SID-AUTH-02 — JWT Bearer Token Session Management

Property	Value
Owner	platform
Category	technical
CSF Function	protect
Group	Authentication Controls

Description

Authenticated sessions managed via JWT bearer tokens with configurable TTL. Token middleware validates every request, extracting user_id and tenant_id claims. Supports token blacklisting. Admin API uses separate constant-time token validation.

Components

Wallet Backend (Go)

Source References

go-wallet-backend/middleware/auth.go

Framework Requirements

EUDI Security Requirements: WUH-8.3.1-Sec-02, WUH-8.3.1-Sec-06, CS-I.3-WUS

ISO 27001 Annex A: A.5.15, A.8.5

OWASP ASVS 4.0.3 Level 3: V1.2, V3.1, V3.2, V3.3, V3.4, V3.5, V3.7

STRIDE Threat Model: WF-S-1, WB-S-1, CC-D-1

Description​

Components​

Source References​

Framework Requirements​

Description

Components

Source References

Framework Requirements