IDAM - Identity and Access Management Service

Central identity management microservice for all Microscaler systems

Overview

IDAM (Identity and Access Management) is a critical infrastructure microservice that provides authentication, authorization, and user management functionality for all Microscaler systems, including:

• PriceWhisperer: Trading platform authentication
• RERP: Enterprise Resource Planning system authentication
• Future Microscaler Systems: Centralized identity management

Architecture

IDAM is built as an HTTP microservice using:

• BRRTRouter: OpenAPI-first HTTP router framework
• OpenAPI 3.1.0: API specification
• Rust: High-performance implementation
• Supabase GoTrue: Backend authentication provider
• Redis: Session storage and management

Service Communication

IDAM is an HTTP service, not a library. Other services communicate with IDAM via HTTP:

┌─────────────────┐
│  PriceWhisperer │
│   Microservices │
└────────┬────────┘
         │ HTTP
         │ (port 8003)
         ▼
┌─────────────────┐
│  IDAM Service   │
│  (Kubernetes)   │
└─────────────────┘
         │
         ▼
┌─────────────────┐
│  RERP Services  │
│  (HTTP calls)   │
└─────────────────┘

Features

• Email/Password Authentication: Traditional email/password login
• OAuth Integration: Google, GitHub, SAML support
• Phone OTP: SMS-based one-time password verification
• Dual OTP: Email and phone verification for enhanced security
• Email Validation: Integration with Abstract API for fraud prevention
• Phone Validation: Integration with Abstract API for VOIP/disposable detection
• Session Management: Redis-based session storage
• JWT Tokens: Token generation and validation
• User Identity Management: Single source of truth for user identities

Project Structure

idam/
├── Cargo.toml              # Workspace configuration
├── src/                    # IDAM service source code
│   ├── main.rs            # Service entry point
│   ├── registry.rs        # Generated route registry
│   ├── handlers/          # Generated request/response handlers
│   └── controllers/       # Business logic implementation
├── common/                 # Shared utilities crate
│   ├── src/
│   │   ├── email_validation.rs
│   │   ├── phone_validation.rs
│   │   ├── jwt.rs
│   │   ├── redis.rs
│   │   └── supabase.rs
│   └── Cargo.toml
├── openapi/               # OpenAPI specification
│   └── openapi.yaml
├── config/                 # Configuration files
│   └── config.yaml
└── static_site/            # Static documentation
    └── index.html

Dependencies

Required External Dependencies

• BRRTRouter: Must be available at ../BRRTRouter (or update path in Cargo.toml)
• Supabase GoTrue: Backend authentication service
• Redis: Session storage
• Abstract API: Email and phone validation (optional)

Internal Dependencies

• common crate: Shared utilities (email/phone validation, JWT, Redis, Supabase client)

Development

Prerequisites

• Rust toolchain (stable)
• BRRTRouter (in ../BRRTRouter or update path)
• Access to Supabase GoTrue instance
• Redis instance
• Abstract API keys (for validation features)

Building

# Build the IDAM service
cargo build --release

# Build with musl for static binary
cargo build --release --target x86_64-unknown-linux-musl

Running Locally

# Set environment variables
export PORT=8003
export REDIS_URL=redis://localhost:6379
export SUPABASE_URL=https://your-project.supabase.co
export SUPABASE_ANON_KEY=your-anon-key
export ABSTRACT_EMAIL_API_KEY=your-email-api-key
export ABSTRACT_PHONE_API_KEY=your-phone-api-key

# Run the service
cargo run

Regenerating from OpenAPI

If you modify the OpenAPI specification:

# Generate code from OpenAPI spec
../BRRTRouter/target/debug/brrtrouter-gen generate \
  --spec ./openapi/openapi.yaml \
  --output . \
  --force

Configuration

Configuration is managed via:

• Environment variables: Runtime configuration
• config/config.yaml: Default configuration
• Kubernetes ConfigMaps/Secrets: Production deployment

Key Configuration

• PORT: Service port (default: 8003)
• REDIS_URL: Redis connection string
• SUPABASE_URL: Supabase GoTrue endpoint
• SUPABASE_ANON_KEY: Supabase anonymous key
• ABSTRACT_EMAIL_API_KEY: Abstract API email validation key
• ABSTRACT_PHONE_API_KEY: Abstract API phone validation key

Deployment

IDAM is deployed as a Kubernetes microservice:

• Service Port: 8003
• NodePort: 30803 (development)
• Binary Name: identity_and_access_management_service_api

See deployment configuration in deployment-configuration/ (if present).

API Documentation

• OpenAPI Spec: openapi/openapi.yaml
• Generated Docs: doc/openapi.yaml (after generation)
• Interactive Docs: Available at service endpoint when running

Integration

Using IDAM in Other Systems

IDAM is used via HTTP API calls, not as a Rust library dependency.

Example HTTP Integration:

// In your microservice
use reqwest;

let client = reqwest::Client::new();
let response = client
    .post("http://idam-service:8003/api/identity/login")
    .json(&login_request)
    .send()
    .await?;

Git Dependency (for Building/Deploying)

If you need to build or deploy IDAM as part of another system:

# In your system's Cargo.toml
[dependencies]
idam = { git = "https://github.com/microscaler/idam", tag = "v1.0.0" }

Note: This is for building the IDAM binary, not for importing IDAM code. Runtime communication is via HTTP.

Versioning

IDAM follows semantic versioning:

• v1.0.0: Initial stable release
• v1.1.0: New features (backward compatible)
• v2.0.0: Breaking changes

Dependent systems should pin to specific versions:

idam = { git = "https://github.com/microscaler/idam", tag = "v1.0.0" }

License

Licensed under the PolyForm Shield License 1.0.0. See LICENSE for details.

Contributing

IDAM is critical infrastructure. Changes should be:

• Well-tested
• Backward compatible (or versioned appropriately)
• Documented
• Reviewed carefully

Related Documentation

• IDAM Architecture Analysis - Detailed architecture decisions
• Email Validation Analysis
• Phone Validation Analysis

---

Repository: https://github.com/microscaler/idam
License: PolyForm Shield 1.0.0