[FEATURE] Login and Logout using JWT and OAuth 2.0

Question

[FEATURE] Login and Logout using JWT and OAuth 2.0

Opened this issue 2 months ago · 8 comments

Is this feature already requested?

I have checked "open" and "closed" issues, and this is not a duplicate.

Feature Description

Description:

Implement secure login and logout functionality using JWT and OAuth 2.0 in our library management system. The feature should ensure proper role-based access control (RBAC) for different user roles (ADMIN, LIBRARIAN, USER).

The frontend is built using React, so the solution must be compatible with the existing codebase. frontend Security issue

Fork security branch

Requirements:

Authentication Mechanism:
- Implement JWT-based authentication for handling login and logout.
- Integrate OAuth 2.0 to allow users to authenticate through third-party providers.
Role-Based Access Control (RBAC):
- Implement role checking to restrict access to certain functionalities based on the user's role.
- Example: Only admins should have access add LIBRARIAN and many more
Frontend Integration (React):
- Ensure that the login and logout functionality integrates seamlessly with the existing React frontend.
- The frontend should be able to securely store the JWT token and manage user sessions.
Security Considerations:
- Implement token expiration and refresh logic for maintaining secure sessions.
- Ensure logout functionality invalidates the JWT token on both the client and server.
- Protect sensitive routes by ensuring only authenticated users with the proper roles can access them.
API Endpoints:
- Define the necessary API endpoints for login and logout in the backend (Spring Boot).
- Ensure the endpoints return appropriate HTTP status codes and messages.

Answer 1 · 2024-10-01T13:04:17.000Z

Hi! @ajaynegi45
Can you please assign this issue to me. I can help you with the secure login and logout functionality

Answer 2 · 2024-10-01T13:56:09.000Z

Hi! @ajaynegi45 Can you please assign this issue to me. I can help you with the secure login and logout functionality

Hi @rishabhrawat05,

Thank you for expressing your interest in working on the "Login and Logout using JWT and OAuth 2.0" issue. I'm delighted to inform you that I have assigned this issue to you. Your willingness to contribute to our project is much appreciated.

Feel free to start working, and if you have any questions or need assistance during the process, please don't hesitate to reach out.

Answer 3 · 2024-10-03T17:44:16.000Z

Hey @ajaynegi45
Here are the updates of the project

Jwt Authentication is completed
working on role based and OAuth2

Here are some screenshots

Answer 4 · 2024-10-03T18:01:55.000Z

Hey @ajaynegi45 Here are the updates of the project

Jwt Authentication is completed

working on role based and OAuth2

Here are some screenshots

Also Add username.

Answer 5 · 2024-10-04T16:54:56.000Z

Hey! @ajaynegi45
I have implemented Oauth2 security also and moving forward with role-based and frontend implementation, So can you provide a brief about which role to assign to which services/API, because it is not mentioned above.

Answer 6 · 2024-10-04T17:16:44.000Z

"ADMIN and LIBRARIAN roles will have full access to all APIs. The USER role, however, will have restricted access. Specifically, the USER role does not have permission to access the following APIs:

addBook
updateBook
deleteBook
getAllBorrowings
getSingleBorrowingById
getAllMembers
getMemberById

If there are any other endpoints that require role-based access, feel free to reach out!"

Answer 7 · 2024-10-05T14:54:39.000Z

Hi! @ajaynegi45
I have implemented role-based authentication and would like to ask you if I should add, deleteMember API also authenticated to admin and librarian or keep it just like that.

Answer 8 · 2024-10-05T18:14:26.000Z

Hi! @ajaynegi45 I have implemented role-based authentication and would like to ask you if I should add, deleteMember API also authenticated to admin and librarian or keep it just like that.

update that also