Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Evolving Auth0's architecture: From 0 to 2.5+ billion logins per month in 5 years

Evolving Auth0's architecture: From 0 to 2.5+ billion logins per month in 5 years

In recent years, we’ve seen the emergence of a new form of technology scale. Today’s emerging technologies—which rapidly grow to millions of users—don’t sell products or services. Instead they build a platform on which others can create value. However, these new platforms often fail because the design and growth strategies involved in building them are complex, resource intensive, and expensive to scale. Despite this massive challenge, many companies in the identity and access management (IAM) and customer identity and access management (CIAM) space are still building their own IDaaS platform internally—and oftentimes failing to achieve their goals.

Damian Schenkelman dives into the complexities, resources, and scalability challenges Auth0 has faced in creating an IDaaS platform that securely manages more than 2.5 billion logins per month. You’ll explore specific scenarios including scaling password hashing, user search, and designing across multiple cloud regions, among others.

Damian Schenkelman

February 25, 2020

More Decks by Damian Schenkelman

Other Decks in Programming


  1. Evolving Auth0's architecture From 0 to 2.5+ billion logins per

    month in 5 years Damian Schenkelman Principal Engineer @ Auth0
  2. Lay of the land Scale Reliability Security User Management Protocols

    Session Management Authorization Anomaly Detection User Search Identity Providers Auditing Credential Stuffing Trust Pillars Features Experiences UIs Support SDKs Docs APIs
  3. IAM

  4. “The code” if (opts.search) { var searchFilter = { $or:

    [ { name: {'$regex': opts.search, '$options': 'i'} }, { email: {'$regex': opts.search, '$options': 'i'} } ]}; queryDocument = {$and: [queryDocument, searchFilter]}; }
  5. Cardinality "zipCodes": { "98004": 1234, "98005": 5678, } "zipCodes": [

    { "value": "98004", "mapping": 1234 }, { "value": "98005", "mapping": 5678 } ]
  6. Partitioning Users Single Tenant Partition N Single Tenant Partition 1

    Multi Tenant Partition N Multi Tenant Partition 1
  7. End Scenario Client Access Token Username + Password Auth0 Authentication

    API Auth0 Identity Provider Users Store bcrypt service
  8. Extensible const confidence = context.anomalyDetection && context.anomalyDetection.confidence || 'low'; if

    (confidence === 'low') { /* block */ } if (confidence === 'medium') { /* ask for mfa */ }
  9. Scoring Model Client Credentials Auth0 Authentication API Kinesis Logs Enhance

    Logs Kinesis Anonymized Auth Attempts Scoring Service