SID-AUTH-02 — JWT Bearer Token Session Management

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Authentication Controls

Description

Authenticated sessions managed via JWT bearer tokens with configurable TTL. Token middleware validates every request, extracting user_id and tenant_id claims. Supports token blacklisting. Admin API uses separate constant-time token validation.

Components

Wallet Backend (Go)

Source References

go-wallet-backend/middleware/auth.go

Audit Findings

Finding	Severity	Status
EN-S-4 — Partial wallet unit security and lifecycle	medium	in progress
EN-P-5 — Partial user authentication and session controls	high	in progress
ISO-T-5 — Partial endpoint and privileged access controls	medium	open

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings