Service for authentication management for microservices architecture.
- Language: Go
- Database: PostgreSQL
- Cache: Memcached
- Message Broker: LavinMQ / RabbitMQ
- Containerization: Docker
- Orchestration: Kubernetes
# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=auth
DB_PASSWORD=auth
DB_NAME=auth_management
# JWT Configuration
JWT_SECRET=aksjmkjdkfiaosjkdjsdoquwqiw
# Cache Configuration
CACHE_HOST=localhost
CACHE_PORT=11211
# Message Broker Configuration
BROKER_HOST=localhost
BROKER_PORT=5672
BROKER_USERNAME=guest
BROKER_PASSWORD=guest
BROKER_VHOST=someone
# OpenTelemetry Configuration
OTLP_HOST=localhost
OTLP_PORT=4317Endpoint: POST /api/auth/register
Request Body:
{
"username": "test",
"password": "test"
}Response Codes:
201- Created (User successfully registered)400- Bad Request (Invalid input data)409- Conflict (Username already exists)
Endpoint: POST /api/auth/login
Request Body:
{
"username": "test",
"password": "test"
}Response Body:
{
"data": {
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "08ca5a94f78c6744",
}
},
"path": "api/auth/login"
}Response Codes:
200- OK (Login successful)400- Bad Request (Invalid input data)401- Unauthorized (Invalid credentials)
Endpoint: POST /api/auth/token
Request Body:
{
"refresh_token": "08ca5a94f78c6744"
}Response Body:
{
"data": {
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "08ca5a94f78c6744",
}
},
"path": "api/auth/token"
}Response Codes:
200- OK (Token refreshed successfully)401- Unauthorized (Invalid or expired refresh token)
- Go 1.21+
- Docker & Docker Compose
- PostgreSQL 15+
- Memcached
- LavinMQ or RabbitMQ
- Clone the repository
git clone https://github.com/nurmanhadi/go-auth-management.git
cd auth-management- Set up environment variables
cp .env.example .env
# Edit .env with your configuration- Run with Docker Compose
docker-compose up -d- Run migrations
make migrate-up# Run locally
go run cmd/main.go
# Run tests
go test ./...
# Build
go build -o bin/auth-service cmd/main.go- User sends registration request to
POST /api/auth/register - Service validates input data
- Password is hashed using bcrypt
- User data is stored in PostgreSQL database
- Message is published to message broker (LavinMQ/RabbitMQ) for downstream services (e.g., user id)
- Returns 201 Created response
- User sends login credentials to
POST /api/auth/login - Service validates credentials against database
- If valid, generates JWT access token and refresh token
- Refresh token is stored in Memcached with TTL (Time To Live)
- Returns access token and refresh token to client
- Client sends refresh token to
POST /api/auth/token - Service validates refresh token from Memcached
- If valid, generates new access token
- Returns new access token to client
Published when a new user successfully registers.
Payload:
{
"event": "user.registered",
"timestamp": "2025-11-12T10:30:00Z",
"data": {
"user_id": "uuid-here",
"username": "username",
"registered_at": "2025-11-12T10:30:00Z"
}
}Exchange: auth.exchange
Routing Key: user.registered
- Key Pattern:
refresh:{token_value} - Value: User ID or session data (JSON)
- TTL: 7 days (configurable)
- Purpose: Fast validation and session management
- Refresh tokens are automatically expired after TTL
- Manual invalidation on logout (if implemented)
- Token rotation on refresh
- Store
JWT_SECRETsecurely (use secrets management in production) - Use strong passwords for database and broker
- Enable TLS/SSL for production deployments
- Implement rate limiting on authentication endpoints
- Use secure password hashing (bcrypt recommended)
- Set appropriate TTL for refresh tokens in cache
- Implement token rotation strategy
- Use HTTPS for all API endpoints
This project is licensed under the MIT License.
Nurman Hadi
Backend Developer (Golang, Microservices)
GitHub: nurmanhadi