Auth Service π
The Auth Service is responsible for user authentication, registration, and JWT token issuance in the ShopVerse platform.
It acts as the security entry point for users and integrates closely with the API Gateway to provide centralized authentication.
π― Responsibilitiesβ
The Auth Service handles:
- User login
- User registration
- Password validation & hashing
- JWT token generation
- Publishing authentication-related events
- Communicating with User Service for user data
π§ Why a Separate Auth Service?β
Separating authentication into its own service provides:
- Clear security boundaries
- Independent scaling
- Easier maintenance
- Ability to evolve auth mechanisms independently (OAuth, SSO, MFA)
Auth logic is not mixed with business services like Product or Order.
ποΈ High-Level Architectureβ
π Authentication Flow (Detailed)β
Login Flowβ
- Client sends credentials to Auth Service
- Auth Service fetches user data from User Service
- Password is validated using BCrypt
- JWT token is generated
- Auth event is published to Kafka
- JWT is returned to client
π JWT Strategyβ
- JWT is stateless
- Issued only by Auth Service
- Validated at API Gateway
- Contains minimal required claims
JWT Claimsβ
{
"sub": "user@example.com",
"role": "CUSTOMER",
"name": "User Name",
"iat": 1710000000,
"exp": 1710003600
}
π‘ Kafka Events Publishedβ
| Event Type | Topic | Purpose |
|---|---|---|
| USER_REGISTERED | auth-events | Notify system of new user |
| USER_LOGIN | auth-events | Track login activity |
These events are consumed by:
- Notification Service
- Analytics Service
π‘οΈ Security Measuresβ
- Passwords stored using BCrypt hashing
- No plaintext passwords stored or logged
- JWT signed using HS512
- Token expiration enforced
- Centralized exception handling
ποΈ Data Managementβ
The Auth Service does not own user profile data.
Instead:
- User details are fetched from User Service
- Auth Service focuses only on authentication concerns
This prevents data duplication and ensures single source of truth.
βοΈ Key Componentsβ
AuthControllerβ Handles login & registration endpointsAuthServiceβ Core authentication logicCustomUserDetailsServiceβ Loads user data securelyJwtServiceβ Token generation logicAuthEventPublisherβ Kafka event publishingGlobalExceptionHandlerβ Consistent error responses
β οΈ Failure Scenariosβ
β Invalid Credentialsβ
- Returns
401 Unauthorized - No sensitive details leaked
β User Not Foundβ
- Auth Service rejects request
- Prevents enumeration attacks
β Kafka Unavailableβ
- Auth still succeeds
- Event publishing failure is logged (non-blocking)
π Scalability Considerationsβ
- Stateless service β horizontal scaling
- No session storage
- JWT allows load-balanced deployments
- Kafka decouples downstream processing
π§ͺ Testing Strategyβ
- Unit tests for token generation
- Integration tests for login flow
- Mocked User Service responses
- Negative test cases for invalid credentials
π Summaryβ
The Auth Service provides:
- Centralized authentication
- Secure credential handling
- Stateless JWT-based security
- Event-driven extensibility
It forms the foundation of ShopVerseβs security model and enables all other services to operate securely.