🛡️ Auth Service
Github: github.com/le-minh-duc-dev/chat-system-auth-service.git
The Auth Service handles user authentication and authorization for the Chat System.
It provides secure registration, login, and JWT token management.
📜 Features
The Auth Service handles user authentication and authorization for the Chat System.
It provides secure registration, login, and JWT token management.
-
User Registration
Allow users to create an account with secure password hashing (BCrypt). -
User Login
Validate credentials and issue Access Tokens and Refresh Tokens. -
JWT Token Management
- Access Token: Short-lived, used for authentication in API calls.
- Refresh Token: Longer-lived, used to renew Access Tokens without forcing login again.
-
Role Management
Support user rolesUSER,ADMIN.
🧰 Technology Stack
- Spring Boot
- Spring Data JPA
- Spring Data Redis
- Spring Cloud OpenFeign
- Spring Cloud Netflix
- Spring Cloud Config
- JWT (JSON Web Tokens)
- Redis
- PostgreSQL
📂 Endpoints Overview
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/register | Register a new user |
| POST | /api//v1/auth/login | Login and receive JWT tokens |
| POST | /api/v1/auth/refresh | Refresh an expired access token |
| GET | /internal/auth/users/{id} | Provide basic infomation of a user for other serivces |
| POST | /internal/auth/users/batch | Provide basic infomation of many users for other serivces |
🔒 Security Details
- Password Hashing: User passwords are hashed using BCrypt before storing in the database.
- JWT Signing: Tokens are signed with a secret key using HMAC SHA algorithm.
- Token Expiration:
- Access Token: 15 minutes
- Refresh Token: 7 days
- Refresh Flow:
When an access token expires, clients use a refresh token to obtain a new access token without re-logging in.
⚙️ How Authentication Works
🧾 Data Contracts
LoginRequest
{
"username": "john_doe",
"password": "SuperSecret123"
}
RegisterRequest
{
"username": "john_doe",
"password": "SuperSecret123",
"email": "john.doe@example.com"
}
RefreshTokenRequest
{
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ..."
}
AuthResponse
{
"accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ...",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiIxMjMifQ..."
}
EmailCheckingRequest
{
"email": "john.doe@example.com"
}
BasicUserInfoDTO
{
"id": "1",
"username": "john_doe"
}
UserDTO
{
"email": "john.doe@example.com",
"authId": 1
}