Skip to content

Java-Techie-jt/spring-security-ott

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
src
src
Β 
Β 
README.md
README.md
Β 
Β 
pom.xml
pom.xml
Β 
Β 

Repository files navigation

πŸ”Ή How Spring Security Validates the OTT?

Spring Security has a built-in filter and authentication provider to handle One-Time Token (OTT) validation.

πŸ”— Request to /login/ott?token=XYZ

  1. The user clicks on the magic link or enters the token manually.
  2. The request is sent to /login/ott with the token as a query parameter.

πŸ›‘οΈ Spring Security Intercepts the Request

  • OneTimeTokenAuthenticationFilter (part of Spring Security) intercepts the request.
  • It extracts the token value from the request (token=XYZ).

πŸ”„ Delegates to Authentication Manager

  • Spring Security delegates the token to OneTimeTokenAuthenticationProvider.

βœ… Token Validation Process

βœ” Checks if the token exists in the database or token storage.
βœ” Validates token expiry (time-limited).
βœ” Verifies token association with the correct user.

πŸ”“ Authentication Success or Failure

βœ… If valid β†’ Spring Security authenticates the user and starts a session.
❌ If invalid/expired β†’ Returns an authentication error (401 Unauthorized).

This structure makes it clear, professional, and easy to read for GitHub users. Let me know if you need any changes! πŸš€

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages