GSoC 2026 Introduction — Yuvraj Singh | Password Authentication Re-work

Community GSoC
1

About Me

Name: Yuvraj Singh University: AKGEC Ghaziabad, India (3rd year CSE) Stack: Java 17 · Spring Boot · Spring Security · JWT · JPA/Hibernate · MySQL · React GitHub: GitHub - 0-YuvrajSingh/medvault: Patient record management & appointment scheduling platform with JWT auth, RBAC, and AOP audit logging · GitHub

I’ve completed internships at IBM and Infosys Springboard focused on REST API development and endpoint security. My project MedVault is a healthcare platform with Spring Security-based RBAC, JWT auth, and AOP audit logging.

Project: Password Authentication Re-work

Problem Statement

OpenMRS’s password system hasn’t been updated since ~2009. It lacks:

  • Configurable work factors / hash iterations
  • Support for modern algorithms (BCrypt, Argon2)
  • Integration with Spring Security’s PasswordEncoder abstraction
  • A safe upgrade path for existing hashed passwords

Proposed Solution

  1. Audit current password handling in UserServiceImpl
  2. Migrate to Spring Security PasswordEncoder (BCrypt default)
  3. Implement transparent re-hashing on successful login
  4. Optionally: build on top of the existing authentication module for TOTP/MFA readiness
  5. Full test coverage — no existing user should be locked out

Timeline (12 weeks)

  • Week 1-2: Community bonding, codebase audit, JIRA setup
  • Week 3-4: Design doc, community review, finalize approach
  • Week 5-7: Core PasswordEncoder migration + unit tests
  • Week 8-9: Transparent upgrade mechanism + integration tests
  • Week 10-11: Migration safety testing, edge cases, docs
  • Week 12: Final polish, PR review, submission

Why Me

Spring Security is my primary domain. I’ve implemented JWT pipelines, secured 10+ endpoints with role-based access, and dealt with auth upgrade paths in production-like environments.

Questions for the Community

  1. Is there an existing JIRA ticket or prior discussion on this I should link?
  2. Should this be scoped as small (~90h) or medium (~175h)?
  3. What good-first-issue would you recommend to get started before March 28?

@jayasanka @ibacher — any guidance welcome!

Seeking mentor for "Password Authentication Re-work" — GSoC 2026
2

Hay is this your GSoC proposa?

3

Hi @wedson! No, this isn’t the proposal itself — this is my introduction post to connect with the OpenMRS community and find a mentor before the application period closes.

The actual GSoC proposal will be submitted on the official Google Summer of Code portal (summerofcode.withgoogle.com) before the deadline. I’m currently working on the full proposal draft for the “Password Authentication Re-work” project.

Happy to share more details about the idea if you’re interested! :blush:

4

ohh cool :grinning_face:……thank you, Actually I asked thinking It was your proposal and yet it should be private you and your mentor