JWT Authentication System Implementation #4
Description
JWT Authentication System Implementation
User Story
As a user, I want secure authentication with JWT tokens so that my account and tasks are protected.
Technical Requirements
- Implement JWT token generation with RS256 signing
- Create access tokens (15 min) and refresh tokens (7 days)
- Build registration endpoint with email validation
- Build login endpoint with secure password hashing
- Create JWT middleware for protected routes
- Implement token refresh mechanism
- Add password requirements and validation
Acceptance Criteria
- Registration creates users with bcrypt password hashing
- Login returns valid JWT access and refresh tokens
- JWT middleware properly validates and extracts claims
- Token refresh works with valid refresh tokens
- Invalid/expired tokens return appropriate error responses
- Rate limiting implemented for auth endpoints
Definition of Done
- All authentication endpoints functional
- JWT middleware protects routes correctly
- Password security requirements enforced
- Token refresh mechanism working
- Comprehensive unit tests for auth logic
- API documentation updated with auth flow
API Endpoints
POST /api/v1/auth/register
POST /api/v1/auth/login
POST /api/v1/auth/refresh
POST /api/v1/auth/logout
GET /api/v1/auth/me
Implementation Guide
Required Dependencies
go get github.com/golang-jwt/jwt/v5
go get golang.org/x/crypto/bcrypt
go get github.com/go-playground/validator/v10Password Requirements
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Rate Limiting
- Registration: 5 attempts per hour per IP
- Login: 10 attempts per hour per IP
- Token refresh: 100 attempts per hour per user
Related Epic
Contributes to Epic #1: Core API Infrastructure
Metadata
Metadata
Assignees
Type
Projects
Status