Loading...
Publication
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| DM_JoséFernandes_MEI_2024 | 4.39 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Modern web applications leverage various login techniques, such as Single Sign-On (SSO), passkeys, and password-less authentication, to enhance user experience. Many SSO solutions
exist, that enable users to log in once and be authenticated across multiple applications.
In this project a custom web authentication system, tailored to the specific needs
of a corporate team, was developed. In this team, the lack of web-based authentication
infrastructure inhibited the transition from desktop to web applications. The primary
objective was to develop a SSO authentication system that not only supports human
users but also provides authentication for processes running without a browser, such as
automated scripts which will not use SSO but Windows authentication instead. By utilising
JSON Web Tokens (JWTs) and refresh tokens, the solution ensures authentication
and fast re-authentication, while a distributed cache enables scalability allowing multiple
instances to run concurrently. As a result, an Application Programming Interface (API)
called AuthenticationApi was developed alongside three internal connection libraries to
simplify integration for both web applications and services. A management console was
also created to manage the whitelisting of clients, being them web applications or technical
processes. The API was rigorously tested, achieving 96.1% code coverage through
unit and integration tests, and successfully deployed in two geographical locations, New
York and Paris. Structured logs were implemented, offering insights into API performance
and usage patterns. Currently, the API is being used in production and serves as a key
infrastructure component for the team.
Description
Keywords
Authentication Web Single Sign On JSON Web Tokens PKCE