Protected ReadonlyauthProtected ReadonlyeventLogin with credentials (find user by username and compare the passed with hashed password)
Login with otp code (generated and sent to the user via email or sms)
Logout from the current sesison (delete the session token from token hash map)
acesss token
-- MessageDto
Create a otp code and emit "email.otp" event with payload of OtpResponseDto