search

AhmetBahcivan / ChallengeChain

0 stars 0 forks source link

Login #22

Open AhmetBahcivan opened 1 year ago

AhmetBahcivan commented 1 year ago

  1. User enters email and password and clicks login on the Flutter app.

  2. The frontend service (Flutter) collects the login information (email and password) from the user's input.

  3. The frontend service sends a POST request to the backend service (Java) with the login information in the request body.

Frontend request:

POST /api/login
{
  "email": "user@example.com",
  "password": "userPassword"
}

  1. The backend service (Java) receives the login request from the frontend.

  2. The backend service checks if the user with the provided email exists in the database.

  3. If the user exists, the backend service then verifies if the provided password matches the one stored in the database for that user.

  4. If the email and password are correct, the backend service generates a JSON Web Token (JWT) for the user and also creates a refresh token.

  5. The backend service returns both the JWT and the refresh token along with a success response to the frontend.

Backend response (on successful login):

{
  "status": "success",
  "message": "Login successful.",
  "data": {
    "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "email": "user@example.com",
      "name": "John Doe"
    }
  }
}

  1. The frontend service (Flutter) receives the response from the backend.

  2. If the login was successful, the frontend service can store both the JWT token and the refresh token locally (e.g., in a secure storage) for subsequent authenticated requests.

  3. When the JWT token expires (usually after a short period), the frontend service can use the refresh token to request a new JWT token from the backend without requiring the user to log in again.

  4. The frontend service sends a POST request to the backend service with the refresh token to obtain a new JWT token.

Frontend request for token refresh:

POST /api/refresh_token
{
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

  1. The backend service (Java) receives the refresh token request from the frontend.

  2. The backend service validates the refresh token and checks if it's still valid and associated with a valid user.

  3. If the refresh token is valid, the backend service generates a new JWT token and returns it along with a success response to the frontend.

Backend response (on successful token refresh):

{
  "status": "success",
  "message": "Token refresh successful.",
  "data": {
    "jwt_token": "new_jwt_token",
    "user": {
      "email": "user@example.com",
      "name": "John Doe"
    }
  }
}
  1. If the refresh token is invalid (e.g., expired or revoked), the backend service returns an error response to the frontend.

Backend response (on failed token refresh):

{
  "status": "error",
  "message": "Invalid refresh token. Please log in again."
}

With the inclusion of the refresh token, the frontend can maintain an active user session even after the JWT token expires, providing a smoother user experience without frequent logins.