Backend: Create User Login & Registration Backend with JWT (Spring Boot)

[Ayush0316]

We need to implement the backend logic for user authentication using Spring Boot, including user registration, login, and JWT-based session management. Users should be able to securely register and log in, receiving a token they can use for authenticated requests.

---

Acceptance Criteria

✅ User Registration

• Endpoint: POST /api/auth/register

• Accepts: full name, email, password, role

• Validates:

  • Unique email
  • Valid email format
  • Secure password (e.g., min length 8, etc.)

• Hash the password before saving (use BCryptPasswordEncoder)

• Store user in database

• Return success message or token

Validation methods are already available in validationUtil, You have to use them only.

✅ User Login

• Endpoint: POST /api/auth/login
• Accepts: email, password
• Authenticates user and issues a JWT token
• Return JWT token in response in Authorization header.

---

Database

Create users table/model with fields:

id, full name, email, password_hash, created_at, updated_at, is_deleted

---

🔐 Authentication Token Strategy (JWT)

How to Store and Use JWT:

• Generate a JWT token on login
• Send it in the Authorization header as Bearer <token> for all authenticated requests
• Use a Spring Security filter to intercept requests and validate the token

How to Expire/Invalidate Tokens:

• Set an expiry time in JWT (e.g., 15–30 mins)
• Use Refresh tokens for re-authentication
• store JWTs in Redis for manual logout/blacklisting

---

🛠 Tech Stack

• Backend: Spring Boot 3+
• Security: Spring Security
• Database: PostgreSQL (JPA/Hibernate)
• Password Hashing: BCryptPasswordEncoder
• Token: JWT (use jjwt or java-jwt libraries)

---

📄 Deliverables

• API endpoints: api/auth/register, api/auth/login
• JWT-based authentication with expiry
• User entity + JPA repo
• Security config (JWT filter, WebSecurityConfigurer)
• Basic error handling
• Unit tests for services and controllers
• Refresh tokens
• Logout endpoint (JWT blacklist in Redis or DB)

---

Notes:
Please include unit tests and basic documentation in the code (e.g., Swagger/OpenAPI or inline comments).

[suhas5324]

I have experience in working with spring boot and i have implemented spring security for all my projects. Please assign me this issue under gssoc label.

[divyaa-choudhary]

Hello @Ayush0316, please assign me the issue. Thank you!

[divyaa-choudhary]

Thanks @Ayush0316 , I'll start working on it. If I have any questions, I will reach out to you.

[GiriGourav]

Hello @Ayush0316 ,Could you please assign this to me?

[hexwhiz]

Hi, I would like to work on this issue. Could you please assign it to me? 🙂

[Panda-Abhisek]

Hi @Ayush0316 @divyaa-choudhary , I’d like to contribute to this issue. I see someone is working on this already. If any help is needed, I’d be happy to collaborate or take on some sub-tasks or there are related issues, I'd love to contribute as I'm learning Spring Security.

[ersujalsharma]

Hi @Ayush0316, recently i worked on authorization using JWT(Spring Boot), please assign it to me.
Here is my work - Github Repo of Authorization using JWT.

[Daksh021]

@Ayush0316 Is the work complete if not just assign it to me i will complete it in fastest way possible

[divyaa-choudhary]

Hello @Daksh021 , I’ve already raised a PR for this request. If you’d like to contribute, you can work on adding test cases or suggest alternative approaches. Here’s the PR for your reference: #78