crypto-trader-api/org.cryptotrader.api.controller/AuthController

AuthController

@RestController
@RequestMapping(value = "/api/auth")
open class AuthController

Authentication API endpoints implementing DPoP-bound access tokens and rotating refresh tokens. Endpoints: - POST /api/auth/signup — Optional DPoP proof; when present, the issued access token is bound via cnf.jkt. - POST /api/auth/login — Optional DPoP proof; when present, the issued access token is bound via cnf.jkt. - POST /api/auth/refresh — Requires valid DPoP proof and HttpOnly refresh cookie; rotates cookie and returns new access token. - GET /api/auth/logout — Revokes refresh token family, clears cookie, blacklists current access token. Headers: - Authorization: DPoP (for protected resources; not used on login/signup) - DPoP:

Constructors

Link copied to clipboard
@Autowired
constructor(authService: AuthService, userEventsPublisher: UserEventsPublisher, productUserService: ProductUserService, authContextService: AuthContextService, jwtTokenService: JwtTokenService, refreshTokenService: RefreshTokenService, replayCache: DpopReplayCache, dpopVerifier: DpopVerifierService)

Functions

Link copied to clipboard
@GetMapping(value = "/logged-in")
open fun isLoggedIn(): ResponseEntity<AuthResponse>
Quick status check used by the UI.
Link copied to clipboard
open fun login(loginRequest: LoginRequest): ResponseEntity<AuthResponse>
Overload without DPoP or request argument for tests.
@PostMapping(value = "/login")
open fun login(@RequestBody loginRequest: LoginRequest, @RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>
Log in and start a session.
Link copied to clipboard
open fun logout(): ResponseEntity<AuthResponse>
Overload without DPoP or request argument for tests.
@PostMapping(value = "/logout")
open fun logout(@RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>
Log out and end the session.
Link copied to clipboard
@GetMapping(value = "/logout")
open fun logoutGet(@RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>
Link copied to clipboard
@PostMapping(value = "/refresh")
open fun refresh(@RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>
Refresh the access token.
Link copied to clipboard
open fun signup(signupRequest: SignupRequest): ResponseEntity<AuthResponse>
Overload without DPoP or request argument for tests.
@PostMapping(value = "/signup")
open fun signup(@RequestBody signupRequest: SignupRequest, @RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>
Sign up a new user and start a session.