{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"a31ae842-5a8d-43fa-a429-cd3a0d2260a6","name":"Advanced-auth","description":"# 🔐 Advanced-auth API\n\n**Base URL:**\n\n```\nhttp://127.0.0.1:5005\n\n ```\n\n# Overview\n\n**Advanced-auth** is a modern and secure Authentication & Authorization system built with **Node.js + Express**.\n\nIt provides multiple authentication methods, including **Email/Password with OTP verification** and **Social logins (Google, Facebook, X)**.\n\nThe system leverages **Redis** for OTP handling and job queue management (via **Bull**) to ensure both performance and reliability, while following a clean, scalable architecture.\n\n---\n\n## 🚀 Key Features\n\n### 👤 User Management\n\n- **Signup** with email and password, verified via **OTP sent to email**.\n    \n- **Email Verification** with a welcome email after successful activation.\n    \n- **Login / Logout** with secure session handling (MongoDB-based).\n    \n- **Forgot / Reset Password** via password reset email link.\n    \n\n### 🌍 Social Logins (OAuth)\n\n- **Google Login**\n    \n- **Facebook Login**\n    \n- **X (Twitter) Login**\n    \n\n### 🔑 Session Management\n\n- **MongoDB-based sessions** tied to refresh tokens.\n    \n- **Logout from other sessions** while keeping the current one active.\n    \n- Automatic **Access Token renewal** when expired (using Refresh Tokens).\n    \n\n### 🛡️ Security & Performance\n\n- **helmet** → secure HTTP headers.\n    \n- **express-rate-limit** → rate limiting for brute force / DDoS protection.\n    \n- **compression** → improves performance with response compression.\n    \n- **cookie-parser** → secure cookie handling.\n    \n- **JWT-based Authentication** with short-lived access tokens and refresh tokens.\n    \n\n### ⚙️ Architecture & Utilities\n\n- **Redis + Bull** → OTP storage and background job queue (email sending).\n    \n- **Centralized Error Handling** for cleaner code.\n    \n- **Logging** using morgan.\n    \n- **Email Worker** for async email handling (OTP, password reset, welcome emails).\n    \n- **Database**: MongoDB for users and sessions.\n    \n\n---\n\n### 📂 Core Routes\n\n#### 🔑 Authentication\n\n- `POST /api/auth/signup` → Create new account (OTP sent to email).\n    \n- `POST /api/auth/verify-email` → Verify email using OTP.\n    \n- `POST /api/auth/login` → Login with email and password.\n    \n- `POST /api/auth/logout` → Logout from the current session.\n    \n- `GET /api/auth/check-auth` → Check authentication status (protected route).\n    \n\n#### 🔒 Password Reset\n\n- `POST /api/auth/forgot-password` → Request password reset link.\n    \n- `POST /api/auth/reset-password/:token` → Reset password using token.\n    \n\n#### 🌐 Social Logins (OAuth)\n\n- `GET /api/auth/google` → Redirect to Google login.\n    \n- `GET /api/auth/google/callback` → Google login callback.\n    \n- `GET /api/auth/facebook` → Redirect to Facebook login.\n    \n- `GET /api/auth/facebook/callback` → Facebook login callback.\n    \n- `GET /api/auth/x` → Redirect to X (Twitter) login.\n    \n- `GET /api/auth/x/callback` → X login callback.\n    \n\n#### ⚙️ Sessions\n\n- `DELETE /api/auth/sessions/others` → Logout from all sessions except the current one.\n    \n\n---\n\n### 🛠️ Tech Stack\n\n- **Express.js** for server framework.\n    \n- **MongoDB + Mongoose** for user data management.\n    \n- **Redis** for caching, OTP, and session handling.\n    \n- **Nodemailer** (EmailService) for sending emails.\n    \n- **OAuth 2.0** integration with Google, Facebook, and X.\n    \n- **Security Middlewares**: Helmet, Rate-Limit, Cookie-Parser, Compression.\n    \n- **Error Handling** with centralized middleware.\n    \n- **Logging** with Morgan.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"37188310","collectionId":"a31ae842-5a8d-43fa-a429-cd3a0d2260a6","publishedId":"2sB3QFQsHy","public":true,"publicUrl":"https://documenter-api.postman.tech/view/37188310/2sB3QFQsHy","privateUrl":"https://go.postman.co/documentation/37188310-a31ae842-5a8d-43fa-a429-cd3a0d2260a6","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.0","publishDate":"2025-09-30T18:12:18.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[{"name":"Advanced-auth","id":"a0f474d0-7e4a-4b15-a021-7109d5819c97","owner":"37188310","values":[{"key":"baseURL","value":"","enabled":true,"type":"default"},{"key":"accessToken","value":"","enabled":true,"type":"any"},{"key":"refreshToken","value":"","enabled":true,"type":"any"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Advanced-auth","value":"37188310-a0f474d0-7e4a-4b15-a021-7109d5819c97"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sB3QFQsHy"}