Identity Service Overview

The Identity Service is the central authentication and authorization microservice for the Vecton platform. It handles user identity management, multi-factor authentication, and secure access control across all platform services.

Purpose

The Identity Service provides:

Centralized Authentication - Single sign-on for all Vecton services
Multi-tenant Support - Complete tenant isolation with UUID-based identification
Enterprise Security - 2FA, PIN codes, and advanced password policies
OAuth2 Integration - System-to-system authentication for microservices
Audit Trail - Complete logging of all authentication events

Architecture

┌─────────────────────────────────────────────────────────────┐
│                     Identity Frontend                        │
│                   (Vue 3 + Vuexy + TypeScript)               │
└─────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│                     Identity Backend                         │
│                    (Laravel 12 + Sanctum)                    │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐ │
│  │    Auth     │  │    2FA      │  │   Password Policy   │ │
│  │   Module    │  │   Module    │  │      Module         │ │
│  └─────────────┘  └─────────────┘  └─────────────────────┘ │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐ │
│  │    PIN      │  │   Devices   │  │    OAuth2/System    │ │
│  │   Module    │  │   Module    │  │       Auth          │ │
│  └─────────────┘  └─────────────┘  └─────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│              PostgreSQL + Redis                              │
└─────────────────────────────────────────────────────────────┘

Key Features

Authentication

JWT token-based authentication using Laravel Sanctum
Remember me functionality with extended token expiration
Automatic session management

Two-Factor Authentication (2FA)

TOTP-based 2FA compatible with Google Authenticator, Authy, etc.
QR code generation for easy setup
Recovery codes for account recovery

Security PIN

6-digit PIN for sensitive operations
PIN validation rules (no sequential or repeated digits)
Lockout after failed attempts

Password Policy

Minimum 12 characters
Complexity requirements (uppercase, lowercase, numbers, special chars)
Password history (last 5 passwords cannot be reused)
Forced password change on first login or admin reset

Device Management

Track trusted devices
Ability to revoke device access
Device fingerprinting for security

Audit Logging

All authentication events logged
IP address and user agent tracking
Activity timeline for users

Technology Stack

Component	Technology
Backend Framework	Laravel 12
Authentication	Laravel Sanctum
Database	PostgreSQL 15
Cache	Redis 7
Frontend	Vue 3 + TypeScript
UI Framework	Vuexy (Vuetify-based)
Testing	PHPUnit + Cypress

API Base URL

Production: https://identity.vecton.hu/api
Development: http://localhost:8000/api

Quick Links

User Guide - How to use Identity features as an end user
API Reference - Complete API documentation
Backend Development - Backend architecture, APIs and development guide
Frontend Development - Frontend architecture, components and development guide
Security Features - Detailed security implementation

Purpose​

Architecture​

Key Features​

Authentication​

Two-Factor Authentication (2FA)​

Security PIN​

Password Policy​

Device Management​

Audit Logging​

Technology Stack​

API Base URL​

Quick Links​