From 17772ed42a97980eaabd581ce1e9793a1599ca41 Mon Sep 17 00:00:00 2001
From: saravanakumardb1 <saravanakumardb1@users.noreply.github.com>
Date: Sun, 15 Feb 2026 14:40:34 -0800
Subject: [PATCH] feat(platform-service): auth/refresh returns both accessToken
 + refreshToken

- Refresh endpoint now rotates refresh token and returns both tokens
- Keeps existing refresh token validation semantics
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
---
 services/platform-service/src/modules/auth/routes.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/platform-service/src/modules/auth/routes.ts b/services/platform-service/src/modules/auth/routes.ts
index cbea261e..e03ba0dd 100644
--- a/services/platform-service/src/modules/auth/routes.ts
+++ b/services/platform-service/src/modules/auth/routes.ts
@@ -125,7 +125,11 @@ export async function authRoutes(app: FastifyInstance) {
         productId: user.productId,
         plan: user.plan,
       });
-      return { accessToken };
+      const refreshToken = await jwt.createRefreshToken({
+        sub: user.id,
+        productId: user.productId,
+      });
+      return { accessToken, refreshToken };
     } catch {
       throw new UnauthorizedError('Invalid or expired refresh token');
     }