[FEATURE] Login and Logout using JWT and OAuth 2.0 #29
Description
Is this feature already requested?
- I have checked "open" and "closed" issues, and this is not a duplicate.
Feature Description
Description:
Implement secure login and logout functionality using JWT and OAuth 2.0 in our library management system. The feature should ensure proper role-based access control (RBAC) for different user roles (ADMIN, LIBRARIAN, USER).
The frontend is built using React, so the solution must be compatible with the existing codebase. frontend Security issue
Fork security branch
Requirements:
-
Authentication Mechanism:
- Implement JWT-based authentication for handling login and logout.
- Integrate OAuth 2.0 to allow users to authenticate through third-party providers.
-
Role-Based Access Control (RBAC):
- Implement role checking to restrict access to certain functionalities based on the user's role.
- Example: Only admins should have access add LIBRARIAN and many more
-
Frontend Integration (React):
- Ensure that the login and logout functionality integrates seamlessly with the existing React frontend.
- The frontend should be able to securely store the JWT token and manage user sessions.
-
Security Considerations:
- Implement token expiration and refresh logic for maintaining secure sessions.
- Ensure logout functionality invalidates the JWT token on both the client and server.
- Protect sensitive routes by ensuring only authenticated users with the proper roles can access them.
-
API Endpoints:
- Define the necessary API endpoints for login and logout in the backend (Spring Boot).
- Ensure the endpoints return appropriate HTTP status codes and messages.