This module handles user authentication for the e-commerce platform, including registration, login, email verification, password reset, and OAuth2 login and rest of app is being builded.
- User Registration with Email Verification
- User Login with JWT
- Refresh Token with Rotation
- OAuth2 Login (Google, Facebook, etc.)
- Password Reset via Email
- Role-based Authorization (CUSTOMER, VENDOR, ADMIN, STAFF)
- Spring Boot
- Spring Security
- JWT (JSON Web Tokens)
- Redis
- Spring Data JPA
- Spring Mail (with Thymeleaf)
- PostgreSQL
- Clone the repository.
- Configure the database in
application.ymlwith help ofapplicationexample.ymlfile - Run the application.
POST /api/v1/auth/register- Register a new userGET /api/v1/auth/verify-email- Verify email using tokenPOST /api/v1/auth/login- Login userPOST /api/v1/auth/refresh-token- Refresh access tokenPOST /api/v1/auth/logout- Logout userPOST /api/v1/auth/forgot-password- Request password resetPOST /api/v1/auth/reset-password- Reset password
The module supports OAuth2 login. Currently, it is designed to handle multiple providers. The OAuth account details are stored in the auth_oauth_accounts table.
- JWT tokens are stored in HTTP-only cookies for access token and refresh token is returned in the body (for refresh token endpoint).
- Passwords are encoded using BCrypt.
- Refresh tokens are stored in Redis and are rotated on every use to prevent replay attacks.
Custom exceptions are thrown for various error conditions and are handled by a global exception handler which returns structured JSON responses.
This project is just for learning purpose