[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-tgm-auth-api-centralized-single-sign-on-sso-solution":3},{"id":4,"title":5,"slug":6,"excerpt":7,"contentType":8,"content":9,"metadata":10,"status":20,"createdAt":21,"updatedAt":22,"startDate":19,"endDate":19,"isOngoing":11,"featuredImage":23,"projectLinks":24,"contributors":26,"experienceCategory":19,"location":19,"locationType":19,"tags":27,"linkedSkills":43,"roles":59,"isPublished":11,"contentLinks":60,"body":-1,"markdown":-1,"html":-1},"933b4796-dee8-432c-95d8-278d92dd5de9","TGM Auth API: Centralized Single-Sign-On (SSO) Solution","tgm-auth-api-centralized-single-sign-on-sso-solution","A robust SSO API built with Node.js and MySQL, providing centralized user authentication, token management, and granular access control for multiple applications.","PROJECT","## Overview\n\nTGM Auth API is a custom\\-built\\, centralized Single\\-Sign\\-On \\(SSO\\) solution engineered to streamline user authentication across a diverse ecosystem of applications\\. Built on Node\\.js and MySQL\\, this stateful API provides a single\\, secure entry point for users\\, eliminating the need to manage multiple sets of credentials\\. It solves the critical challenge of fragmented user identity by creating a unified authentication layer that enhances both security and user experience through a robust\\, database\\-backed token system\\.\n\nThe system is designed for seamless integration\\, offering a flexible architecture that supports email verification\\, secure session management\\, and granular\\, role\\-based access control\\. By centralizing authentication\\, the TGM Auth API simplifies credential management for administrators and provides users with a frictionless login experience\\. The API is currently live and serves as the core authentication service for the TGM Studios platform\\, including `account.tgmstudios.net`\\.\n\n## Key Features\n\n- **Centralized SSO Authentication\\:** Provides a single source of truth for user identity\\, allowing users to log in once and gain access to multiple authorized applications without re\\-entering credentials\\.\n\n- **Stateful\\, Database\\-Backed Tokens\\:** Implements a custom token\\-based workflow where unique\\, opaque session tokens are generated and stored in the database\\. This stateful approach allows for instant session revocation\\, detailed activity logging\\, and centralized control over user sessions\\.\n\n- **Application\\-Specific Tokens\\:** Features a unique mechanism to generate and attach tokens to specific client applications\\, allowing a user\\'s session to be securely linked and validated on a per\\-application basis\\.\n\n- **Email Verification\\:** Ensures the validity of user accounts by requiring email confirmation upon registration\\, adding a crucial layer of security and preventing spam or fraudulent sign\\-ups\\.\n\n- **Granular Access Control\\:** Allows for the definition and enforcement of specific roles and permissions\\, ensuring that users can only access the resources and perform the actions appropriate for their authorization level\\.\n\n## Technologies \\& Implementation\n\nThe TGM Auth API is built on a reliable and scalable backend stack\\, chosen specifically for the demands of a high\\-availability authentication service\\.\n\n- **Backend\\: Node\\.js** was selected for its event\\-driven\\, non\\-blocking I\\\u002FO model\\, making it highly efficient for handling numerous concurrent authentication requests\\. The API is built upon the **Express\\.js** framework for its robust and minimalist approach to routing and middleware\\.\n\n- **Database\\: MySQL** serves as the data store\\, chosen for its proven reliability and data integrity\\. It is the backbone of the stateful architecture\\, managing user credentials\\, session tokens\\, roles\\, and relational permissions data\\.\n\n- **Architecture\\:** The system is architected as a stateful REST API\\. When a user authenticates\\, the API generates a unique\\, opaque token\\, stores it in the database with user and client metadata\\, and returns it to the client\\. This token is then passed with subsequent requests to other services\\. To authorize the user\\, those services must call a validation endpoint on the TGM Auth API\\, which verifies the token against the database\\. This design centralizes security and session control\\, creating a resilient and manageable microservices environment\\.\n\n```mermaid\ngraph TD\n    A[\"User\"] --> B[\"Client Application (e.g., account.tgmstudios.net)\"];\n    B --> C[\"POST \u002Flogin to TGM Auth API\"];\n    C --> D[\"MySQL Database\"];\n    D -- \"Verify Credentials\" --> C;\n    C -- \"Issue Opaque Token & Store in DB\" --> B;\n    B -- \"Store Session Token\" --> A;\n    A --> E[\"Access Protected Service\"];\n    E -- \"Request with Token\" --> F[\"Another Application\"];\n    F -- \"Validate Token via Auth API (DB Lookup)\" --> E;\n    E -- \"Return Protected Resource\" --> A;\n\n```\n\n## Challenges \\& Solutions\n\nOne of the primary challenges was designing a system that could provide secure authentication across multiple services while retaining central control and the ability to instantly revoke user sessions\\. A stateless approach using self\\-contained tokens like JWTs would make immediate session termination difficult without complex revocation list management\\.