You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This document describes the registration flow and JWT authentication process for the application.
The flow is divided into three main sections:
Register Step One Endpoint : User Registration (Without Phone Number).
Register Step Two Endpoint: User Registration (Completing Profile with Phone Number).
JWT Authentication Filter: Token Validation for Each Request.
1. Step One: User Registration
In this step, the user registers by submitting their initial details, including their email and password.
Flow:
1.1 Frontend Interaction:
The user fills out the registration form and submits it to the backend as a UserRegisterStepOneDTO:
username
email
password
confirm password
1.2 AuthController --> DTO Validation:
The backend validates the DTO for correct data format and content. If the validation fails, an error response is returned to the frontend. If the validation passes, the process continues.
1.3 AuthService.registerStepOne:
The backend checks whether the email provided already exists in the system.
If the email exists, an EmailAlreadyExistsException is thrown to inform the frontend.
If the email doesn’t exist, the backend creates a new user entity and persists it in the database.
1.4 Token Generation:
A temporary JWT token is generated, valid for 5 minutes, using the email provided. This token is used to proceed to the next step.
1.5 Response:
The system returns a JwtResponse containing the temporary token and its expiration time to the frontend.
1.6 Token Expiry and Data Deletion:
The temporary token genereated on the registerStepOne (AuthService layer )is valid for 5 minutes.
If the user does not complete the second step (adding the phone number) within that timeframe, the user's isCompleted field remains false.
Every 5 minutes, the system checks all users in the database whose isCompleted is false and deletes those users who have not completed their registration, thus removing their data.
2. Step Two: Completing Registration with Phone Number
In this step, the user completes the registration process by providing their phone number.
Flow:
2.1 Frontend Interaction:
The user submits their phone number along with the temporary JWT token generated in Step One, via a UserRegisterStepTwoDTO.
2.2 AuthController --> DTO Validation:
The backend validates the DTO. If the validation fails, an error response is returned. If the validation passes, the process continues.
2.3 AuthController --> Token Retrieval:
The backend retrieves the temporary JWT token from the SecurityContext and uses it to retrieve the associated user details.
2.4 AuthService.registerStepTwo:
The backend performs several actions:
It checks if the phone number already exists in the system.
If the phone number exists, a PhoneAlreadyExistsException is thrown.
It extracts the email from the temporary token.
It looks up the user by email and updates the user entity with the provided phone number.
It marks the registration process as completed and persists the updated user information.
2.5 Final Token Generation:
After the phone number is successfully added, a permanent JWT token is generated, valid for 1 hour.
2.6 Response:
A JwtResponse containing the final token and its expiration time is sent to the frontend.
3. JWT Authentication Filter
The JWT authentication filter ensures that every HTTP request containing a JWT token is validated. This filter is part of the security filter chain, executing every time a request is made with a token.
Flow:
3.1 Token Validation:
The JWT authentication filter intercepts every request and validates the token.
If the token is invalid, an error response is returned.
If the token is valid, the filter extracts the user identifier (either an email or phone number).
3.2 Loading User Details:
The filter invokes CustomUserDetailsService.loadUserByUsername with the identifier extracted from the token.
The service determines if the identifier contains an "@" character (indicating it's an email) or if it's a phone number.
It then loads the corresponding user details based on this identifier.
3.3 Authentication Setup:
Once the user details are successfully loaded, an authentication token is created and placed in the SecurityContext, ensuring the request is authenticated and authorized.
📋documentationImprovements or additions to documentation⬅️BACKEND🧠 logicHandles business rules, data processing, and internal logic.🔒securityTasks related to authentication, authorization, and data protection.
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Registration and JWT Authentication Flow
This document describes the registration flow and JWT authentication process for the application.
The flow is divided into three main sections:
Register Step One Endpoint : User Registration (Without Phone Number).
Register Step Two Endpoint: User Registration (Completing Profile with Phone Number).
JWT Authentication Filter: Token Validation for Each Request.
1. Step One: User Registration
In this step, the user registers by submitting their initial details, including their email and password.
Flow:
1.1 Frontend Interaction:
The user fills out the registration form and submits it to the backend as a
UserRegisterStepOneDTO:1.2 AuthController --> DTO Validation:
The backend validates the DTO for correct data format and content. If the validation fails, an error response is returned to the frontend. If the validation passes, the process continues.
1.3 AuthService.registerStepOne:
The backend checks whether the email provided already exists in the system.
EmailAlreadyExistsExceptionis thrown to inform the frontend.1.4 Token Generation:
A temporary JWT token is generated, valid for 5 minutes, using the email provided. This token is used to proceed to the next step.
1.5 Response:
The system returns a
JwtResponsecontaining the temporary token and its expiration time to the frontend.1.6 Token Expiry and Data Deletion:
The temporary token genereated on the registerStepOne (AuthService layer )is valid for 5 minutes.
If the user does not complete the second step (adding the phone number) within that timeframe, the user's isCompleted field remains false.
Every 5 minutes, the system checks all users in the database whose isCompleted is false and deletes those users who have not completed their registration, thus removing their data.
2. Step Two: Completing Registration with Phone Number
In this step, the user completes the registration process by providing their phone number.
Flow:
2.1 Frontend Interaction:
The user submits their phone number along with the temporary JWT token generated in Step One, via a
UserRegisterStepTwoDTO.2.2 AuthController --> DTO Validation:
The backend validates the DTO. If the validation fails, an error response is returned. If the validation passes, the process continues.
2.3 AuthController --> Token Retrieval:
The backend retrieves the temporary JWT token from the SecurityContext and uses it to retrieve the associated user details.
2.4 AuthService.registerStepTwo:
The backend performs several actions:
It checks if the phone number already exists in the system.
PhoneAlreadyExistsExceptionis thrown.It extracts the email from the temporary token.
It looks up the user by email and updates the user entity with the provided phone number.
It marks the registration process as completed and persists the updated user information.
2.5 Final Token Generation:
After the phone number is successfully added, a permanent JWT token is generated, valid for 1 hour.
2.6 Response:
A
JwtResponsecontaining the final token and its expiration time is sent to the frontend.3. JWT Authentication Filter
The JWT authentication filter ensures that every HTTP request containing a JWT token is validated. This filter is part of the security filter chain, executing every time a request is made with a token.
Flow:
3.1 Token Validation:
The JWT authentication filter intercepts every request and validates the token.
If the token is invalid, an error response is returned.
If the token is valid, the filter extracts the user identifier (either an email or phone number).
3.2 Loading User Details:
The filter invokes
CustomUserDetailsService.loadUserByUsernamewith the identifier extracted from the token.The service determines if the identifier contains an "@" character (indicating it's an email) or if it's a phone number.
It then loads the corresponding user details based on this identifier.
3.3 Authentication Setup:
Once the user details are successfully loaded, an authentication token is created and placed in the SecurityContext, ensuring the request is authenticated and authorized.
Mermaid Diagram:
Beta Was this translation helpful? Give feedback.
All reactions