🔹 Spring Boot Security: Authentication By One-Time Token (OTT)

Spring Security offers a built-in filter and authentication provider to manage One-Time Token (OTT) validation seamlessly.

🔗 Incoming Request to /login/ott?token=XYZ

The user interacts with the magic link or enters the token manually. A request is sent to the /login/ott endpoint, including the token as a query parameter.

🛡️ Interception by Spring Security

The OneTimeTokenAuthenticationFilter (part of Spring Security) captures the request.

The filter extracts the token value from the query parameter (token=XYZ).

🔄 Authentication Manager Delegation

The extracted token is passed to the OneTimeTokenAuthenticationProvider for further validation.

✅ The Token Validation Workflow

Token Existence Check: Ensures the token is present in the database or token storage. Expiration Check: Verifies that the token is still valid and hasn't expired. User Association: Confirms that the token is correctly linked to a specific user.

🔓 Authentication Outcome

Success: A valid token authenticates the user, initiating a session. Failure: An invalid or expired token results in an authentication error (401 Unauthorized).