https://github.com/fernandesreon/authentication-module

Reusable, highly customizable authentication module for Spring Boot based projects
https://github.com/fernandesreon/authentication-module

docker jwt mysql react redis spring-boot spring-security

Last synced: 2 months ago
JSON representation

Reusable, highly customizable authentication module for Spring Boot based projects

• Host: GitHub
• URL: https://github.com/fernandesreon/authentication-module
• Owner: FernandesReon
• Created: 2025-08-08T01:43:40.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-08-16T03:18:03.000Z (10 months ago)
• Last Synced: 2025-08-23T19:27:43.548Z (10 months ago)
• Topics: docker, jwt, mysql, react, redis, spring-boot, spring-security
• Language: JavaScript
• Homepage:
• Size: 98.6 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Secure Authentication Module

Production-grade authentication system built with Spring Boot + React, designed with progressive security hardening and 

extensibility in mind.

This project focuses on implementing authentication the correct way — following modern security principles such as:

- httpOnly cookie-based authentication

- Short-lived JWT access tokens

- Refresh token rotation

- OTP & OAuth support

- Stateless security architecture

Currently, in Phase 3 - OAuth & Extensibility.

## About the project

Secure Authentication Module is a reusable, enterprise-ready authentication service built to simulate real-world production security architecture.

The goal is to:

- Understand authentication flows deeply 

- Implement security best practices 

- Build a modular system extensible for OAuth, OTP, and future passkey support

- Keep frontend and backend cleanly separated

This project evolves in structured phases, gradually increasing security, reliability, and extensibility.

## Tech Stack

#### Backend

- Java 21

- Spring Boot 4.x

- Spring Security

- JWT (Access + Refresh token)

- MySQL 8.x

- Redis 7.x

- Spring Data JPA

- Hibernate

- Lombok

- Resilience4j (Phase 4)

- OpenAPI / Swagger (Phase 4)

#### Frontend

- React 18

- TypeScript

- Vite

- Axios

- React Router v6

- Shadcn UI

- Tailwind CSS

- React Hook Form - later

- Zod - later

## Project Flow

Below is the simplified authentication flow

1. User Registration

   - User submits [name, email, password]

   - Password is hashed using BCrypt

   - User saved in database (MYSQL)

   - Verification email send (6-digits alphanumeric code)

   - User verified if correct OTT.

2. User Authentication [login] - (password / passwordless)

   - User submits credentials

   - Spring Security authenticates

     - if passwordless, OTP is sent for verification

     - once verified

   - Access token (short-lived) generated

   - Refresh token generated and stored in Redis

   - Tokens send via httpOnly secure cookies

3. Token refresh flow

   - Access token expires

   - Frontend automatically calls refresh endpoint

   - Refresh token validated against redis

   - New access token issued

   - Refresh token rotation applied