admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b104fafa859eed266d2b32434f342a0728c8724b
pos-system/services/iam-service/docs/FEATURES.md
Ho Ngoc Hai b104fafa85 Refactor auth-service to iam-service and update related documentation 
- Renamed auth-service to iam-service across various files for consistency.
- Updated Dockerfiles, deployment configurations, and documentation to reflect the service name change.
- Enhanced testing commands in documentation to point to the new iam-service.
- Removed outdated auth-service files and configurations to streamline the project structure.
- Improved bilingual documentation for clarity on the new service structure and usage.
2025-12-30 20:54:21 +07:00

3.3 KiB
Raw Blame History

Features Implementation Status

Completed Features

Core Authentication

  • User Registration
  • User Login (Email/Password)
  • User Logout
  • Token Refresh
  • Change Password
  • Session Management

RBAC (Role-Based Access Control)

  • Roles Management
  • Permissions Management
  • User-Role Assignments
  • Direct User Permissions
  • Permission Caching
  • RBAC Middleware

ABAC (Attribute-Based Access Control)

  • Policy Engine
  • JSON Logic Evaluation
  • Time-based Access Control
  • Policy Management

Social Authentication

  • Google OAuth 2.0
  • Facebook OAuth
  • GitHub OAuth
  • Circuit Breaker Protection
  • Account Linking

OIDC (OpenID Connect)

  • OIDC Provider
  • Discovery Endpoint
  • Authorization Code Flow
  • Token Endpoint
  • UserInfo Endpoint
  • JWKS Endpoint
  • OIDC Client Support

JWT & Cookies

  • Access Tokens (15 min)
  • Refresh Tokens (7 days)
  • ID Tokens (OIDC)
  • Secure HTTP-only Cookies
  • CSRF Protection
  • Token Rotation

MFA (Multi-Factor Authentication)

  • TOTP Support
  • QR Code Generation
  • MFA Device Management
  • MFA Verification

Security Features

  • Zero-Trust Architecture
  • Device Fingerprinting
  • CSRF Protection
  • Dynamic Rate Limiting
  • Audit Logging
  • Event Sourcing

Performance

  • Multi-layer Caching (Memory → Redis)
  • Token Caching
  • Permission Caching
  • Connection Pooling

📋 API Endpoints Summary

Authentication (6 endpoints)

  • POST /api/v1/auth/register - Register
  • POST /api/v1/auth/login - Login
  • POST /api/v1/auth/logout - Logout
  • POST /api/v1/auth/refresh - Refresh token
  • POST /api/v1/auth/change-password - Change password
  • GET /api/v1/auth/me - Get current user

Social Auth (6 endpoints)

  • GET /api/v1/auth/google - Google OAuth
  • GET /api/v1/auth/google/callback - Google callback
  • GET /api/v1/auth/facebook - Facebook OAuth
  • GET /api/v1/auth/facebook/callback - Facebook callback
  • GET /api/v1/auth/github - GitHub OAuth
  • GET /api/v1/auth/github/callback - GitHub callback

OIDC (5 endpoints)

  • GET /.well-known/openid-configuration - Discovery
  • GET /api/v1/oidc/authorize - Authorization
  • POST /api/v1/oidc/token - Token exchange
  • GET /api/v1/oidc/userinfo - User info
  • GET /api/v1/oidc/jwks - JWKS

RBAC (5 endpoints)

  • GET /api/v1/rbac/permissions - Get permissions
  • POST /api/v1/rbac/roles/assign - Assign role
  • POST /api/v1/rbac/roles/revoke - Revoke role
  • POST /api/v1/rbac/permissions/grant - Grant permission
  • GET /api/v1/rbac/permissions/check - Check permission

MFA (5 endpoints)

  • POST /api/v1/mfa/totp/enable - Enable TOTP
  • POST /api/v1/mfa/totp/verify - Verify and enable
  • POST /api/v1/mfa/totp/validate - Validate token
  • POST /api/v1/mfa/disable - Disable MFA
  • GET /api/v1/mfa/devices - Get devices

Sessions (3 endpoints)

  • GET /api/v1/sessions - Get user sessions
  • DELETE /api/v1/sessions/:sessionId - Revoke session
  • DELETE /api/v1/sessions - Revoke all sessions

Total: 30+ API endpoints

🔄 Future Enhancements

  • WebAuthn Support
  • OIDC Multi-tenancy
  • Database Sharding
  • Multi-region Deployment
  • Advanced ML-based Behavior Analysis
  • GraphQL API
  • gRPC Support
Reference in New Issue View Git Blame Copy Permalink