Skip to content

aioutlet/auth-service

BranchesTags

Repository files navigation

Auth Service

auth service is a microservice responsible for handling user authentication and authorization for the AIOutlet platform. It supports both traditional username/password login and social login via OAuth2 providers such as Google, Facebook, and Twitter. Upon successful authentication, it issues JWT tokens that can be used to access other microservices within the platform.

Features

  • User login with email and password
  • Social login with Google, Facebook, and Twitter OAuth2
  • Unified JWT token issuance for both local and social authentication flows
  • Role-based access control (e.g., roles like user, admin)
  • MongoDB for secure credential and session data storage
  • Secure password hashing with bcrypt
  • JWT validation middleware for protecting API routes
  • Support for account linking (link social accounts to existing user profiles)
  • Refresh token mechanism for improved security and session management
  • Integration hooks for API Gateway to manage authentication and routing

Architecture

This service is built with Node.js and Express, using JWT for authentication and Mongoose for MongoDB object modeling.

The microservice is designed to be deployed independently and can run locally, via Docker, or in Kubernetes (AKS).

Getting Started

Prerequisites

  • Node.js v16+
  • MongoDB instance (local, Docker, or cloud)
  • OAuth2 credentials for Google, Facebook, and Twitter (for social login)

Environment Variables

Create a .env file in the root with the following variables:

PORT=4000
MONGO_URI=mongodb://localhost:27017/auth-service-db
JWT_SECRET=your_jwt_secret_key
SESSION_SECRET=your_session_secret_key

GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
GOOGLE_CALLBACK_URL=http://localhost:4000/auth/google/callback

FACEBOOK_APP_ID=your_facebook_app_id
FACEBOOK_APP_SECRET=your_facebook_app_secret
FACEBOOK_CALLBACK_URL=http://localhost:4000/auth/facebook/callback

TWITTER_CONSUMER_KEY=your_twitter_consumer_key
TWITTER_CONSUMER_SECRET=your_twitter_consumer_secret
TWITTER_CALLBACK_URL=http://localhost:4000/auth/twitter/callback

Installation

git clone https://github.com/aioutlet/auth-service.git
cd auth-service
npm install

Running Locally

npm start

The service will be available at http://localhost:4000.

API Endpoints

Method Endpoint Description
POST /auth/login Login with email/password
POST /auth/logout Logout user / invalidate session
POST /auth/refresh-token Refresh JWT token
POST /auth/forgot-password Initiate password reset (send reset email)
POST /auth/reset-password Reset password using reset token
POST /auth/change-password Change password (authenticated user)
POST /auth/verify-email Verify user email using verification token
GET /auth/google Redirect to Google OAuth login
GET /auth/google/callback Google OAuth callback
GET /auth/facebook Redirect to Facebook OAuth login
GET /auth/facebook/callback Facebook OAuth callback
GET /auth/twitter Redirect to Twitter OAuth login
GET /auth/twitter/callback Twitter OAuth callback
GET /auth/me Get current user info (requires JWT)

Folder Structure

auth-service/
├── src/
│   ├── app.js
│   ├── config/
│   │   └── apiGateway.config.js   # API Gateway integration config
│   ├── controllers/
│   │   ├── auth.controller.js     # Auth route handlers (login, logout, etc.)
│   │   └── accountLink.controller.js  # Social/local account linking handlers
│   ├── middlewares/
│   │   ├── auth.middleware.js     # JWT validation middleware
│   │   └── refreshToken.middleware.js # Refresh token validation
│   ├── models/
│   │   ├── user.model.js          # User schema with social accounts
│   │   └── refreshToken.model.js # Refresh tokens schema/storage
│   ├── routes/
│   │   ├── auth.routes.js         # Auth routes (login, logout, forgot/reset password)
│   │   └── accountLink.routes.js  # Routes for linking/unlinking accounts
│   ├── services/
│   │   ├── auth.service.js        # Auth business logic (login, register, social login)
│   │   └── accountLink.service.js # Account linking logic
│   ├── utils/
│   │   ├── jwt.js                 # JWT sign/verify helpers
│   │   ├── email.js               # Email sending helpers (for verification, reset)
│   │   ├── oauth.js               # OAuth helper functions
│   │   └── logger.js              # Centralized logging utility
│   └── validators/
│       ├── auth.validator.js     # Input validation for auth endpoints
│       └── accountLink.validator.js # Validation for account linking input
├── tests/
│   ├── auth.test.js              # Unit and integration tests for auth
│   └── accountLink.test.js       # Tests for account linking
├── .env.example                  # Sample environment variables file
├── Dockerfile                   # Dockerfile to containerize the service
├── docker-compose.yml           # Optional: to run auth-service with dependencies
├── package.json                 # Node.js dependencies and scripts
├── README.md                    # Service documentation
└── LICENSE                      # License file

Contributing

Contributions are welcome! Please open issues or submit pull requests.

License

MIT License

Contact

For questions or support, reach out to the AIOutlet dev team.

About

Authentication and authorization with OAuth2, JWT, and social login support

Topics

express node mongodb microservice auth aioutlet

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages