1  using GUNRPG.Application.Identity.Dtos;
 2  using GUNRPG.Application.Results;
 3  
 4  namespace GUNRPG.Application.Identity;
 5  
 6  /// <summary>
 7  /// Issues and validates JWT access tokens and manages refresh token rotation.
 8  /// </summary>
 9  public interface ITokenService
10  {
11      /// <summary>
12      /// Issues a new JWT access token and a fresh refresh token for the given user.
13      /// The previous refresh token (if any) is consumed atomically.
14      /// </summary>
15      Task<TokenResponse> IssueTokensAsync(string userId, string? username, Guid? accountId, CancellationToken ct = default);
16  
17      /// <summary>
18      /// Exchanges an existing refresh token for a new token pair.
19      /// The old refresh token is consumed; returns Unauthorized if invalid, expired, or already used.
20      /// </summary>
21      Task<ServiceResult<TokenResponse>> RefreshAsync(string refreshToken, CancellationToken ct = default);
22  
23      /// <summary>
24      /// Revokes all active refresh tokens for the given user (logout from all devices).
25      /// </summary>
26      Task RevokeAllAsync(string userId, CancellationToken ct = default);
27  }