One of the largest manufacturer of automobiles and motorcycles is developing their Connected Drive Platform which is an intelligent network of information, communication and driver assistance systems inside and outside of the vehicle.
Back-end
Microservices architecture and design for Automotive
THE CUSTOMER
THE REQUIREMENTS
Our customer requested an Identity and Access Management solution (IAM) which includes Authentication, Authorization, OpenID Connect Support, Single Sign On (SSO), Two factor authentication and One-time password (OTP) authentication.
THE CHALLENGE
The authentication and authorization in the microservices architecture involves scenarios that are more complex, involving users accessing microservice applications, third-party applications accessing microservice applications, and multiple microservice applications accessing each other.
Besides the functional and security related requirements, the login service needed to fulfill two non-functional requirements: Quick response time and high availability. Therefore, the service implementation needed to focus on fast and scalable approaches.
Case details
Client name:
Confidential
Completed:
1 year, 5 developers
Category:
Back-end development
PROVIDED SOLUTION
Microservice Architecture
We developed an authentication system in a microservice architecture.
Cloud architecture
Our solution is designed as native cloud services, container based and Docker friendly. It uses high throughput async operations with a very small memory footprint.
Highly scalable solution
It can support millions of users and thousands of clients and services with scopes. It can easily handle thousands of concurrent users per instance and each microservice can be scaled individually. The solution is designed for scalability so that you can have thousands of instances running at the same time in a Kubernetes cluster.
JSON Web Token
Distributed authentication & authorisation system that uses JSON Web Token (JWT) encoding and also provides enterprise level encryption.
Design patterns
We used the Circuit Breaker pattern to improve the stability and resiliency of services.
We used Command and Query Responsibility Segregation (CQRS) pattern to maximize performance, scalability, and security.
OAuth 2.0 specifications
It was designed as microservices based OAuth 2.0 specifications and it has multiple services and endpoints to support user login, access token, user registration, service registration, client registration and public key certificate distribution, integrated with existing Active Directory, LDAP and SQL/NoSQL customer databases.
KEY PRODUCT FEATURES
• The platform connects vehicles with digital services and offers driver assistance, travel guide, parking assistance, car control from smartphone, CoPilot driver assistance, connected parking, real time traffic information, etc.
• IAM is responsible for all user account life cycle management (sign up, activation, deletion), user account support services (change password, reset password, change login id, change secret knowledge), authentication (login, secret knowledge) and authorization.
• The service supports the OpenID Connect protocol as a mean to authenticate customers for using federated external service providers.
• Authentication Requests follows the Implicit Flow path described in OpenID Connect specification.
• Customers can login by using a one-time password (OTP) instead of a password that is stored in their account. After requesting an OTP at the front-end, the user receives one-time password via SMS or email and can enter this for authentication. The password is invalidated after the single use.
• The user can login with social accounts like Google, Facebook, Microsoft, LinkedIn.
• We implemented a centralized logging solution and tracing and correlating Id’s into the log from each service. Service logs will be aggregated with ElasticSearch, LogStash and Kibana with monitoring and alerting.
• The single sign on (SSO) tokens are implemented using the JSON Web Token (JWT) standard and the peripheral standards for JSON Web Encryption (JWE), JSON Web Signature (JWS) and JSON Web Key (JWK).
• The main features of the JSON Web Token (JWT) are the identification and the authorization of customers. The token-based authentication is a stateless authentication mechanism as the user state is never saved in the server memory or in a database. As JWTs are self-contained, all the necessary information is there, reducing the need of going back and forward to the database or to other back-end-systems.
• The OAuth2 services are integrated with existing Active Directory, LDAP and SQL / NoSQL customer databases for authentication.
THE OUTCOME
We developed a solution which is fast, flexible and efficient in providing new and innovative services to the end customers.
Identity and Access Management solution is deployed in a productive environment and suits all functional, security and performance related requirements.
Our provided solution has a comprehensive set of features for which we used different resilient strategies and patterns to guarantee high availability and resilience.