In this repository we keep the current state of development of our Authentication Service. The Authentication Service is a secure web application that provides users with two-factor authentication using Google Authenticator. The project is built using Java 11 and the web core framework. We have a heap of documentation available for the code in this repository. You may be interested in...
- Issues if you want to request a feature or report a bug.
- Code of Conduct
- Contributing Guidelines
- Java 11 or later
- Apache Maven 3.6.3 or later
- Clone the repository.
- Run
mvn clean installto build the application. - Start the application using
java -jar "file-name". - Configure the config.json and restart the program.
- The application will be available at
http://localhost:6472.
- Register a new user by providing a valid email address and password.
- After successful registration, log in to the application using the registered email and password.
- Enable two-factor authentication by scanning the QR code with the Google Authenticator app or manually entering the secret key.
- Log out of the application and log in again using the registered email and password.
- Enter the six-digit code generated by the Google Authenticator app when prompted.
- The application will authenticate the user and redirect to the home page.
- Passwords are hashed using BCrypt with a randomly generated salt for each user.
- Two-factor authentication is implemented using Google Authenticator, which generates one-time passwords that expire after a short time period.
- Secret keys for two-factor authentication are generated using a cryptographically secure random number generator and stored securely in the database.
main: The current main stage with the latest development version.prod: Production build (automatically deployed to the appropriate services)release/*: Release builds (e.g.release/2023.2.1, a stable running version named after the date)fix/*: Bug fix Branch (e.g.fix/hash-bug, for bug fixes)feature/*: Feature Update Branch (e.g.feature/hash-update, for large updates)dev/*: Developer specific branch (e.g.dev/nicokempe, designed for small changes and only temporary)