Authentication API - A SSO Authentication and Authorisation Infrastructure for Web
| Main Author: | |
|---|---|
| Publication Date: | 2024 |
| Format: | Master thesis |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | http://hdl.handle.net/10400.22/27108 |
Summary: | Modern web applications leverage various login techniques, such as Single Sign-On (SSO), passkeys, and password-less authentication, to enhance user experience. Many SSO solutions exist, that enable users to log in once and be authenticated across multiple applications. In this project a custom web authentication system, tailored to the specific needs of a corporate team, was developed. In this team, the lack of web-based authentication infrastructure inhibited the transition from desktop to web applications. The primary objective was to develop a SSO authentication system that not only supports human users but also provides authentication for processes running without a browser, such as automated scripts which will not use SSO but Windows authentication instead. By utilising JSON Web Tokens (JWTs) and refresh tokens, the solution ensures authentication and fast re-authentication, while a distributed cache enables scalability allowing multiple instances to run concurrently. As a result, an Application Programming Interface (API) called AuthenticationApi was developed alongside three internal connection libraries to simplify integration for both web applications and services. A management console was also created to manage the whitelisting of clients, being them web applications or technical processes. The API was rigorously tested, achieving 96.1% code coverage through unit and integration tests, and successfully deployed in two geographical locations, New York and Paris. Structured logs were implemented, offering insights into API performance and usage patterns. Currently, the API is being used in production and serves as a key infrastructure component for the team. |
| id |
RCAP_d67435a09be48814f8a9d7bb34e6c303 |
|---|---|
| oai_identifier_str |
oai:recipp.ipp.pt:10400.22/27108 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
Authentication API - A SSO Authentication and Authorisation Infrastructure for WebAuthenticationWebSingle Sign OnJSON Web TokensPKCEModern web applications leverage various login techniques, such as Single Sign-On (SSO), passkeys, and password-less authentication, to enhance user experience. Many SSO solutions exist, that enable users to log in once and be authenticated across multiple applications. In this project a custom web authentication system, tailored to the specific needs of a corporate team, was developed. In this team, the lack of web-based authentication infrastructure inhibited the transition from desktop to web applications. The primary objective was to develop a SSO authentication system that not only supports human users but also provides authentication for processes running without a browser, such as automated scripts which will not use SSO but Windows authentication instead. By utilising JSON Web Tokens (JWTs) and refresh tokens, the solution ensures authentication and fast re-authentication, while a distributed cache enables scalability allowing multiple instances to run concurrently. As a result, an Application Programming Interface (API) called AuthenticationApi was developed alongside three internal connection libraries to simplify integration for both web applications and services. A management console was also created to manage the whitelisting of clients, being them web applications or technical processes. The API was rigorously tested, achieving 96.1% code coverage through unit and integration tests, and successfully deployed in two geographical locations, New York and Paris. Structured logs were implemented, offering insights into API performance and usage patterns. Currently, the API is being used in production and serves as a key infrastructure component for the team.Silva, Fábio André Souto daREPOSITÓRIO P.PORTOFernandes, José Pedro2025-01-16T11:27:26Z202420242024-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.22/27108urn:tid:203803760enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-07T10:24:54Zoai:recipp.ipp.pt:10400.22/27108Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T00:53:16.532903Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| title |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| spellingShingle |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web Fernandes, José Pedro Authentication Web Single Sign On JSON Web Tokens PKCE |
| title_short |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| title_full |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| title_fullStr |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| title_full_unstemmed |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| title_sort |
Authentication API - A SSO Authentication and Authorisation Infrastructure for Web |
| author |
Fernandes, José Pedro |
| author_facet |
Fernandes, José Pedro |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Silva, Fábio André Souto da REPOSITÓRIO P.PORTO |
| dc.contributor.author.fl_str_mv |
Fernandes, José Pedro |
| dc.subject.por.fl_str_mv |
Authentication Web Single Sign On JSON Web Tokens PKCE |
| topic |
Authentication Web Single Sign On JSON Web Tokens PKCE |
| description |
Modern web applications leverage various login techniques, such as Single Sign-On (SSO), passkeys, and password-less authentication, to enhance user experience. Many SSO solutions exist, that enable users to log in once and be authenticated across multiple applications. In this project a custom web authentication system, tailored to the specific needs of a corporate team, was developed. In this team, the lack of web-based authentication infrastructure inhibited the transition from desktop to web applications. The primary objective was to develop a SSO authentication system that not only supports human users but also provides authentication for processes running without a browser, such as automated scripts which will not use SSO but Windows authentication instead. By utilising JSON Web Tokens (JWTs) and refresh tokens, the solution ensures authentication and fast re-authentication, while a distributed cache enables scalability allowing multiple instances to run concurrently. As a result, an Application Programming Interface (API) called AuthenticationApi was developed alongside three internal connection libraries to simplify integration for both web applications and services. A management console was also created to manage the whitelisting of clients, being them web applications or technical processes. The API was rigorously tested, achieving 96.1% code coverage through unit and integration tests, and successfully deployed in two geographical locations, New York and Paris. Structured logs were implemented, offering insights into API performance and usage patterns. Currently, the API is being used in production and serves as a key infrastructure component for the team. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024 2024 2024-01-01T00:00:00Z 2025-01-16T11:27:26Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.22/27108 urn:tid:203803760 |
| url |
http://hdl.handle.net/10400.22/27108 |
| identifier_str_mv |
urn:tid:203803760 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833600740294131712 |