{"id":47809096,"url":"https://github.com/devcavin/kotlin-jwt-auth","last_synced_at":"2026-04-03T18:01:53.296Z","repository":{"id":314806702,"uuid":"885520474","full_name":"devcavin/kotlin-jwt-auth","owner":"devcavin","description":"Production-ready JWT Authentication Starter for Kotlin + Spring Boot APIs","archived":false,"fork":false,"pushed_at":"2026-02-19T18:30:30.000Z","size":58,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-19T21:27:29.316Z","etag":null,"topics":["docker","jwt","jwt-auth","jwt-token","kotlin","spring-boot"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devcavin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-08T18:42:06.000Z","updated_at":"2026-02-19T18:34:29.000Z","dependencies_parsed_at":"2025-09-14T23:31:38.321Z","dependency_job_id":"a83e31b9-124a-4c16-8679-a022820764bc","html_url":"https://github.com/devcavin/kotlin-jwt-auth","commit_stats":null,"previous_names":["killercavin/spring-security-basics","devcavin/spring-security-basics"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/devcavin/kotlin-jwt-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devcavin%2Fkotlin-jwt-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devcavin%2Fkotlin-jwt-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devcavin%2Fkotlin-jwt-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devcavin%2Fkotlin-jwt-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devcavin","download_url":"https://codeload.github.com/devcavin/kotlin-jwt-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devcavin%2Fkotlin-jwt-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31368156,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","jwt","jwt-auth","jwt-token","kotlin","spring-boot"],"created_at":"2026-04-03T18:01:51.885Z","updated_at":"2026-04-03T18:01:53.289Z","avatar_url":"https://github.com/devcavin.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kotlin JWT Auth\n\nProduction-ready JWT authentication service built with Kotlin and Spring\nBoot. Designed with clean architecture principles, secure defaults, and\nextensibility in mind.\n\n## Overview\n\nThis project implements stateless authentication using JSON Web Tokens\n(JWT) with:\n\n-   Secure login \u0026 registration flow\n-   Role-based authorization\n-   Token generation \u0026 validation\n-   Spring Security configuration\n-   Exception handling \u0026 API error responses\n-   Layered architecture (Controller → Service → Repository)\n-   DTO separation and validation\n\nThe goal is to demonstrate production-oriented backend practices, not\njust JWT wiring.\n\n## Tech Stack\n\n-   Kotlin\n-   Spring Boot\n-   Spring Security\n-   JWT (jjwt / auth0 / configurable)\n-   JPA / Hibernate\n-   PostgreSQL (configurable)\n-   Gradle\n\n## Architecture\n\nThe project follows a layered architecture:\n\ncontroller/ service/ repository/ security/ config/ dto/ exception/\nmodel/\n\n## Key Design Decisions\n\n-   Stateless authentication (no sessions)\n-   Password hashing via BCrypt\n-   JWT filter integrated into Spring Security filter chain\n-   Custom authentication entry point\n-   Centralized exception handling\n-   Clean separation between domain and transport models\n\n## Authentication Flow\n\n1.  User registers → password hashed and stored\n2.  User logs in → credentials validated\n3.  JWT issued and returned\n4.  Client sends token via Authorization header\n5.  Security filter validates token and sets authentication context\n\n## Running Locally\n\nClone repository:\n```sh\n      git clone https://github.com/yourusername/kotlin-jwt-auth.git\n      cd kotlin-jwt-auth\n```\n\nConfigure environment (application.yml):\n```yaml\n       spring: datasource: url: jdbc:postgresql://localhost:5432/authdb\n       username: postgres password: postgres\n       jwt: secret: your-secure-secret expiration: 3600000\n```\n\nRun:\n```sh\n     ./gradlew bootRun\n```\n\nApp runs on: **http://localhost:8080**\n\n## API Endpoints\n```sh\n      Register POST /api/auth/register\n      Login POST /api/auth/login\n      Protected Endpoint GET /api/users/me Authorization: Bearer\n      `\u003ctoken\u003e`{=html}\n```\n\n## Example Request\n```sh\n      curl -X POST http://localhost:8080/api/auth/login\\\n           -H \"Content-Type: application/json\"\\\n           -d '{\"email\":\"user@example.com\",\"password\":\"password\"}'\n```\n\n## Production Improvements (Next Steps)\n\n-   Refresh token implementation\n-   Email verification flow\n-   Rate limiting\n-   Audit logging\n-   Dockerization\n-   Test coverage (unit + integration)\n-   CI pipeline (GitHub Actions)\n-   OpenAPI / Swagger documentation\n\n## What This Project Demonstrates\n\n-   Strong understanding of Spring Security internals\n-   Stateless authentication architecture\n-   Clean code and maintainability\n-   Backend security best practices\n-   Production-aware configuration\n\n\u003e [!NOTE]\n\u003e This repository is part of my backend engineering portfolio and reflects production-oriented security design rather than tutorial-level implementation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevcavin%2Fkotlin-jwt-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevcavin%2Fkotlin-jwt-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevcavin%2Fkotlin-jwt-auth/lists"}