[FEATURE] Login and Logout using JWT and OAuth 2.0

[ajaynegi45]

Is this feature already requested?

• I have checked "open" and "closed" issues, and this is not a duplicate.

Feature Description

Description:

Implement secure login and logout functionality using JWT and OAuth 2.0 in our library management system. The feature should ensure proper role-based access control (RBAC) for different user roles (ADMIN, LIBRARIAN, USER).

The frontend is built using React, so the solution must be compatible with the existing codebase. frontend Security issue

Fork security branch

Requirements:

1. Authentication Mechanism:

   • Implement JWT-based authentication for handling login and logout.
   • Integrate OAuth 2.0 to allow users to authenticate through third-party providers.

2. Role-Based Access Control (RBAC):

   • Implement role checking to restrict access to certain functionalities based on the user's role.
   • Example: Only admins should have access add LIBRARIAN and many more

3. Frontend Integration (React):

   • Ensure that the login and logout functionality integrates seamlessly with the existing React frontend.
   • The frontend should be able to securely store the JWT token and manage user sessions.

4. Security Considerations:

   • Implement token expiration and refresh logic for maintaining secure sessions.
   • Ensure logout functionality invalidates the JWT token on both the client and server.
   • Protect sensitive routes by ensuring only authenticated users with the proper roles can access them.

5. API Endpoints:

   • Define the necessary API endpoints for login and logout in the backend (Spring Boot).
   • Ensure the endpoints return appropriate HTTP status codes and messages.

[rishabhrawat05]

Hi! @ajaynegi45
Can you please assign this issue to me. I can help you with the secure login and logout functionality

[ajaynegi45]

Hi! @ajaynegi45 Can you please assign this issue to me. I can help you with the secure login and logout functionality

Hi @rishabhrawat05,

Thank you for expressing your interest in working on the "Login and Logout using JWT and OAuth 2.0" issue. I'm delighted to inform you that I have assigned this issue to you. Your willingness to contribute to our project is much appreciated.

Feel free to start working, and if you have any questions or need assistance during the process, please don't hesitate to reach out.

[rishabhrawat05]

Hey @ajaynegi45
Here are the updates of the project

1. Jwt Authentication is completed
2. working on role based and OAuth2

Here are some screenshots

[ajaynegi45]

Hey @ajaynegi45 Here are the updates of the project

1. Jwt Authentication is completed
2. working on role based and OAuth2

Here are some screenshots

Also Add username.

[rishabhrawat05]

Hey! @ajaynegi45
I have implemented Oauth2 security also and moving forward with role-based and frontend implementation, So can you provide a brief about which role to assign to which services/API, because it is not mentioned above.

[ajaynegi45]

"ADMIN and LIBRARIAN roles will have full access to all APIs. The USER role, however, will have restricted access. Specifically, the USER role does not have permission to access the following APIs:

• addBook
• updateBook
• deleteBook
• getAllBorrowings
• getSingleBorrowingById
• getAllMembers
• getMemberById

If there are any other endpoints that require role-based access, feel free to reach out!"

[rishabhrawat05]

Hi! @ajaynegi45
I have implemented role-based authentication and would like to ask you if I should add, deleteMember API also authenticated to admin and librarian or keep it just like that.

[ajaynegi45]

Hi! @ajaynegi45 I have implemented role-based authentication and would like to ask you if I should add, deleteMember API also authenticated to admin and librarian or keep it just like that.

update that also