Overview
AuthKit is a production-ready identity microservice built on ASP.NET Core Identity. It ships with PKCE-enabled OAuth2 flows, short-lived JWTs with Redis-backed refresh token rotation, TOTP/FIDO2 MFA, and a self-service admin console. Exposes both REST and gRPC endpoints.
Key Challenge
Implementing token rotation in a distributed environment without introducing session fixation vulnerabilities.
Outcome
Successfully handles 5 000 auth requests/sec under load testing with p99 latency of 12 ms.
Technology Stack
.NET CoreASP.NET IdentityRedisPostgreSQLDockerJWTOAuth2gRPC