Skip to content

adamxkabbara/auth-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Auth Service

This service provides REST API endpoints for user registration and authentication using JWT (JSON Web Tokens). It is built with Spring Boot and uses H2 as an in-memory database.

Features

  • Register new users with username, email, password, first name, and last name
  • Authenticate users and issue JWT access tokens
  • Passwords are securely hashed using BCrypt
  • JWT-based stateless authentication
  • Basic error handling for authentication and registration
  • In-memory H2 database for development and testing

Technologies Used

  • Java 17+ (configured for Java 24)
  • Spring Boot 3.x
  • Spring Security
  • Spring Data JPA
  • H2 Database
  • JWT (io.jsonwebtoken)
  • Lombok

Getting Started

Prerequisites

  • Java Development Kit (JDK) 17 or higher
  • Maven

Installation

  1. Clone the repository:

    git clone <repository_url>
cd auth-service

  2. Set environment variables for database and JWT secret key. You can use a .env file or set them in your environment:

    DATABASE_USERNAME=your_db_username
DATABASE_PASSWORD=your_db_password
JWT_SECRET_KEY=your_jwt_secret

  3. Build and run the application:

    mvn spring-boot:run

API Endpoints

Register User

  • POST /api/auth/register
  • Request Body: 
    {
    "username": "johndoe",
    "email": "[email protected]",
    "password": "yourpassword",
    "firstname": "John",
    "lastname": "Doe"
}
  • Response: 200 OK on success

Authenticate User

  • POST /api/auth/authenticate
  • Request Body: 
    {
    "username": "johndoe",
    "password": "yourpassword"
}
  • Response: 
    {
    "accessToken": "jwt_access_token_here",
    "expiresIn": 900
}
  • Notes:
    • The refreshToken is not included in the JSON response body.
    • The refreshToken is sent as an HttpOnly cookie in the Set-Cookie response header.
    • The client should store the accessToken from the response body and rely on the browser to manage the refreshToken cookie.

Refresh Token

  • GET /api/auth/refresh
  • Request:
    • The refreshToken must be present as an HttpOnly cookie (automatically sent by the browser).
  • Response: 
    {
    "accessToken": "new_jwt_access_token_here",
    "expiresIn": 900
}
  • Notes:
    • The endpoint reads the refreshToken from the cookie, not from the request body.
    • A new access token is returned in the response body.

Logout

  • POST /api/auth/logout
  • Request:
    • The refreshToken cookie is used to identify and invalidate the session.
  • Response: 200 OK on success

H2 Database Console

  • Accessible at: http://localhost:8080/h2-console
  • JDBC URL: jdbc:h2:mem:mydb
  • Username/Password: as set in your environment variables

Project Structure

  • src/main/java/com/growtivat/auth_service/ - Main source code
  • src/main/resources/application.properties - Application configuration
  • src/test/java/com/growtivat/auth_service/ - Test classes

License

This project is licensed under the MIT License.

Note: This service is intended for development and educational purposes. For production use, ensure to secure your secret keys and review security configurations.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages