Description
The existing authentication mechanism sets a cookie when logging in with a JWT token. While this works well for browsers, it is not suitable for mobile devices, which typically rely on Authorization headers instead of cookies.
This ticket aims to modify the authentication system to support mobile authentication while maintaining browser compatibility.
What You Will Learn
As a contributor, you will:
✅ Implement JWT token handling for mobile authentication.
✅ Learn refresh token mechanisms for secure session management.
✅ Work with middleware logic to support both web and mobile authentication.
✅ Understand best practices for secure authentication in web and mobile applications.
Desired Skills
🛠 Familiarity with JWT authentication and token management.
🛠 Knowledge of Express.js/Spring Boot (or applicable backend framework).
🛠 Understanding of middleware and request handling.
🛠 Experience with mobile API authentication (optional but beneficial).
Goals
Expected Outcome
The authentication system will support both web and mobile clients seamlessly, ensuring:
✔️ Web clients continue using cookies.
✔️ Mobile clients receive JWT tokens in the response body.
✔️ Refresh tokens enable long-lived authentication.
✔️ Middleware properly handles both cookies and Authorization headers.
Implementation Details
🔹 Detect user agent to differentiate between web and mobile requests.
🔹 Modify login flow to return JWT tokens in response body for mobile users.
🔹 Implement refresh token logic and store it securely.
🔹 Create a refresh token API to generate new JWT tokens when needed.
🔹 Update middleware to handle both web-based cookies and mobile Authorization headers.
Mockups/Wireframes
N/A
Product Name
AMRIT
Organisation Name
Piramal Swasthya Management and Research Institute
Domain
Healthcare
Tech Skills Needed
Spring Boot, Java
Mentor(s)
@drtechie
Complexity
High
Category
Backend
Description
The existing authentication mechanism sets a cookie when logging in with a JWT token. While this works well for browsers, it is not suitable for mobile devices, which typically rely on Authorization headers instead of cookies.
This ticket aims to modify the authentication system to support mobile authentication while maintaining browser compatibility.
What You Will Learn
As a contributor, you will:
✅ Implement JWT token handling for mobile authentication.
✅ Learn refresh token mechanisms for secure session management.
✅ Work with middleware logic to support both web and mobile authentication.
✅ Understand best practices for secure authentication in web and mobile applications.
Desired Skills
🛠 Familiarity with JWT authentication and token management.
🛠 Knowledge of Express.js/Spring Boot (or applicable backend framework).
🛠 Understanding of middleware and request handling.
🛠 Experience with mobile API authentication (optional but beneficial).
Goals
Expected Outcome
The authentication system will support both web and mobile clients seamlessly, ensuring:
✔️ Web clients continue using cookies.
✔️ Mobile clients receive JWT tokens in the response body.
✔️ Refresh tokens enable long-lived authentication.
✔️ Middleware properly handles both cookies and Authorization headers.
Implementation Details
🔹 Detect user agent to differentiate between web and mobile requests.
🔹 Modify login flow to return JWT tokens in response body for mobile users.
🔹 Implement refresh token logic and store it securely.
🔹 Create a refresh token API to generate new JWT tokens when needed.
🔹 Update middleware to handle both web-based cookies and mobile Authorization headers.
Mockups/Wireframes
N/A
Product Name
AMRIT
Organisation Name
Piramal Swasthya Management and Research Institute
Domain
Healthcare
Tech Skills Needed
Spring Boot, Java
Mentor(s)
@drtechie
Complexity
High
Category
Backend