[C4GT Community]: Handle JWT token-based authentication for mobile devices

[drtechie]

Description

The existing authentication mechanism sets a cookie when logging in with a JWT token. While this works well for browsers, it is not suitable for mobile devices, which typically rely on Authorization headers instead of cookies.

This ticket aims to modify the authentication system to support mobile authentication while maintaining browser compatibility.

What You Will Learn

As a contributor, you will:
✅ Implement JWT token handling for mobile authentication.
✅ Learn refresh token mechanisms for secure session management.
✅ Work with middleware logic to support both web and mobile authentication.
✅ Understand best practices for secure authentication in web and mobile applications.

Desired Skills

🛠 Familiarity with JWT authentication and token management.
🛠 Knowledge of Express.js/Spring Boot (or applicable backend framework).
🛠 Understanding of middleware and request handling.
🛠 Experience with mobile API authentication (optional but beneficial).

Goals

• Generate a JWT token in the response body for mobile users instead of setting a cookie.
• Implement refresh tokens with a long expiry for session management.
• Create a new API to refresh JWT tokens securely.
• Modify middleware to handle both cookies (for web) and Authorization headers (for mobile).

Expected Outcome

The authentication system will support both web and mobile clients seamlessly, ensuring:
✔️ Web clients continue using cookies.
✔️ Mobile clients receive JWT tokens in the response body.
✔️ Refresh tokens enable long-lived authentication.
✔️ Middleware properly handles both cookies and Authorization headers.

Implementation Details

🔹 Detect user agent to differentiate between web and mobile requests.
🔹 Modify login flow to return JWT tokens in response body for mobile users.
🔹 Implement refresh token logic and store it securely.
🔹 Create a refresh token API to generate new JWT tokens when needed.
🔹 Update middleware to handle both web-based cookies and mobile Authorization headers.

Mockups/Wireframes

N/A

Product Name

AMRIT

Organisation Name

Piramal Swasthya Management and Research Institute

Domain

Healthcare

Tech Skills Needed

Spring Boot, Java

Mentor(s)

@drtechie

Complexity

High

Category

Backend

[kevalkanp1011]

Interested!

[Aloneking789]

Can I also contribute to this
if you are okay @kevalkanp1011 we can collaborate on this to work on this issue
if you would allow it @drtechie

[kevalkanp1011]

i have no problem if @drtechie allows it.

[drtechie]

The more contributors, the better for us.
You guys will have to ensure you get C4GT points - coordinate with them.

[0xSiddu]

Hey @drtechie i would like to contribute to this issue.

[anuj846k]

/assign

[vishalmaurya850]

Assign this task to me under Code for Government Tech '25

[kevalkanp1011]

I am already working on this issue.

[drtechie]

@0xSiddu / @anuj846k / @vishalmaurya850
The ticket below is yet to be assigned. Check this if you are interested in backend changes.
#47

[Zapper9982]

Hey! @drtechie , I would like to work on that issue if its open !

[drtechie]

Locking this as the ticket is already assigned to @kevalkanp1011 as mentioned in comments.

[Sneha6003]

Hello @kevalkanp1011
Just wanted to check in for a quick update, could you please share the current status of completion?