Main Identity Service

The Identity Service is the centralized authentication and authorization layer for the entire Vecton platform. Every user — whether an admin, store manager, or warehouse operator — authenticates through this service.

For detailed documentation, see the dedicated Identity Service section.

Role in the Platform

  Tenant Frontend ──┐
  Admin Frontend ───┤──▶ Identity Backend ──▶ PostgreSQL (identity schema)
  Identity Frontend ┘         │
                              ├──▶ Redis (sessions, rate limiting)
                              └──▶ Audit Log

The Identity Service acts as a gateway:

All frontends redirect to the Identity login page for authentication
All backends validate tokens against the Identity API via OAuth2 introspection
Service-to-service communication uses client credentials grants

Key Capabilities

Feature	Description
JWT/Sanctum Tokens	Bearer token authentication with 24-hour expiry
Two-Factor Auth (2FA)	TOTP-based (RFC 6238) with recovery codes
PIN Authentication	6-digit PIN for quick access with brute-force protection
Password Policies	12-char minimum, complexity rules, last-5 history
Device Management	Track and revoke sessions per device
OAuth2 Server	Client credentials for service-to-service auth
Audit Logging	15+ event types with 365-day retention
Multi-Tenant	All data scoped by tenant_id, full isolation

Tech Stack

Layer	Technology
Backend	Laravel 12 + Sanctum
Frontend	Vue 3 + TypeScript + Vuexy (Vuetify-based)
Database	PostgreSQL 16 (identity schema)
Cache	Redis 7
Server	FrankenPHP (Octane)

API Base URL

Environment	URL
Production	`https://identity.vecton.hu/api`
Development	`http://localhost:8000/api`

Integration

Other services integrate with Identity via:

Token Validation (Backend-to-Backend)

// Laravel middleware validates Bearer token against Identity API
// Automatic via Sanctum token guard
$user = Auth::user(); // Resolved from Bearer token

OAuth2 Client Credentials (Service-to-Service)

curl -X POST https://identity.vecton.hu/api/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=service"

All tenant and admin frontends redirect unauthenticated users to the Identity login page. After successful login, the user is redirected back with a valid token.

Identity Overview — Architecture and feature details
User Guide — End-user documentation
API Reference — Complete REST API docs
Security — Security architecture and compliance

Role in the Platform​

Key Capabilities​

Tech Stack​

API Base URL​

Integration​

Token Validation (Backend-to-Backend)​

OAuth2 Client Credentials (Service-to-Service)​

Login Redirect (Frontend)​

Related Documentation​