The Design And Implementation Of Stubhub Unified Authentication And Authorization Platform

Under the company's original technology system,all services were deployed and run on servers maintained by the company.However,due to the high cost of physical servers,low resource utilization,and low security,all the original services will be migrated to the cloud,taking full advantage of the high availability,scalability,and other advantages of cloud computing.In addition,the technical architecture used by the original service is a bit outdated.When the service is migrated to the cloud,it needs to be re-separated and designed so that it can better respond to business changes later.In order to solve the above problems,the microservices architecture is adopted when migrating services,and calls between services are passed through RESTful APIs.Authentication needs to be considered in the process of mutual calls between services.Under the previous technical system,an authentication scheme in which a single gateway assumes all requests is adopted.However,this method has risk of single point of failure when the number of services and requests is increasing.Therefore,the distributed authentication solution is designed,which combines OAuth 2.0 and JWT standards,and assigns token verification to each resource server to do it itself,thereby improving concurrency.Before authentication,the requesting party needs to be identified.Therefore,this thesis also designs a unified identity authentication scheme,including the authentication of users using external products and the authentication of internal employees using internal tool platforms.The OIDC standard is adopted by the identity authentication solution and the third-party identity provider(IDP)is integrated to provide users with richer authentication methods.Because the unified authentication and authorization solution is designed as a set of microservices,it can be easily integrated with other domain teams or third-party partners.In addition to the core identity authentication and authorization function modules,the fraud detection module,the user information management module,and the audit module are also included.The platform is split into multiple microservices,and the webflux framework is used for development to take full advantage of its reactive programming features to improve service performance.Behavioral data logging uses Google's Pub/Sub to publish and consume log data using a message flow model of publishing and subscribing.The Unified Authentication and Authorization Platform successfully solves the authentication needs of inter-services invocation under the new microservices architecture.And the platform unifies the authentication portals of each tool platform,thus promoting the evolution of enterprise applications to platformization and providing the necessary conditions for building open platforms and business ecologies.Each service included in the Unified Authentication and Authorization Platform is online and running with stable performance,and is faster and more agile when responding to changes of requirement.