Identity & Access Management

Tech Stack

• Go
• JWT
• OAuth2
• TOTP
• RBAC

Key Features

• JWT authentication with access tokens, refresh tokens, session management, and token revocation
• Google OAuth 2.0 SSO — Single Sign-On via Google Workspace with reduced password management overhead
• Multi-factor authentication: Email OTP (login, account verification, password recovery) and TOTP via Google/Microsoft Authenticator
• Secure self-service password recovery with expiring reset tokens
• Encrypted API responses — sensitive payloads encrypted before delivery to clients
• Role-Based Access Control (RBAC) with authorization middleware

Architecture

Centralized identity service with multi-provider auth

• 1.Client apps authenticate via Identity Service (JWT + MFA + SSO)
• 2.Google OAuth handles federated identity flow and token exchange
• 3.User Database stores credentials, roles, and MFA configurations
• 4.Email Service handles OTP delivery for login and account recovery
• 5.TOTP Service generates and validates time-based one-time passwords

Use Cases

• Enterprise application authentication with stateless JWT
• Single Sign-On via Google Workspace integration
• Secure API access with RBAC-based authorization
• Self-service password recovery and account verification
• Multi-factor authentication for high-security endpoints

My Contributions

Technical Highlights

• Stateless JWT architecture with refresh token rotation prevents session fixation
• TOTP implementation compatible with Google Authenticator, Microsoft Authenticator, and Authy
• Payload encryption adds an additional layer over HTTPS for sensitive responses
• Centralized identity service supports multiple enterprise applications from one platform