Back End Login Details #12

New issue

Closed

opened 2024-10-02 15:30:47 +00:00 by mattdimegs · 3 comments

mattdimegs commented 2024-10-02 15:30:47 +00:00 (Migrated from github.com)

Copy link

Back End connection is established to the Database to allow users to login. These phone numbers should be all numbers, no special characters. The password should be encrypted. The return statement should include the user's account information.

Back End connection is established to the Database to allow users to login. These phone numbers should be all numbers, no special characters. The password should be encrypted. The return statement should include the user's account information.

John4064 commented 2024-10-03 04:14:15 +00:00 (Migrated from github.com)

Copy link

Steps:

• first establish basic endpoints to login/register
• setup encryption of password either on the frontend level or backend(research best practices)
• Setup security (Spring-security) to properly protect these endpoints
• Integrate into the onsubmit of form on login page(This takes places in Tones React Native APP)

# Steps: - first establish basic endpoints to login/register - setup encryption of password either on the frontend level or backend(research best practices) - Setup security (Spring-security) to properly protect these endpoints - Integrate into the onsubmit of form on login page(This takes places in Tones React Native APP)

mattdimegs commented 2025-04-29 19:33:23 +00:00 (Migrated from github.com)

Copy link

Achieved with PocketBase, closed task.

Achieved with PocketBase, closed task.

John4064 commented 2025-04-29 19:35:10 +00:00 (Migrated from github.com)

Copy link

can I connect pocketbase to an existing spring boot crud api, and use pocketbase for the auth login and spring boot crud api for the data

Yes, you can integrate PocketBase authentication with an existing Spring Boot CRUD API. Here's how to achieve this:

Key Integration Strategy

PocketBase will handle user authentication and JWT issuance, while Spring Boot validates these tokens and processes CRUD operations. The flow works as:

Frontend → Authenticates with PocketBase → Gets JWT → Sends JWT to Spring Boot → Spring Boot validates JWT → Processes request

Implementation Steps

1. PocketBase Configuration

• Enable desired auth methods (email/password, OAuth2, etc.) in your collection
• Retrieve valid JWT tokens after successful authentication using:

// Frontend example
const authData = await pb.collection("users").authWithPassword(email, password);
const jwt = authData.token;

2. Spring Boot JWT Validation
Use one of these methods to verify PocketBase tokens:

Method A: Direct JWT Validation

// Requires PocketBase's JWT secret (configure in application.properties)
@Bean
public JwtDecoder jwtDecoder() {
    return NimbusJwtDecoder.withSecretKey(
        new SecretKeySpec(jwtSecret.getBytes(), "HS256")
    ).build();
}

Method B: API Validation (No Shared Secret)

// Spring Boot service
public boolean validateToken(String jwt) {
    String url = "http://pocketbase:8090/api/collections/users/auth-refresh";
    
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwt);
    
    ResponseEntity<String> response = restTemplate.exchange(
        url, 
        HttpMethod.POST, 
        new HttpEntity<>(headers), 
        String.class
    );
    
    return response.getStatusCode().is2xxSuccessful();
}

3. Spring Security Configuration

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/api/public/**").permitAll()
                .anyRequest().authenticated()
            )
            .oauth2ResourceServer(oauth2 -> oauth2
                .jwt(jwt -> jwt.decoder(jwtDecoder()))
            );
        
        return http.build();
    }
}

Data Relationship Management

-- Example Spring Boot database schema
CREATE TABLE orders (
    id UUID PRIMARY KEY,
    user_id VARCHAR(21) REFERENCES pocketbase_users(id),
    total DECIMAL
);

Advantages and Considerations

Aspect	PocketBase Auth + Spring Boot Data
Development Speed	✅ Fast auth setup
Security Maintenance	✅ Centralized auth logic
Scalability	⚠️ Validate network calls add latency
Data Consistency	⚠️ Requires user ID synchronization

Best Practices

1. Use HTTPS for all PocketBase ↔ Spring Boot communication
2. Cache validation results for frequent tokens
3. Implement role-based access control in Spring Boot using PocketBase's user metadata
4. Set token expiration times appropriately (default 15m in PocketBase)

This architecture lets you leverage PocketBase's robust authentication system while maintaining full control over business logic and data management in Spring Boot.

