File tree 1 file changed +27
-1
lines changed
1 file changed +27
-1
lines changed Original file line number Diff line number Diff line change 1- # spring-security-ott
1+ ## πΉ How Spring Security Validates the OTT?
2+
3+ Spring Security has a built-in filter and authentication provider to handle ** One-Time Token (OTT)** validation.
4+
5+ ### π Request to ` /login/ott?token=XYZ `
6+ 1 . The user clicks on the ** magic link** or enters the ** token manually** .
7+ 2 . The request is sent to ` /login/ott ` with the ** token** as a query parameter.
8+
9+ ### π‘οΈ Spring Security Intercepts the Request
10+ - ` OneTimeTokenAuthenticationFilter ` (part of Spring Security) ** intercepts the request** .
11+ - It ** extracts** the token value from the request (` token=XYZ ` ).
12+
13+ ### π Delegates to Authentication Manager
14+ - Spring Security ** delegates** the token to ` OneTimeTokenAuthenticationProvider ` .
15+
16+ ### β
Token Validation Process
17+ β ** Checks if the token exists** in the database or token storage.
18+ β ** Validates token expiry** (time-limited).
19+ β ** Verifies token association** with the correct user.
20+
21+ ### π Authentication Success or Failure
22+ β
** If valid** β Spring Security ** authenticates** the user and starts a session.
23+ β ** If invalid/expired** β Returns an ** authentication error (401 Unauthorized)** .
24+
25+ ---
26+
27+ This structure makes it ** clear, professional, and easy to read** for GitHub users. Let me know if you need any changes! π
You canβt perform that action at this time.
0 commit comments