Assist_Design

ankhbayar/Assist_Design

Fork 0

Commit Graph

Author	SHA1	Message	Date
barsa	2266167467	Enhance JWT handling and authentication flow - Introduced support for previous JWT secrets in the environment configuration to facilitate key rotation. - Refactored the JoseJwtService to manage multiple signing and verification keys, improving security during token validation. - Updated the AuthTokenService to include family identifiers for refresh tokens, enhancing session management and security. - Modified the PasswordWorkflowService and SignupWorkflowService to return session metadata instead of token strings, aligning with security best practices. - Improved error handling and token revocation logic in the TokenBlacklistService and AuthTokenService to prevent replay attacks. - Updated documentation to reflect changes in the authentication architecture and security model.	2025-12-12 15:29:58 +09:00
barsa	88b9ac0a19	Enhance authentication and CSRF protection mechanisms - Introduced optional JWT issuer and audience configurations in the JoseJwtService for improved token validation. - Updated CSRF middleware to streamline token validation and enhance security measures. - Added new environment variables for JWT issuer and audience, allowing for more flexible authentication setups. - Refactored CSRF controller and middleware to improve token handling and security checks. - Cleaned up and standardized cookie paths for access and refresh tokens in the AuthController. - Enhanced error handling in the TokenBlacklistService to manage Redis availability more effectively.	2025-12-12 15:00:11 +09:00
barsa	12299b5b44	Remove deprecated documentation files related to architecture, validation, and integration processes. This cleanup enhances maintainability and reduces clutter in the repository, ensuring a more streamlined development environment.	2025-10-08 18:14:12 +09:00

Author

SHA1

Message

Date

barsa

2266167467

Enhance JWT handling and authentication flow

- Introduced support for previous JWT secrets in the environment configuration to facilitate key rotation.
- Refactored the JoseJwtService to manage multiple signing and verification keys, improving security during token validation.
- Updated the AuthTokenService to include family identifiers for refresh tokens, enhancing session management and security.
- Modified the PasswordWorkflowService and SignupWorkflowService to return session metadata instead of token strings, aligning with security best practices.
- Improved error handling and token revocation logic in the TokenBlacklistService and AuthTokenService to prevent replay attacks.
- Updated documentation to reflect changes in the authentication architecture and security model.

2025-12-12 15:29:58 +09:00

barsa

88b9ac0a19

Enhance authentication and CSRF protection mechanisms

- Introduced optional JWT issuer and audience configurations in the JoseJwtService for improved token validation.
- Updated CSRF middleware to streamline token validation and enhance security measures.
- Added new environment variables for JWT issuer and audience, allowing for more flexible authentication setups.
- Refactored CSRF controller and middleware to improve token handling and security checks.
- Cleaned up and standardized cookie paths for access and refresh tokens in the AuthController.
- Enhanced error handling in the TokenBlacklistService to manage Redis availability more effectively.

2025-12-12 15:00:11 +09:00

barsa

12299b5b44

Remove deprecated documentation files related to architecture, validation, and integration processes. This cleanup enhances maintainability and reduces clutter in the repository, ensuring a more streamlined development environment.

2025-10-08 18:14:12 +09:00

3 Commits