⁂

<img src="https://r2cdn.perplexity.ai/pplx-full-logo-primary-dark%402x.png" class="logo" width="120"/> # can I connect pocketbase to an existing spring boot crud api, and use pocketbase for the auth login and spring boot crud api for the data Yes, you can integrate PocketBase authentication with an existing Spring Boot CRUD API. Here's how to achieve this: ## Key Integration Strategy PocketBase will handle user authentication and JWT issuance, while Spring Boot validates these tokens and processes CRUD operations. The flow works as: ``` Frontend → Authenticates with PocketBase → Gets JWT → Sends JWT to Spring Boot → Spring Boot validates JWT → Processes request ``` ## Implementation Steps **1. PocketBase Configuration** - Enable desired auth methods (email/password, OAuth2, etc.) in your collection - Retrieve valid JWT tokens after successful authentication using: ```javascript // Frontend example const authData = await pb.collection("users").authWithPassword(email, password); const jwt = authData.token; ``` **2. Spring Boot JWT Validation** Use one of these methods to verify PocketBase tokens: **Method A: Direct JWT Validation** ```java // Requires PocketBase's JWT secret (configure in application.properties) @Bean public JwtDecoder jwtDecoder() { return NimbusJwtDecoder.withSecretKey( new SecretKeySpec(jwtSecret.getBytes(), "HS256") ).build(); } ``` **Method B: API Validation (No Shared Secret)** ```java // Spring Boot service public boolean validateToken(String jwt) { String url = "http://pocketbase:8090/api/collections/users/auth-refresh"; HttpHeaders headers = new HttpHeaders(); headers.setBearerAuth(jwt); ResponseEntity&lt;String&gt; response = restTemplate.exchange( url, HttpMethod.POST, new HttpEntity&lt;&gt;(headers), String.class ); return response.getStatusCode().is2xxSuccessful(); } ``` **3. Spring Security Configuration** ```java @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(auth -&gt; auth .requestMatchers("/api/public/**").permitAll() .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -&gt; oauth2 .jwt(jwt -&gt; jwt.decoder(jwtDecoder())) ); return http.build(); } } ``` ## Data Relationship Management ```sql -- Example Spring Boot database schema CREATE TABLE orders ( id UUID PRIMARY KEY, user_id VARCHAR(21) REFERENCES pocketbase_users(id), total DECIMAL ); ``` ## Advantages and Considerations | Aspect | PocketBase Auth + Spring Boot Data | | :-- | :-- | | Development Speed | ✅ Fast auth setup | | Security Maintenance | ✅ Centralized auth logic | | Scalability | ⚠️ Validate network calls add latency | | Data Consistency | ⚠️ Requires user ID synchronization | **Best Practices** 1. Use HTTPS for all PocketBase ↔ Spring Boot communication 2. Cache validation results for frequent tokens 3. Implement role-based access control in Spring Boot using PocketBase's user metadata 4. Set token expiration times appropriately (default 15m in PocketBase) This architecture lets you leverage PocketBase's robust authentication system while maintaining full control over business logic and data management in Spring Boot. <div style="text-align: center">⁂</div> [^1]: https://pocketbase.io/docs/authentication/ [^2]: https://github.com/pocketbase/pocketbase/discussions/4986 [^3]: https://slashdev.io/-guide-to-building-secure-backends-in-spring-boot-in-2024 [^4]: https://www.linkedin.com/posts/shubham1chawla_developer-backend-springboot-activity-7206435185733607425-VDBd [^5]: https://stackoverflow.com/questions/41912335/how-can-i-do-the-basic-authentication-with-database-spring-boot-and-restful-webs [^6]: https://www.youtube.com/watch?v=eUEJRaJfS_k [^7]: https://pocketbase.io [^8]: https://stackoverflow.com/questions/tagged/pocketbase [^9]: https://dev.to/hasnain01hub/firebase-vs-pocketbase-vs-appwrite-5k0 [^10]: https://github.com/pocketbase/pocketbase/discussions/1136 [^11]: https://www.tiktok.com/@lewismenelaws/video/7397121338302844166 [^12]: https://github.com/pocketbase/pocketbase/discussions/3200 [^13]: https://marmelab.com/react-admin/DataProviderList.html [^14]: https://www.reddit.com/r/pocketbase/comments/18mj7f3/best_approach_for_machine_authentication/ [^15]: https://sveltethemes.dev/category/oauth2 [^16]: https://stackoverflow.com/questions/78998495/sveltekit-pocketbase-sdk-request-made-as-guest-not-with-authrecord [^17]: https://github.com/pocketbase/pocketbase/discussions/3460 [^18]: https://stackoverflow.com/questions/75895859/pocketbase-re-authenticate-user [^19]: https://stackoverflow.com/questions/27651627/spring-boot-rest-token-authorization-and-authentication-best-practices [^20]: https://stackoverflow.com/questions/77168564/okhttp-post-sending-invalid-format-to-pocketbase [^21]: https://www.reddit.com/r/pocketbase/comments/1c67ye8/is_pocketbase_made_for_server_side_client_logins/ [^22]: https://zuplo.com/blog/2025/04/07/java-spring-boot-rest-api-tutorial [^23]: https://github.com/pocketbase/pocketbase/discussions/2458 [^24]: https://stackoverflow.com/questions/75523871/pocketbase-api-rule-to-only-create-record-if-there-isnt-already-a-record-with-t [^25]: https://stackoverflow.com/questions/79382446/why-is-my-pocketbase-hook-returning-404-on-localhost8090-api-hello-world [^26]: https://dev.to/prafful/spring-boot-rest-api-authentication-best-practices-using-jwt-2022-3j2d [^27]: https://www.reddit.com/r/sveltejs/comments/17z8dya/whats_your_preferred_authentication_solution/ [^28]: https://www.youtube.com/watch?v=HlA3Pl8YkRg [^29]: https://auth0.com/blog/spring-boot-authorization-tutorial-secure-an-api-java/ [^30]: https://github.com/pocketbase/pocketbase/discussions/4073 [^31]: https://github.com/pocketbase/pocketbase/discussions/4034 [^32]: https://www.reddit.com/r/pocketbase/comments/1fnlpnn/where_to_store_the_auth_token_when_we_implement/

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feature/notification-system

No results found.

Labels

Clear labels   

bugfix

  

dependencies

Pull requests that update a dependency file

  

documentation

  

error

  

feature

  

hotfix

  

javascript

Pull requests that update javascript code

  

refactor

No labels

bugfix

dependencies

documentation

error

feature

hotfix

javascript

refactor

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Doble/Tones#12

No description provided.