Skip to content

Feature/ implement role-aware authentication with active role support#149

Merged
abdulazizacc merged 10 commits into
developmentfrom
feature/rules-for-authentication
Jun 25, 2026
Merged

Feature/ implement role-aware authentication with active role support#149
abdulazizacc merged 10 commits into
developmentfrom
feature/rules-for-authentication

Conversation

@abdulazizacc

Copy link
Copy Markdown
Member

Overview

This PR introduces role-aware authentication by extending the authentication system to support multiple user roles and attaching an active role to authenticated sessions.

This ensures that each token is associated with a specific role, preparing the system for future role-based authorization.

Changes

  • Added Role enum for system roles
  • Updated User model to support multiple roles
  • Added activeRole to RefreshToken
  • Integrated active role handling into login, register, and refresh flows
  • Added role validation to authentication requests (LoginRequest, RefreshTokenRequest)
  • Enhanced JWT validation to include active role checks
  • Added MissingActiveRoleException for missing role context
  • Removed email validation from CreateUserRequest

Supported roles:

  • CUSTOMER
  • SELLER
  • ADMIN

API Changes Example

Login Request
Before:

{
  "phoneNumber": "+your number",
  "password": "yourpassword"
}

After:

{
  "phoneNumber": "+your number",
  "password": "yourpassword",
  "role": "CUSTOMER"
}

The following endpoints now require the role field:

  • /v1/auth/login
  • /v1/auth/create/verify-otp
  • /v1/auth/refresh-token

@abdulazizacc abdulazizacc linked an issue Jun 21, 2026 that may be closed by this pull request
@abdulazizacc abdulazizacc self-assigned this Jun 21, 2026
@abdulazizacc abdulazizacc changed the title Feature/ implement role-based authentication with active role enforcement Feature/ implement role-aware authentication with active role support Jun 21, 2026
@abdulazizacc abdulazizacc merged commit c1b154d into development Jun 25, 2026
1 check passed
@abdulazizacc abdulazizacc deleted the feature/rules-for-authentication branch June 25, 2026 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Implement rules for authentication

2 participants