Endpoints
POST /auth/signup
- email/phone
- password or OTP
→ Create user + return token
POST /auth/login
- email/phone
- password or OTP
→ Return JWT token
POST /auth/verify-sms
- phone, code
→ Return verified flag or error
POST /auth/refresh
- refresh_token
→ Return new access token
🔐 JWT Structure
json
CopyEdit
{
"userId": "uuid",
"capabilities": { "isPlayer": true, "isOrganizer": false },
"exp": 1713000000
}
🔐 Service Dependencies
- Writes to
UserService for registration
- Reads
UserService to check verification status
🔐 Security Notes
- Stateless JWT
- Refresh token rotation for longer sessions
- Email/phone verification optional at MVP
openapi: 3.0.0
info:
title: Match Made Auth API
version: 1.0.0
paths:
/auth/signup:
post:
summary: Sign up a new user
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
email: { type: string }
phone: { type: string }
password: { type: string }
responses:
'200':
description: Token returned
/auth/login:
post:
summary: Log in a user
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
email: { type: string }
phone: { type: string }
password: { type: string }
responses:
'200':
description: JWT token returned
/auth/verify-sms:
post:
summary: Verify phone number with SMS code
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
phone: { type: string }
code: { type: string }
responses:
'200':
description: Verification status
/auth/refresh:
post:
summary: Refresh JWT token
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
refresh_token: { type: string }
responses:
'200':
description: New access token