This repository contains a simple example of HMAC-SHA256-based authentication in a Spring Boot application. HMAC-SHA256 (Hash-based Message Authentication Code using the SHA-256 hash function) is a cryptographic technique used for verifying the integrity and authenticity of data.
The application includes an AuthenticationController that provides two endpoints:
-
/api/generate-secret-key: This endpoint generates a new secret key for HMAC-SHA256 and returns it as a Base64-encoded string. This key is used for signature validation during login. -
/api/login: This endpoint validates a user's login attempt by comparing the received HMAC-SHA256 signature with the stored secret key.
To use this application, follow these steps:
-
Clone the repository to your local machine:
git clone https://github.com/swapniltake1/hmacsha256demo.git
-
Build and run the Spring Boot application using your preferred IDE or with Maven:
mvn spring-boot:run
-
Access the following endpoints:
- Generate a new secret key:
http://localhost:8080/api/generate-secret-key - Validate a login:
http://localhost:8080/api/login
- Generate a new secret key:
-
Use the secret key generated in step 3 to create HMAC-SHA256 signatures for login validation.
- Spring Boot: Spring Boot is used to create the web application and manage dependencies.
If you'd like to contribute to this project, please follow these guidelines:
-
Fork the repository.
-
Create a new branch for your feature or bug fix:
git checkout -b feature/my-feature
-
Make your changes and commit them:
git commit -m "Add my feature" -
Push your changes to your fork:
git push origin feature/my-feature
-
Create a pull request on the original repository.
This project is licensed under the MIT License - see the LICENSE file for details.
