Authentication & Authorization

This document provides a clear overview of the Midaz authentication and authorization system, highlighting the key services and technologies involved, as well as the differences between SaaS (Software as a Service) and open-source models. The structure is based on solutions provided by Ory, a company renowned for its identity management and security tools.

Authentication Flows

• Registration: Users can register through browser interfaces or via API, filling out forms that request personal and access information.

• Login: After registration, login can be performed using established credentials, with the platform ensuring data verification and security.

Identity Management and Authentication

This feature handles everything related to user identities in an application. It includes user registration, login, and user profile management. The system supports various authentication methods, such as traditional username and password, social logins (using accounts from Google, Facebook, etc.), and passwordless mechanisms. Advanced security features like multi-factor authentication (MFA) and account recovery options are also integrated, ensuring that user accounts are protected against unauthorized access.

• Benefits:

  • User registration and login.

  • Supports multifactor authentication and password recovery.

  • Integration with various identity providers.

Token Issuance and Management

In modern applications, especially those using microservices architectures, managing secure access through tokens is crucial. This feature involves issuing access tokens after users authenticate themselves. These tokens are used to grant access to various parts of an application or service. The system ensures that these tokens adhere to standard protocols like OAuth 2.0 and OpenID Connect, providing compatibility and security for accessing resources.

• Benefits:

  • Secure and scalable integration of token-based authentication.

  • Implements OpenID Connect to provide identity verification on top of OAuth 2.0, enhancing security with ID tokens.

Authorization and Access Control

This aspect deals with determining what authenticated users are allowed to do within the application. It can implement various models of access control, such as role-based access control (RBAC) and attribute-based access control (ABAC). These models help define complex policies that determine how users interact with different resources based on their roles, attributes, or other context-specific details.

• Benefits:

  • Definition of granular and flexible access policies.

  • Utilizes attribute-based access control (ABAC) to allow for dynamic permission settings based on user attributes.

Identity and Access Proxy

This feature acts as a security gateway that handles all incoming HTTP requests to your services. It ensures that these requests are properly authenticated and authorized before allowing them to proceed to the backend services. This includes verifying tokens, transforming credentials, and potentially enriching the request context with additional user information. It acts as a safeguard, ensuring that only valid, authenticated, and authorized requests are processed by your application.

The Midaz authentication and authorization system is designed to be robust and adaptable, using best practices and available tools. Collaboration with Ory helps keep the system up-to-date and secure, meeting contemporary needs for digital security and identity management.

This document has been simplified to facilitate understanding for clients and stakeholders, removing complex technical details while retaining essential information about the system's operation and benefits.