Skip to main content

Identity

API

Identity is an ASP.NET Core service responsible for authenticating users via the OpenID specification, as well as authenticating service-to-service requests. Built around IdentityServer4, it adheres to all OpenID requirements and offers a range of extensions:

  • User activation/deactivation
  • Login authentication
  • Multi-factor authentication (MFA)
  • MFA settings
  • Password reset
  • Locking user accounts upon reaching the maximum limit of incorrect attempts, as well as unlock functionality

In addition to these features, Identity provides comprehensive token-based authentication mechanisms. It utilizes Access Tokens, Session Management, and Identity Tokens to ensure secure authentication and authorization processes.

Access Tokens are used to grant access to protected resources, and they contain information about the user's permissions and roles. Session Management is employed to manage user sessions securely, allowing users to stay authenticated across multiple interactions with the application.

Identity Tokens are JWTs (JSON Web Tokens) that contain information about the authenticated user and are used to represent the user's identity. They are typically included in authentication responses and can be used by client applications to obtain user information.

Furthermore, Identity employs the Auth Code Flow with PKCE (Proof Key for Code Exchange) to ensure the security of the authentication process. This flow involves multiple steps, including the exchange of an authorization code for an access token and refresh token, and the use of PKCE to mitigate authorization code interception attacks.

The decision to develop Identity as a single C# project is driven by the small scope of responsibility of this service and its primarily technical nature. This approach ensures that the service remains focused on its core functionality, simplifying development and maintenance processes. Additionally, consolidating the service into a single project enhances code organization and promotes cohesive design principles, making it easier to understand and maintain over time. We opted against complicating the project structure without a clear reason to do so, prioritizing simplicity and maintainability.

Overall, Identity provides a robust and secure authentication infrastructure, allowing applications to implement flexible and reliable authentication mechanisms while adhering to industry standards and best practices.

In addition to its authentication features, Identity offers seamless integration capabilities and supports independent deployment.

Integration with existing systems is facilitated through REST endpoints, allowing IdentityServer4 to synchronize with other applications synchronously or asynchronously via messaging queues such as AMQP (MassTransit with Service Bus transport). This integration enables Identity to operate as a standalone unit, communicating with other services to ensure consistent user authentication across the entire application ecosystem.

Client

The client-side application is built with Preact and Typescript, allowing it to leverage all the features provided by Preact, such as virtual DOM and efficient rendering of components, contributing to high performance and responsive interface. Utilizing Typescript provides static typing, helping to identify errors during development and facilitating code maintenance. Additionally, Preact and Typescript enable the creation of compact and scalable applications while remaining lightweight and fast.