admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ae24a7bc87f451d2df45fbb2bead0bf3d8a52ff
pos-system/services/iam-service/docs/FEATURES.md
Ho Ngoc Hai af303eaf7b Enhance IAM Service documentation with comprehensive updates 
- Expanded the IAM Service README to include a detailed overview, features showcase, and quick start guide.
- Updated API reference with new endpoints for health checks and identity management.
- Improved implementation details, including completed features and module dependencies.
- Enhanced architecture documentation with clear diagrams and structured sections for better understanding.
- Added quick reference tables for API endpoints across various modules, improving accessibility for developers.

These changes aim to provide a clearer, more comprehensive understanding of the IAM Service's capabilities and usage.
2026-01-02 00:39:14 +07:00

9.3 KiB
Raw Blame History

Features Implementation Status

Completed Features

Core Authentication

  • User Registration
  • User Login (Email/Password)
  • User Logout
  • Token Refresh
  • Change Password
  • Session Management

RBAC (Role-Based Access Control)

  • Roles Management
  • Permissions Management
  • User-Role Assignments
  • Direct User Permissions
  • Permission Caching
  • RBAC Middleware

ABAC (Attribute-Based Access Control)

  • Policy Engine
  • JSON Logic Evaluation
  • Time-based Access Control
  • Policy Management

Social Authentication

  • Google OAuth 2.0
  • Facebook OAuth
  • GitHub OAuth
  • Circuit Breaker Protection
  • Account Linking

OIDC (OpenID Connect)

  • OIDC Provider
  • Discovery Endpoint
  • Authorization Code Flow
  • Token Endpoint
  • UserInfo Endpoint
  • JWKS Endpoint
  • OIDC Client Support

JWT & Cookies

  • Access Tokens (15 min)
  • Refresh Tokens (7 days)
  • ID Tokens (OIDC)
  • Secure HTTP-only Cookies
  • CSRF Protection
  • Token Rotation

MFA (Multi-Factor Authentication)

  • TOTP Support
  • QR Code Generation
  • MFA Device Management
  • MFA Verification

Security Features

  • Zero-Trust Architecture
  • Device Fingerprinting
  • CSRF Protection
  • Dynamic Rate Limiting
  • Audit Logging
  • Event Sourcing

Identity Management

  • User Lifecycle Management (CRUD)
  • User Deactivation & Reactivation
  • Bulk User Import/Export
  • Extended User Profiles
  • Profile Avatar Management
  • Email Verification
  • Phone Verification
  • Multi-Tenant Organizations
  • Organization Hierarchy
  • Groups with Hierarchical Structure
  • Group Member Management

Access Management

  • Access Request Workflows
  • Multi-Person Approval Chains
  • Access Request Approval/Rejection
  • Access Reviews & Certification
  • Access Review Campaigns
  • Access Review Items
  • Access Usage Analytics
  • Permission Analytics
  • User Access Summary
  • Risk Analytics

Governance & Compliance

  • GDPR Compliance Reporting
  • SOC2 Compliance Reporting
  • ISO27001 Compliance Reporting
  • HIPAA Compliance Support
  • Compliance Report Generation
  • Compliance Report Export
  • Policy Templates
  • Policy Versioning
  • Policy Testing
  • Risk Scoring
  • Risk Dashboard
  • Access Summary Reports
  • User Activity Reports
  • Security Events Reports
  • Compliance Status Reports
  • Risk Overview Reports

Performance

  • Multi-layer Caching (Memory → Redis)
  • Token Caching
  • Permission Caching
  • Connection Pooling

📋 API Endpoints Summary

Health (3 endpoints)

  • GET /health - Basic health check
  • GET /health/ready - Readiness probe
  • GET /health/live - Liveness probe

Authentication (6 endpoints)

  • POST /api/v1/auth/register - Register
  • POST /api/v1/auth/login - Login
  • POST /api/v1/auth/logout - Logout
  • POST /api/v1/auth/refresh - Refresh token
  • POST /api/v1/auth/change-password - Change password
  • GET /api/v1/auth/me - Get current user

Social Auth (6 endpoints)

  • GET /api/v1/auth/google - Google OAuth
  • GET /api/v1/auth/google/callback - Google callback
  • GET /api/v1/auth/facebook - Facebook OAuth
  • GET /api/v1/auth/facebook/callback - Facebook callback
  • GET /api/v1/auth/github - GitHub OAuth
  • GET /api/v1/auth/github/callback - GitHub callback

OIDC (5 endpoints)

  • GET /.well-known/openid-configuration - Discovery
  • GET /api/v1/oidc/authorize - Authorization
  • POST /api/v1/oidc/token - Token exchange
  • GET /api/v1/oidc/userinfo - User info
  • GET /api/v1/oidc/jwks - JWKS

RBAC (5 endpoints)

  • GET /api/v1/rbac/permissions - Get permissions
  • POST /api/v1/rbac/roles/assign - Assign role
  • POST /api/v1/rbac/roles/revoke - Revoke role
  • POST /api/v1/rbac/permissions/grant - Grant permission
  • GET /api/v1/rbac/permissions/check - Check permission

MFA (5 endpoints)

  • POST /api/v1/mfa/totp/enable - Enable TOTP
  • POST /api/v1/mfa/totp/verify - Verify and enable
  • POST /api/v1/mfa/totp/validate - Validate token
  • POST /api/v1/mfa/disable - Disable MFA
  • GET /api/v1/mfa/devices - Get devices

Sessions (3 endpoints)

