Authentication System

A modern authentication microservice built with Spring Boot that provides secure user authentication for distributed systems.

Features

JWT Authentication with RS256 The service uses JSON Web Tokens with asymmetric RS256 signing. Access tokens are signed with a private key and can be verified by other services using the public key. This enables decentralized token validation without direct communication with the auth service.

JWKS Endpoint A JSON Web Key Set endpoint provides public keys in a standardized format. Other microservices can automatically retrieve and cache these keys to validate incoming tokens.

Refresh Token Management In addition to short-lived access tokens, the service manages long-lived refresh tokens. These allow clients to obtain new access tokens without requiring the user to log in again. Refresh tokens are securely stored in the database and can be revoked if needed.

Google OAuth2 Integration Users can alternatively sign in using their Google account. The service handles the complete OAuth2 flow and automatically creates a local user account when needed.

Email Verification After registration, users receive an email with a verification link. The account is only fully activated after successful verification.

Password Reset Users can request a password reset via their email address. The service generates a time-limited token and sends a reset link by email.

Stateless Architecture The service does not store session data in memory. All necessary information is contained in the JWT or loaded from the database. This enables horizontal scaling by simply adding more service instances.

Technologies

• Spring Boot
• Spring Security
• JWT
• OAuth2
• PostgreSQL