Theme

De.Auth Architecture

The de.auth service is designed as a secure authentication provider for the De. platform, enabling phone-based verification, account management, and secure user sessions.

System Architecture

Client Appsacme.comMobile Appsmobile.acme.comPartner Services@acme/partnersde.authauth.dedot.ioGatewayAuth RoutesUser MgmtSessionsMongoDBUsers/AuthSMS ServiceProviderEmail ServiceProvider

Authentication Flow

The authentication flow in de.auth is based on phone number verification:

Clientde.authSMS ProviderMongoDBPOST /signin (phone)Store verification codeSend verification SMSReturn next=verifyPOST /verification (phone, pvc)Validate verification codealt [New user]Return next=create-accountPOST /set-account (user data)Create user accountReturn ctoken & deviceId[Existing user]

Component Architecture

Client ApplicationsGatewayCORSForm ParserError HandlersAuth RoutesSignin/VerificationSession MgmtMiddlewareAuthorizationUser RoutesProfile MgmtSettingsUtilitiesFile UploadAvatar/DocsAuthenticationServicesPhone VerificationUser ProfileServicesProfile ManagementFile UploadServicesStorageData ServicesMongoDB

Database Schema

Users Collection

json
{
  "profile": {
    "firstName": "John",
    "lastName": "Doe",
    "phone": "+1234567890",
    "email": "[email protected]",
    "photo": "https://storage.dedot.io/profile/user123.jpg",
    "country": {
      "code": "US",
      "name": "United States"
    }
  },
  "account": {
    "uid": "user_12345",
    "type": "PERSONAL",
    "isRestricted": false,
    "agreeTerms": true,
    "settings": {
      "theme": {
        "mode": "auto",
        "fontSize": "normal"
      },
      "notification": {
        "push": "token123",
        "sms": false,
        "email": true
      },
      "privacy": {
        "publicView": false
      }
    }
  },
  "connection": {
    "lastOnline": 1642561234567,
    "devices": {
      "device_123": {
        "isConnected": true,
        "status": "activated",
        "ctoken": "connection_token_123",
        "datetime": 1642561234567,
        "platform": "iOS",
        "model": "iPhone 13",
        "country": "United States",
        "city": "New York"
      }
    },
    "history": [
      {
        "deviceId": "device_123",
        "status": "SIGNIN",
        "userAgent": "Mobile App 1.0",
        "service": "MyService",
        "datetime": 1642561234567,
        "country": "United States",
        "city": "New York"
      }
    ]
  },
  "datetime": 1642561234567
}

Auth Collection

json
{
  "phone": "+1234567890",
  "code": 123456,
  "device": {
    "platform": "iOS",
    "model": "iPhone 13",
    "userAgent": "Mobile App 1.0",
    "service": "MyService"
  },
  "sms": {
    "delay": 60,
    "sentAt": 1642561234567
  },
  "expiry": 1642564834567
}

Security Features

  1. Phone Number Verification

    • One-time verification codes
    • Expiry mechanism for verification codes
    • Rate limiting for SMS sending

  2. Session Management

    • Device tracking and fingerprinting
    • Connection token generation and validation
    • Last activity tracking

  3. Request Authorization

    • Header-based authentication
    • Role-based access control
    • Service identification

  4. Security Headers

    • CORS protection
    • Content security policies
    • Rate limiting headers

  5. Error Handling

    • Sanitized error responses
    • Detailed logging (development only)
    • Graceful fallbacks