Silva, Fábio André Souto daFernandes, José Pedro2025-01-162025-01-1620242024http://hdl.handle.net/10400.22/27108Modern web applications leverage various login techniques, such as Single Sign-On (SSO), passkeys, and password-less authentication, to enhance user experience. Many SSO solutions exist, that enable users to log in once and be authenticated across multiple applications. In this project a custom web authentication system, tailored to the specific needs of a corporate team, was developed. In this team, the lack of web-based authentication infrastructure inhibited the transition from desktop to web applications. The primary objective was to develop a SSO authentication system that not only supports human users but also provides authentication for processes running without a browser, such as automated scripts which will not use SSO but Windows authentication instead. By utilising JSON Web Tokens (JWTs) and refresh tokens, the solution ensures authentication and fast re-authentication, while a distributed cache enables scalability allowing multiple instances to run concurrently. As a result, an Application Programming Interface (API) called AuthenticationApi was developed alongside three internal connection libraries to simplify integration for both web applications and services. A management console was also created to manage the whitelisting of clients, being them web applications or technical processes. The API was rigorously tested, achieving 96.1% code coverage through unit and integration tests, and successfully deployed in two geographical locations, New York and Paris. Structured logs were implemented, offering insights into API performance and usage patterns. Currently, the API is being used in production and serves as a key infrastructure component for the team.engAuthenticationWebSingle Sign OnJSON Web TokensPKCEmaster thesis203803760