  • GET /api/v1/sessions - Get user sessions
  • DELETE /api/v1/sessions/:sessionId - Revoke session
  • DELETE /api/v1/sessions - Revoke all sessions

Identity Management (30 endpoints)

User Management (8 endpoints)

  • GET /api/v1/identity/users - List users
  • GET /api/v1/identity/users/:id - Get user
  • PUT /api/v1/identity/users/:id - Update user
  • DELETE /api/v1/identity/users/:id - Delete user
  • POST /api/v1/identity/users/:id/deactivate - Deactivate user
  • POST /api/v1/identity/users/:id/reactivate - Reactivate user
  • POST /api/v1/identity/users/bulk-import - Bulk import users
  • GET /api/v1/identity/users/bulk-export - Bulk export users

Profile Management (4 endpoints)

  • GET /api/v1/identity/users/:id/profile - Get profile
  • PUT /api/v1/identity/users/:id/profile - Update profile
  • POST /api/v1/identity/users/:id/profile/avatar - Upload avatar
  • DELETE /api/v1/identity/users/:id/profile/avatar - Delete avatar

Identity Verification (5 endpoints)

  • POST /api/v1/identity/verification/email/request - Request email verification
  • POST /api/v1/identity/verification/email/verify - Verify email
  • POST /api/v1/identity/verification/phone/request - Request phone verification
  • POST /api/v1/identity/verification/phone/verify - Verify phone
  • GET /api/v1/identity/verification/:id/status - Get verification status

Organizations (5 endpoints)

  • GET /api/v1/identity/organizations - List organizations
  • POST /api/v1/identity/organizations - Create organization
  • GET /api/v1/identity/organizations/:id - Get organization
  • PUT /api/v1/identity/organizations/:id - Update organization
  • DELETE /api/v1/identity/organizations/:id - Delete organization
  • GET /api/v1/identity/organizations/:id/users - Get organization users

Groups (8 endpoints)

  • GET /api/v1/identity/organizations/:id/groups - List groups
  • POST /api/v1/identity/organizations/:id/groups - Create group
  • GET /api/v1/identity/groups/:id - Get group
  • PUT /api/v1/identity/groups/:id - Update group
  • DELETE /api/v1/identity/groups/:id - Delete group
  • GET /api/v1/identity/groups/:id/members - Get group members
  • POST /api/v1/identity/groups/:id/members - Add member to group
  • DELETE /api/v1/identity/groups/:id/members/:userId - Remove member from group

Access Management (16 endpoints)

Access Requests (6 endpoints)

  • GET /api/v1/access/requests - List access requests
  • POST /api/v1/access/requests - Create access request
  • GET /api/v1/access/requests/:id - Get access request
  • PUT /api/v1/access/requests/:id/approve - Approve request
  • PUT /api/v1/access/requests/:id/reject - Reject request
  • DELETE /api/v1/access/requests/:id - Cancel request

Access Reviews (7 endpoints)

  • GET /api/v1/access/reviews - List access reviews
  • POST /api/v1/access/reviews - Create access review
  • GET /api/v1/access/reviews/:id - Get access review
  • POST /api/v1/access/reviews/:id/start - Start review
  • POST /api/v1/access/reviews/:id/complete - Complete review
  • GET /api/v1/access/reviews/:id/items - Get review items
  • PUT /api/v1/access/reviews/:id/items/:itemId/review - Review item

Access Analytics (4 endpoints)

  • GET /api/v1/access/analytics/usage - Get usage analytics
  • GET /api/v1/access/analytics/permissions - Get permission analytics
  • GET /api/v1/access/analytics/users/:id/summary - Get user access summary
  • GET /api/v1/access/analytics/risks - Get risk analytics

Governance (17 endpoints)

Compliance Reports (5 endpoints)

  • GET /api/v1/governance/compliance/reports - List compliance reports
  • POST /api/v1/governance/compliance/reports/generate - Generate report
  • GET /api/v1/governance/compliance/reports/:id - Get report
  • GET /api/v1/governance/compliance/reports/:id/export - Export report
  • POST /api/v1/governance/compliance/reports/:id/publish - Publish report

Policy Governance (4 endpoints)

  • GET /api/v1/governance/policies/templates - List policy templates
  • POST /api/v1/governance/policies/templates - Create template
  • GET /api/v1/governance/policies/:id/versions - Get policy versions
  • POST /api/v1/governance/policies/:id/test - Test policy

Risk Management (4 endpoints)

  • GET /api/v1/governance/risk/scores - List risk scores
  • GET /api/v1/governance/risk/scores/:userId - Get user risk score
  • POST /api/v1/governance/risk/calculate - Calculate risk
  • GET /api/v1/governance/risk/dashboard - Get risk dashboard

Reporting (5 endpoints)

  • GET /api/v1/governance/reports/access-summary - Access summary report
  • GET /api/v1/governance/reports/user-activity - User activity report
  • GET /api/v1/governance/reports/security-events - Security events report
  • GET /api/v1/governance/reports/compliance-status - Compliance status report
  • GET /api/v1/governance/reports/risk-overview - Risk overview report

Monitoring (1 endpoint)

  • GET /metrics - Prometheus metrics

Total: 50+ API endpoints

🔄 Future Enhancements

  • WebAuthn Support
  • OIDC Multi-tenancy
  • Database Sharding
  • Multi-region Deployment
  • Advanced ML-based Behavior Analysis
  • GraphQL API
  • gRPC Support
Reference in New Issue View Git Blame Copy Permalink