists:
   • If user exists: Links the OAuth account to the existing user (supports mixed auth methods)
   • If user doesn't exist: Creates a new user account (requires valid invitation code)

For new users, an invitation code is required. The user account is created with OAuth authentication method. If a profile photo URL is provided by the OAuth provider, it is stored as an external URL (legacy format). Profile photo URLs are automatically converted to presigned URLs when returned in responses.

Exceptions

Exception

Thrown when:

• Account is disabled or blocked
• Invitation code is required for new users but is missing or invalid
• Email is already registered with a different authentication method

LoginAsync(LoginRequest, CancellationToken)

Authenticates a user with email and password credentials.

public Task<AuthResponse> LoginAsync(LoginRequest request, CancellationToken cancellationToken = default)

Parameters

request LoginRequest

The login request containing email and password.

cancellationToken CancellationToken

Cancellation token to cancel the operation.

Returns

Task<AuthResponse>

An AuthResponse containing the JWT token and user information.

Remarks

This method performs the following steps:

1. Retrieves the user by email address
2. Verifies the password hash using secure verification
3. Checks account status (blocked/disabled accounts cannot log in)
4. Updates the last login timestamp
5. Generates a JWT token with user claims
6. Maps profile photo URL to presigned URL if applicable

The response includes a flag indicating whether profile completion is required. Profile photo URLs are automatically converted to presigned URLs (15-minute TTL) for secure access.

Exceptions

Exception

Thrown when:

• Email or password is invalid
• User account is blocked or disabled

SignupAsync(SignupRequest, CancellationToken)

Registers a new user account with email and password.

public Task<AuthResponse> SignupAsync(SignupRequest request, CancellationToken cancellationToken = default)

Parameters

request SignupRequest

The signup request containing email, password, and invitation code

cancellationToken CancellationToken

Cancellation token to cancel the operation

Returns

Task<AuthResponse>

An AuthResponse containing the JWT token and user information

Remarks

This method performs the following steps:

1. Validates the invitation code and checks usage limits
2. Checks if the email is already registered
3. Hashes the password using secure hashing
4. Creates a new user account with User role
5. Increments the invitation usage count
6. Generates and sends an email verification code
7. Generates a JWT token for immediate authentication

The user account is created with status Active, but email verification is required. The response includes a flag indicating whether profile completion is required.

Exceptions

Exception

Thrown when:

• Invitation code is missing or invalid
• Invitation code has been used up
• Email is already registered
• Password does not meet requirements

VerifyEmailAsync(VerifyEmailRequest, CancellationToken)

Verifies a user's email using a verification code and activates the account.

public Task<AuthResponse> VerifyEmailAsync(VerifyEmailRequest request, CancellationToken cancellationToken = default)

Parameters

request VerifyEmailRequest

Service for handling user authentication, including signup, login, email verification, and OAuth flows. Manages JWT token generation and user session creation.

cancellationToken CancellationToken

Service for handling user authentication, including signup, login, email verification, and OAuth flows. Manages JWT token generation and user session creation.

Returns

Task<AuthResponse>

Service for handling user authentication, including signup, login, email verification, and OAuth flows. Manages JWT token generation and user session creation.