Home - Aligheri/jwt-owasp-based-starter GitHub Wiki

Welcome to the `jwt-owasp-based-starter` Wiki!

Documentation Routing

Overview

How to Configure?

AuthService

Registration
- DTO structure for registration
- Sends account activation link
- Calls ActivationService to generate activation code
Login
- JWT creation
- Secure cookie generation (with fingerprint)
- Token encryption (ciphering)
Logout
- Token revocation logic
- Cookie cleanup

ActivationService

generateActivationCode()
sendActivationEmail()
validateActivationCode()
invalidateCode()

Validation Mechanism

SecurityFilter
- validateToken()
  - Check token revocation
  - Validate fingerprint match in token claims
- validateCookie()
  - Check secure flags, format, expiration
  - Match decoded fingerprint with value from cookie
If both token and cookie are valid, request proceeds to the filter chain.

Token Ciphering

Token encryption and decoding logic used in login & validation

Each page explains the corresponding service, its responsibilities, and internal components with diagrams and code examples.