Authentication - gbsouzadev/buddget GitHub Wiki

A client must use a valid OAuth token

Application Credentials

A client must have its own set of ID and secret.

Create OAuth Application token

//TODO: add the steps to create Application AUTH.

User Authentication

  • Use the OAuth 2 application credentials to create a new account via the Sign up endpoint
  • Use the OAuth 2 application credentials to sign in the newly created user via the Sign in endpoint
  • The sign in response will include a user token required for all endpoints

Architecture

Here you can see how the Authentication flow was implemented in a high level

Frontend

sequenceDiagram
    participant Browser as User's browser
    participant Router as React Router
    participant React as LoginScreen Component
    participant Actions as Redux Actions
    participant Reducers as Redux Reducers
    participant Store as Redux Store
    participant Api as Backend API

    Browser->>Router: User goes to /login
    Router->>React: Renders LoginScreen Component 
    React->>Actions: Dispatches a login action on form submission
    Actions-->>Reducers: Login request action passed to Reducers
    Reducers->>Store: New state (loading state) returned to Store
    Store-->>React: Updates the Login Component (shows loading)
    Actions->>Api: Sends API request with credentials
    Api-->>Actions: Response returned from API
    Actions-->>Reducers: Success/Failure action passed to Reducers
    Reducers->>Store: New state (success or error state) returned to Store
    Store-->>React: Updates the Login Component (Logged in or show error)
    React->>Router: Redirects to different route (e.g., /profile)
  1. A user navigates to the /login page.
  2. The react-router is responsible for rendering the LoginScreen Component.
  3. The React LoginScreen Component dispatches a Redux action for login when user submits the form.
  4. The action changes the state to loading and updates the component showing loading behaviour.
  5. The same action sends API request with user credentials.
  6. Receive the response from the Backend API.
  7. Upon response it dispatches either success or failure action.
  8. The Reducer changes state according to the result (either user logged in state or error state)
  9. The Store passes this new state to the LoginScreen Component.
  10. The Login Component responds to this new state (either logging the user in or showing an error).
  11. If login is successful, LoginScreen Component redirects the user to a new route on react-router, such as /profile.

Backend

sequenceDiagram
    participant User as User's Browser
    participant Controller as Spring Controller
    participant Service as Authentication Service
    participant JwtUtil as JWT Utility
    participant Database as User Database
    participant Filter as Security Filter

    User->>Controller: POST request (login) with credentials 
    Controller->>Service: Invokes authentication logic
    Service->>Database: Validates Credentials
    Database-->>Service: User found (or invalid credentials)
    opt Credentials Valid
        Service->>JwtUtil: Calls to generate JWT
        JwtUtil-->>Service: Provides JWT
        Service->>Controller: Provides JWT & user details
        Controller-->>User: Returns JWT to user
    end
    opt Credentials Invalid
        Service->>Controller: Invalid credentials error
        Controller-->>User: Returns error
    end
    User->>Filter: request to Secure Endpoint with JWT
    Filter->>JwtUtil: Validates JWT
    opt JWT Valid
        JwtUtil-->>Filter: Validates JWT
        Filter->>Controller: Passes request to Controller
        Controller-->>User: Returns requested data
    end
    opt JWT Invalid
        JwtUtil-->>Filter: JWT invalid error
        Filter-->>User: Returns error (Unauthorized access)
    end
  1. The user sends a POST request to the server with his username and password.
  2. The Spring Controller, upon receiving the request, invokes the Authentication Service to validate the user credentials.
  3. The Authentication Service checks the credentials against the User Database.
  4. If credentials are valid:
    1. The Authentication Service asks the JWT Utility to generate a JWT.
    2. The JWT Utility returns the newly created JWT.
    3. The JWT and user details are then sent back to the Controller, which returns the JWT to the user.
  5. If credentials are invalid, an error message is returned to the Controller, which then returns the error to the user.
  6. The user sends a request to a Secure Endpoint along with their JWT.
  7. The Security Filter intercepts this request, validates the JWT using the JWT Utility.
  8. If JWT is valid:
    1. This valid JWT is then relayed back to the Security Filter.
    2. The Security Filter then passes the validated request to the corresponding Spring Controller.
    3. The Controller then returns the requested data to the User.
  9. If JWT is invalid:
    1. An error message is relayed back to the Security Filter.
    2. The Security Filter returns an error message to the user (usually something along the line of Unauthorized access).