This project is a user authentication service built with Spring Boot, PostgreSQL, and JWT (JSON Web Tokens) for secure access to protected resources.
The service includes user registration, login, email verification using OTP (One-Time Password), refresh token handling, and logout functionality.
The project follows best practices in terms of security, testing, and maintainability, utilizing tools like Flyway for database migrations, MailHog for email testing, and Redis for OTP management.
- User Registration: Register users with a username, email, and password.
- User Login: Authenticate users and generate JWT tokens for secure access.
- JWT Authentication: Protect endpoints by requiring valid JWT tokens.
- Email Verification: Verify user emails using an OTP sent to the registered email address.
- Resend Verification Email: Allows users to request a new email verification link if needed.
- Refresh Token: Use refresh tokens to obtain new access tokens without re-authenticating.
- Logout: Revoke refresh tokens to invalidate the session on logout.
- Java 21
- Spring Boot 3.3.4 (JPA, Security, Web, Validation, OAuth2 Resource Server, Docker Compose)
- JWT (JSON Web Tokens) for Authentication
- PostgreSQL for persistent storage
- Flyway for database migrations
- Redis for OTP storage
- MailHog for email testing
- Docker Compose for containerized services
- Testcontainers for integration testing with PostgreSQL and Redis
- Lombok for reducing boilerplate code
- Java 21 or higher.
- Docker
- Maven
- OpenSSL
For demonstration purposes, RSA key pairs are included in the project. In production environments, always store keys and secrets securely using tools like Spring Vault, AWS Secrets Manager, or HashiCorp Vault.
To generate a new RSA key pair, use the following commands. Ensure that the keys are stored securely.
Change directory to where the keys should be stored:
cd src/main/resources/jwtGenerate private key:
openssl genpkey -algorithm RSA -out app.key -outform PEMGenerate public key:
openssl rsa -pubout -in app.key -out app.pubsrc/
├── main/
│ ├── java/
│ │ └── com/tc/userauth # Contains application source code
│ └── resources/
│ ├── application.yaml # Main application configuration
│ ├── db/ # Flyway migration scripts
│ └── jwt/ # RSA keys (app.key and app.pub)
└── test/
└── java/
└── com/tc/userauth # Unit and integration test cases
The database will be created and configured automatically and during application start-up using spring-docker-compose dependency.
- Clone the Repository
git clone git@github.com:dfjmax/user-authentication-service-jwt.git cd user-authentication-service-jwt - Run the application
mvn clean install mvn spring-boot:run
You can use Postman to test all the available APIs. We have included a Postman collection with all the API endpoints.
- Open Postman.
- Click on the "Import" button in the top-left corner.
- Download the Postman collection and import it into Postman.
- The collection will appear in your Postman workspace, and you can execute the requests directly.
To view the verification emails sent by the application, visit the MailHog web interface at http://localhost:8025.