package domain import ( "errors" "time" "github.com/golang-jwt/jwt/v5" ) var ErrInvalidToken = errors.New("invalid token") // Claims is the JWT payload (simplified from stand-alone token claims; numeric uid). type Claims struct { UID int64 `json:"uid"` Roles []string `json:"roles"` JTI string `json:"jti,omitempty"` Kind string `json:"kind"` // access | refresh jwt.RegisteredClaims } // TokenPair is returned to clients (access + refresh). type TokenPair struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` TokenType string `json:"token_type"` ExpiresIn int64 `json:"expires_in"` } // Issuer issues and validates JWT access/refresh pairs. type Issuer interface { Issue(uid int64, roles []string) (pair *TokenPair, refreshJTI string, refreshExp time.Time, err error) ParseAccess(tokenStr string) (*Claims, error) ParseRefresh(tokenStr string) (*Claims, error) }