Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance Authentication with JWT and Refresh Token Mechanism #264 #288

Merged
merged 25 commits into from
Jan 7, 2025
Merged

Enhance Authentication with JWT and Refresh Token Mechanism #264 #288

merged 25 commits into from
Jan 7, 2025

Conversation

gflachs
Copy link
Contributor

@gflachs gflachs commented Dec 17, 2024

closes #264

Description

This PR introduces a secure authentication mechanism using JWTs for access tokens and refresh tokens, replacing the current session-based authentication. It enhances security, enables frontend access to user data, and ensures token lifecycle management.

Motivation

The current authentication system has the following limitations:

  1. Stolen Cookies Cannot Be Rejected: Once stolen, cookies can be perpetually renewed, preventing proper user logout.
  2. Limited Frontend Access: User information is encrypted within the session cookie, making it inaccessible to the frontend.

To address these issues, JWTs for access tokens and refresh tokens are introduced.

Changes Implemented

1. JWT-Based Access Tokens

  • User Data: User information is stored in a JWT, signed with the backend's private key.
  • Accessibility: Stored in a frontend-accessible cookie.
  • Expiration: Tokens expire after 5 minutes to limit their lifespan.

2. Refresh Tokens

  • Purpose: Allows secure renewal of access tokens without requiring a full re-login.
  • Storage: Stored as an HTTP-only cookie for added security.
  • Validation: Refresh tokens are recorded in the database to ensure integrity.
  • Expiration: Longer expiration period (e.g., several days).

3. Token Renewal Workflow

  • When the access token expires, the system verifies the refresh token:
  • If valid:
    *Issues a new access token.
    *Invalidates the old refresh token and generates a new one.

@astanik astanik added the enhancement New feature or request label Dec 18, 2024
@astanik astanik requested a review from Eyad-Wahdan December 19, 2024 07:23
@Eyad-Wahdan
Copy link
Contributor

Overall, this is excellent work! The code is well-structured and the functionality is clearly implemented. Great job on adding a robust JWT-based authentication mechanism. Before merging, there are a few suggestions and potential adjustments to consider that could further enhance the maintainability, security, and readability of the code. Then the code should be ready to merge!

Eyad-Wahdan
Eyad-Wahdan reviewed Dec 30, 2024
View reviewed changes
Eyad-Wahdan
Eyad-Wahdan reviewed Dec 30, 2024
View reviewed changes
@gflachs gflachs requested a review from Eyad-Wahdan January 6, 2025 18:01
gflachs and others added 2 commits January 6, 2025 19:45
@gflachs
Merge remote-tracking branch 'origin/264/Enhance-Authentication-with-…
8ed6153 
…JWT-and-Refresh-Token-Mechanism' into 264/Enhance-Authentication-with-JWT-and-Refresh-Token-Mechanism

# Conflicts:
#	remsfal-service/src/main/resources/META-INF/liquibase-changelog-0_1_2.xml
#	remsfal-service/src/main/resources/application.properties
#	remsfal-service/src/test/java/de/remsfal/service/boundary/authentication/HeaderExtensionResponseFilterTest.java
#	remsfal-service/src/test/java/de/remsfal/service/boundary/project/BuildingResourceTest.java
#	remsfal-service/src/test/java/de/remsfal/service/boundary/project/ChatResourceTest.java
@astanik
Merge branch 'main' into 264/Enhance-Authentication-with-JWT-and-Refr…
0393449 
…esh-Token-Mechanism
Eyad-Wahdan
Eyad-Wahdan reviewed Jan 7, 2025
View reviewed changes
Copy link
Contributor

@Eyad-Wahdan Eyad-Wahdan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All suggested revisions have been addressed or justified, thank you for that! Now, only the final checks need to pass!

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 7, 2025

Quality Gate Passed Quality Gate passed

Issues
32 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.1% Coverage on New Code
0.7% Duplication on New Code

See analysis details on SonarQube Cloud

@astanik astanik merged commit 645c73f into remsfal:main Jan 7, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Eyad-Wahdan Eyad-Wahdan Eyad-Wahdan left review comments

@astanik astanik astanik approved these changes

Assignees

@gflachs gflachs

Labels
enhancement New feature or request ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhance Authentication with JWT and Refresh Token Mechanism
3 participants
@gflachs @Eyad-Wahdan @astanik