Skip to content

application.dtos.auth_dtos

src.application.dtos.auth_dtos

Authentication DTOs (Data Transfer Objects).

Response/result dataclasses for authentication command handlers. These carry data from handlers back to the presentation layer.

DTOs
  • AuthenticatedUser: Result from AuthenticateUser command
  • AuthTokens: Result from GenerateAuthTokens command
  • GlobalRotationResult: Result from TriggerGlobalTokenRotation command
  • UserRotationResult: Result from TriggerUserTokenRotation command
Reference
  • docs/architecture/cqrs.md (DTOs section)

Classes

AuthenticatedUser dataclass

Response from successful authentication.

Contains user data needed for session creation and token generation.

Attributes:

Name Type Description
user_id UUID

User's unique identifier.
email str

User's email address (normalized).
roles list[str]

User's roles for authorization.
Source code in src/application/dtos/auth_dtos.py 
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
@dataclass(frozen=True, kw_only=True)
class AuthenticatedUser:
    """Response from successful authentication.

    Contains user data needed for session creation and token generation.

    Attributes:
        user_id: User's unique identifier.
        email: User's email address (normalized).
        roles: User's roles for authorization.
    """

    user_id: UUID
    email: str
    roles: list[str]

AuthTokens dataclass

Response from successful token generation.

Contains the authentication tokens to return to the client.

Attributes:

Name Type Description
access_token str

JWT access token (short-lived, 15 minutes).
refresh_token str

Opaque refresh token (long-lived, 30 days).
token_type str

Token type (always "bearer").
expires_in int

Access token expiration in seconds.
Source code in src/application/dtos/auth_dtos.py 
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
@dataclass(frozen=True, kw_only=True)
class AuthTokens:
    """Response from successful token generation.

    Contains the authentication tokens to return to the client.

    Attributes:
        access_token: JWT access token (short-lived, 15 minutes).
        refresh_token: Opaque refresh token (long-lived, 30 days).
        token_type: Token type (always "bearer").
        expires_in: Access token expiration in seconds.
    """

    access_token: str
    refresh_token: str
    token_type: str = "bearer"
    expires_in: int = 900  # 15 minutes in seconds

GlobalRotationResult dataclass

Response from successful global rotation.

Attributes:

Name Type Description
previous_version int

Version before rotation.
new_version int

Version after rotation.
grace_period_seconds int

Time window where old tokens still work.
Source code in src/application/dtos/auth_dtos.py 
56
57
58
59
60
61
62
63
64
65
66
67
68
@dataclass(frozen=True, kw_only=True)
class GlobalRotationResult:
    """Response from successful global rotation.

    Attributes:
        previous_version: Version before rotation.
        new_version: Version after rotation.
        grace_period_seconds: Time window where old tokens still work.
    """

    previous_version: int
    new_version: int
    grace_period_seconds: int

UserRotationResult dataclass

Response from successful per-user rotation.

Attributes:

Name Type Description
user_id UUID

User whose tokens were rotated.
previous_version int

Version before rotation.
new_version int

Version after rotation.
Source code in src/application/dtos/auth_dtos.py 
71
72
73
74
75
76
77
78
79
80
81
82
83
@dataclass(frozen=True, kw_only=True)
class UserRotationResult:
    """Response from successful per-user rotation.

    Attributes:
        user_id: User whose tokens were rotated.
        previous_version: Version before rotation.
        new_version: Version after rotation.
    """

    user_id: UUID
    previous_version: int
    new_version: int