VSN-2933/ feat(auth) : add token session validation filter for mobile requests
This mr adds a session validation filter for mobile app requests :
TokenValidationFilter (GlobalFilter)
- Intercepts all requests carrying the
X-Client-Type: vsn-mobileheader - Calls
GET /api/user/internal/validate-sessionon the user service, which performs Keycloak token introspection - If the session is revoked → returns 401 → the mobile Axios interceptor triggers automatic logout
- Fail open: if the user service is unreachable, the request is allowed through
- The validation endpoint itself is excluded from the filter to prevent an infinite loop
Config
application.yml — added session.validation-uri pointing to the user service