Identity Service Architecture
The Identity Service handles all authentication, user management, and authorization concerns.
Module Structure
Key Responsibilities
- OAuth 2.0 / OIDC authentication (Google, GitHub, Microsoft)
- AWS Cognito integration for credential management
- JWT token issuance and refresh
- Multi-tenant context (tenant switching)
- RBAC role and permission management
- User preferences (timezone, theme, notifications)
Guards & Middleware
| Guard | Purpose |
|---|---|
JwtAuthGuard | Validates JWT signature and expiry |
TenantGuard | Extracts and validates tenant context |
RolesGuard | Enforces role-based access |
PermissionsGuard | Enforces granular permissions |