PVPipe ms-auth Documentation
This directory contains comprehensive documentation for the PVPipe Authentication microservice, including biometric authentication, WebAuthn/passkey support, and deployment guides.
Documentation Structure
Core API Documentation
- API.md - Complete API reference with all endpoints, authentication types, and integration examples
- BIOMETRIC_GUIDE.md - Comprehensive biometric authentication implementation guide
- WEBAUTHN_IMPLEMENTATION.md - WebAuthn/passkey implementation for modern passwordless auth
Implementation Guides
- mobile-integration-guide.md - iOS, Android, and React Native integration guide
- security-architecture.md - Security model, cryptographic standards, and compliance
- deployment-guide.md - Production deployment with Kubernetes, security hardening
Specialized Topics
- PUSH_NOTIFICATIONS.md - Firebase FCM integration for cross-device notifications
Quick Start
For API Consumers
- Read API.md for complete endpoint reference
- Check mobile-integration-guide.md for platform-specific implementations
- Review security-architecture.md for security requirements
For Mobile Developers
- Start with BIOMETRIC_GUIDE.md for biometric authentication overview
- Follow mobile-integration-guide.md for your platform (iOS/Android/React Native)
- Configure PUSH_NOTIFICATIONS.md for cross-device workflows
For Web Developers
- Review API.md for standard authentication endpoints
- Implement WEBAUTHN_IMPLEMENTATION.md for passwordless login
- Set up action confirmation flows using biometric endpoints
For DevOps/SysAdmins
- Follow deployment-guide.md for production deployment
- Review security-architecture.md for security hardening
- Configure monitoring and alerting as documented
Authentication Methods Supported
Standard Authentication
- Username/password login with JWT tokens
- Token refresh and revocation
- Multi-factor authentication (TOTP)
Biometric Authentication
- Mobile device registration with public key cryptography
- Biometric login (TouchID, FaceID, Fingerprint)
- Cross-device action confirmation
- Push notification integration
WebAuthn/Passkey
- Platform authenticators (built-in biometrics)
- External security keys (YubiKey, etc.)
- Resident credentials (passkeys)
- Cross-platform synchronization
Security Features
- Zero Trust Architecture: Every request authenticated and validated
- Cryptographic Security: ES256/RS256/PS256 signatures, AES-256-GCM encryption
- Device Binding: Tokens tied to specific registered devices
- Token Differentiation: Multiple token types with appropriate lifetimes
- Comprehensive Auditing: Full security event logging
- Vietnamese Compliance: Meets enterprise regulatory requirements
Architecture Overview
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β Web Client β β Mobile Client β β External Key β
β (WebAuthn) β β (Biometric) β β (Security Key) β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β β β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β
ββββββββββββββββ
β API Gateway β
β (Traefik) β
ββββββββββββββββ
β
ββββββββββββββββ
β ms-auth β
β Service β
ββββββββββββββββ
β
βββββββββββββββΌββββββββββββββ
β β β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
βPostgreSQL β β Redis β β Firebase β
β Database β β Cache β β FCM β
βββββββββββββββ βββββββββββββββ βββββββββββββββService Capabilities
Multi-Platform Support
- Web: WebAuthn/passkey authentication
- Mobile: Native biometric authentication (iOS/Android/React Native)
- Cross-Device: Action confirmation across devices
- Enterprise: Vietnamese compliance and audit requirements
Token Types
- Standard Access/Refresh: Web authentication (8h/30d)
- Biometric Access/Refresh: Mobile authentication (15min/30d)
- Action Confirmation: Single-use sensitive operations (5min)
- WebAuthn: Passwordless web authentication
Security Standards
- Cryptography: ES256 (recommended), RS256, PS256
- Encryption: AES-256-GCM for sensitive fields
- Compliance: Vietnamese digital signature law
- Audit: Comprehensive security event logging
Recent Changes (2025-08-13)
Documentation Reorganization
- Consolidated API Documentation: Combined multiple API docs into single comprehensive reference
- Unified Biometric Guide: Merged 4 separate biometric documents into cohesive implementation guide
- Added WebAuthn Support: New comprehensive WebAuthn/passkey implementation documentation
- Removed Redundancies: Eliminated duplicate information across multiple files
Files Reorganized
Created:
API.md- Complete API reference (consolidated fromapi-guidelines.md+biometric-api-complete.md)BIOMETRIC_GUIDE.md- Unified implementation guide (consolidated from 4 separate biometric docs)WEBAUTHN_IMPLEMENTATION.md- New WebAuthn/passkey implementation guideREADME.md- This documentation index
Removed (consolidated into above):
api-guidelines.mdβ merged intoAPI.mdbiometric-api-complete.mdβ merged intoAPI.mdBIOMETRIC_IMPLEMENTATION.mdβ merged intoBIOMETRIC_GUIDE.mdBIOMETRIC_JWT_EXAMPLES.mdβ merged intoBIOMETRIC_GUIDE.mdIMPLEMENTATION_REPORT.mdβ merged intoBIOMETRIC_GUIDE.mdJWT_BIOMETRIC_IMPLEMENTATION_REPORT.mdβ merged intoBIOMETRIC_GUIDE.mdJWT_TOKEN_DIFFERENTIATION_REPORT.mdβ merged intoBIOMETRIC_GUIDE.md
Retained (specialized content):
deployment-guide.md- Production deployment guidemobile-integration-guide.md- Platform-specific mobile integrationsecurity-architecture.md- Security model and compliancePUSH_NOTIFICATIONS.md- Firebase FCM setup details
Support and Integration
Getting Help
- API Issues: Check API.md for complete endpoint documentation
- Mobile Integration: See mobile-integration-guide.md for platform guides
- Security Questions: Review security-architecture.md for compliance
- Deployment Issues: Follow deployment-guide.md for production setup
Example Implementations
All documentation includes comprehensive examples for:
- JavaScript/TypeScript (Web, React, React Native)
- Swift (iOS native)
- Kotlin (Android native)
- Go (server-side)
- Docker/Kubernetes deployment configurations
This documentation structure provides clear, comprehensive guidance for implementing and deploying the PVPipe authentication service across all supported platforms and use cases.