A backend authentication service built with Spring Boot, designed to handle common auth flows in a scalable, microservice-friendly way.
This project focuses on core authentication logic and system design, not on being a fully production-ready OSS.
- User registration and login
- Email verification workflow
- Forgot password with OTP verification
- Logout with JWT invalidation
- JWT-based authentication
- JWT blacklisting using Redis
- Cookie-based auth support
- rate limiting
- Java + Spring Boot
- Redis
- JWT blacklisting
- OTP storage
- RabbitMQ
- Asynchronous email delivery
- REST APIs
- Stateless authentication with tokens
- Redis is used for fast, in-memory validation of revoked tokens and OTPs.
- RabbitMQ decouples email sending from request flow, improving reliability and response time.
This is an evolving project.
Core authentication flows are implemented, while some advanced features (refresh token rotation, multi-tenant support, etc.) are intentionally left out for clarity and focus.
##The goal of this project is to demonstrate:
- Authentication design
- Security trade-offs
- Async processing
- Clean separation of concerns
This service is meant to be used as a plug-and-play auth component in a larger system.