\n\nTo solve this\\, I implemented a custom\\, stateful\\, database\\-backed token system\\. Upon a successful login\\, the API generates a cryptographically secure random string that acts as an opaque token\\. This token is stored in a dedicated table in the MySQL database\\, linked to the user\\'s ID\\, client IP\\, and an expiration timestamp\\. When a client application needs to verify a user\\'s session\\, it makes a request to the Auth API\\'s validation endpoint\\. The API then performs a direct lookup in the database to confirm the token is valid\\, active\\, and matches the request context \\(e\\.g\\.\\, IP address\\)\\. This design provides significant security advantages\\, including the ability to instantly invalidate any token by simply deleting its record from the database\\, ensuring robust and centralized session control\\.\n\n## Results \\& Impact\n\nThe TGM Auth API successfully centralizes authentication for the TGM Studios digital ecosystem\\, providing a stable and secure foundation for user management\\.\n\n- **Improved User Experience\\:** Users now enjoy a streamlined\\, single\\-login experience across all connected platforms\\, significantly reducing friction and frustration\\.\n\n- **Enhanced Security\\:** By consolidating authentication logic and implementing a stateful\\, database\\-backed token system\\, the overall security posture is significantly improved\\. It provides a single point for enforcing security measures\\, monitoring activity\\, and instantly revoking sessions\\.\n\n- **Developer Efficiency\\:** Other application developers no longer need to implement their own authentication logic\\. They simply integrate with a single\\, well\\-documented API\\, saving significant development time and reducing the risk of security vulnerabilities\\. The system is live and actively manages user accounts via its endpoint at `auth.tgmstudios.net`\\.\n\n\\{TODO\\: Add screenshot of the user account portal at account\\.tgmstudios\\.net\\}\n\n## Links\n\n- [View on GitHub](https:\u002F\u002Fgithub.com\u002Ftgmstudios\u002Ftgm-auth)\n\n- [Live Account Portal](https:\u002F\u002Faccount.tgmstudios.net\u002F)\n\n- [Live API Endpoint](https:\u002F\u002Fauth.tgmstudios.net\u002F)",{"isOngoing":11,"aiGenerated":11,"generatedAt":12,"contributors":13,"projectLinks":14},true,"2025-11-16T23:33:57.876Z",[],{"other":15,"github":18,"devpost":19},[16,17],"https:\u002F\u002Faccount.tgmstudios.net\u002F","https:\u002F\u002Fauth.tgmstudios.net\u002F","https:\u002F\u002Fgithub.com\u002Ftgmstudios\u002Ftgm-auth",null,"PUBLISHED","2025-11-16T23:33:58.564Z","2026-01-23T23:41:39.600Z","https:\u002F\u002Fapi.foligo.tech\u002Fapi\u002Fmedia\u002Fe7f55c58-263d-460a-ba5b-4f8fac7c4f42\u002Ffile",{"other":25,"github":18,"devpost":19},[16,17],[],[28,32,36,39],{"id":29,"name":30,"category":31},"dcc92d45-fe23-40bc-9fdb-9ff140db01f6","API Design","Technical",{"id":33,"name":34,"category":35},"5e2b9ca4-041a-4618-adf0-0d3685ce5d5d","SSO","Feature",{"id":37,"name":38,"category":35},"3cae1234-cb3c-4e82-a41d-df0e7b6bd4de","Authentication",{"id":40,"name":41,"category":42},"d7643837-b7fb-4503-9a62-776b3beb765c","Backend","Domain",[44,48,52,55],{"id":45,"name":46,"category":47},"153dbaa9-b2f5-4f68-9046-0957dde01a10","Node.js","Backend Framework",{"id":49,"name":50,"category":51},"83430b92-36d9-4160-ba02-2044e783141c","MySQL","Database",{"id":53,"name":54,"category":47},"8181b1db-5597-4d12-8625-a37d4a3c2e94","Express.js",{"id":56,"name":57,"category":58},"5d3bacda-f2ca-40ab-a6df-9540d4ff3c5e","REST API","API",[],[61,68,77,86],{"id":62,"sourceId":63,"targetId":4,"sourceType":8,"targetType":64,"linkType":65,"createdAt":66,"updatedAt":66,"linkedContent":67},"acf76261-a89f-4754-ac86-2a14c5abc594","42f0de66-8545-4ced-a373-74745cb253dd","content","related","2025-11-27T08:04:18.529Z",{"id":4,"title":5,"slug":6,"excerpt":7,"contentType":8},{"id":69,"sourceId":4,"targetId":70,"sourceType":64,"targetType":8,"linkType":71,"createdAt":72,"updatedAt":72,"linkedContent":73},"147c9500-bf6e-4716-9b5c-713adc0d6de8","e83cdab8-1588-4106-8372-7d50aafa6a01","prerequisite","2025-11-27T08:04:18.437Z",{"id":70,"title":74,"slug":75,"excerpt":76,"contentType":8},"TGM.One: Interactive 3D Portfolio & Blog Platform","tgmone-interactive-3d-portfolio-blog-platform","A modern portfolio website built with Nuxt 3 and Three.js, featuring an interactive 3D globe to visualize projects, a full-featured blog, and a CI\u002FCD pipeline.",{"id":78,"sourceId":4,"targetId":79,"sourceType":64,"targetType":8,"linkType":80,"createdAt":81,"updatedAt":81,"linkedContent":82},"4508ca19-fc76-4ff0-b4ce-d401464b93e5","aaa648b7-ba00-4601-bf43-dd12ef791e22","complementary","2025-11-17T03:58:50.170Z",{"id":79,"title":83,"slug":84,"excerpt":85,"contentType":8},"TGMmine: Remote Management & OTA Platform for Crypto Mining","tgmmine-remote-management-ota-platform-for-crypto-mining","Engineered a comprehensive remote management platform for a Windows crypto mining client, featuring a Node.js API, OTA updates, and automated crash handling.",{"id":87,"sourceId":63,"targetId":4,"sourceType":8,"targetType":64,"linkType":88,"createdAt":89,"updatedAt":89,"linkedContent":90},"26a24150-d135-436d-a7d6-be7cdae9c877","sequential","2025-11-17T03:58:50.145Z",{"id":4,"title":5,"slug":6,"excerpt":7,"contentType":8}]