Skip to content

Instantly share code, notes, and snippets.

@M4R1KU
Last active November 14, 2017 10:16
Show Gist options
  • Save M4R1KU/26f084de3d10f3107d9c82bf215f681f to your computer and use it in GitHub Desktop.
Save M4R1KU/26f084de3d10f3107d9c82bf215f681f to your computer and use it in GitHub Desktop.

Auth Outcobra

Login/SignUp-Request

  1. Make Request to Endpoint
  2. Provide JWT (Google) Or Identifier (Username-Password)
  3. Validate Google JWT
  4. Check for Identity
  5. If exists => Return matching user
  6. If not exists 1. Check for User
    1. If exists create new Identity
    2. If not exists 1. Google => Create new User and new Identity 2. Username-Password
      1. Check for password validity and unique Username
      2. Create new User and new Identity Or throw ValidationException if condition from above returns false 2. Return User
  7. Create JWT for returned User

API-Request

  1. Make Request
  2. Check for JWT in Authorization Header
  3. If missing => Throw Exception
  4. Check Signature and Expiration
  5. Signature Or Expiration invalid => Throw Exception
  6. Search user by JWT Payload subject
  7. If not found => Throw Exception
  8. Set user as current user in SecurityContextHolder
  9. Finish FilterChain
  10. Set current user to null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment