edk12564 opened a new pull request, #16: URL: https://github.com/apache/fineract-consumer-facing/pull/16
JIRA: FINERACT-2641 #Summary Now that registration is implemented, we need to implement authentication. The goal is go beyond basic auth and implement the beginnings of a modern consumer frontend login/auth process with security in mind. Items to be implemented: 1) Login returns an auth JWT to keep user logged in with refresh token for longer term accessibility 2) 2FA login with an OTP 3) Device Fingerprinting 4) ES256 for JWT generation to prevent JWT spoofing and to reuse for open banking later 5) Dev JWT key generation script 6) Bcrypt hashed passwords #Detailed Summary: - implemented authentication feature - used ES256 for asymmetric jwt generation - 2FA implemented with OTP - refresh tokens implemented - device fingerprints checked in login - password and username columns added - passwords hashed with bcrypt - generate jwt key script in PEM format - added tests for auth/login feature - added more tests for infrastructure, user features -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
