Interface LoginServiceGrpc.AsyncService

All Known Implementing Classes:
LoginServiceGrpc.LoginServiceImplBase, LoginServiceImpl
Enclosing class:
LoginServiceGrpc
public static interface LoginServiceGrpc.AsyncService
Service for authenticating users via email-based passwordless login.
Authentication Flow:
1. Client calls Login with the user's email address
2. If the email is registered, a six-digit code is sent to that email
3. Client receives an auth_flow_token and EmailCode response
4. User enters the code from their email
5. Client calls EmailCode with the auth_flow_token and the code
6. If valid, client receives a JWT token; if invalid, receives a Failure
Security Features:
- Rate limited to 20 requests per 10 minutes per origin to prevent brute force attacks
- Auth flow tokens expire after 15 minutes
- Same response for registered and unregistered emails to prevent email enumeration
- Invalid codes return the same error as expired/invalid flow tokens to prevent timing attacks
Error Handling:
- RESOURCE_EXHAUSTED: Rate limit exceeded (too many login attempts)
- UNAUTHENTICATED: No origin header provided (required for rate limiting)
- INTERNAL: Unexpected server error during processing

  • Method Summary

    Modifier and Type
    Method
    Description
    default void
    emailCode(EmailCodeRequest request, io.grpc.stub.StreamObserver<NextAuthFlowResponse> responseObserver)
    Verifies an email verification code to complete authentication.
    default void
    login(LoginRequest request, io.grpc.stub.StreamObserver<NextAuthFlowResponse> responseObserver)
    Initiates a login flow for the specified email address.

  • Method Details

    • login

      default void login(LoginRequest request, io.grpc.stub.StreamObserver<NextAuthFlowResponse> responseObserver)
      Initiates a login flow for the specified email address.
If the email is registered, a six-digit verification code is sent to that address.
The response always indicates that an email code step is next, regardless of whether
the email exists, to prevent email enumeration attacks.
Returns:
- NextAuthFlowResponse with email_code set and a new auth_flow_token
Errors:
- RESOURCE_EXHAUSTED: Too many login attempts from this origin
- UNAUTHENTICATED: Missing origin header
- INTERNAL: Server error (e.g., database or email sending failure)

    • emailCode

      default void emailCode(EmailCodeRequest request, io.grpc.stub.StreamObserver<NextAuthFlowResponse> responseObserver)
      Verifies an email verification code to complete authentication.
The auth_flow_token must match a pending login flow, and the code must match
the one that was sent to the user's email. On success, returns a JWT token.
On failure, returns a Failure response with INVALID_CODE reason.
After successful verification, the auth_flow_token is invalidated and cannot be reused.
Returns:
- NextAuthFlowResponse with success set (containing JWT token) if code is valid
- NextAuthFlowResponse with failure set (INVALID_CODE reason) if code is invalid
Errors:
- RESOURCE_EXHAUSTED: Too many login attempts from this origin
- UNAUTHENTICATED: Missing origin header
- INTERNAL: Server error (e.g., JWT generation failure)