This post walks through how we built federated SSO login for a multi-tenant SaaS platform, supporting both Google Workspace and Microsoft Entra ID as external identity providers (IdPs). The architecture sits on top of Ory Hydra — an OAuth2/OpenID Connect server — and handles token verification, user provisioning, and identity linkage entirely in the backend. […]
Multiple-provider SSO with Ory Hydra Read More »
Credential stuffing, brute-force attacks, and automated account takeover attempts are a daily reality for any public-facing web application. Your login endpoint is the most targeted surface in your infrastructure — and it deserves dedicated protection beyond generic firewall rules. This post walks through a production-grade AWS WAF configuration scoped exclusively to a login endpoint, built
App endpoints brute force protection with Aws Waf and Cdk Read More »
Modern APIs need to be secure, versioned, and independently scalable without ops overhead. This post walks through how we built a production REST API using AWS API Gateway, AWS Lambda, and Go — deployed entirely with AWS CDK. We’ll cover the full architecture: request routing, custom API key authorization, multi-Lambda design, and CloudWatch alerting wired
Building a serverless Rest API on AWS Read More »
A Production Architecture Guide OAuth2 is the backbone of modern authorization, but building it correctly at scale is harder than it looks. In this post, I’ll walk through how we implemented Ory Hydra — a certified OAuth2 and OpenID Connect server — in a production cloud environment. I’ll cover the infrastructure design, client registration, the
Implementing OAuth2 with Ory Hydra Read More »
