Sentinel Auth | Case Study | Ashenafi Pawlos

01 Project Overview

Sentinel Auth is a standalone authentication microservice designed to be dropped into any project that needs robust authentication. It provides JWT-based authentication with TOTP two-factor authentication, API key management for service-to-service communication, comprehensive audit logging for security monitoring, and rate limiting to prevent abuse.

02 Problem Statement

Many projects implement authentication as an afterthought, leading to security vulnerabilities and inconsistent implementations. There was a need for a well-tested, reusable authentication service that handles the complexity of secure user authentication, multi-factor verification, and API access control in a single, deployable package.

03 Key Features

JWT Authentication

Access and refresh token pair with configurable expiration, token blacklisting, and secure rotation.

TOTP Two-Factor Auth

Time-based one-time passwords compatible with authenticator apps. QR code generation for easy setup.

API Key Management

Create, revoke, and manage API keys for service-to-service authentication with scope-based permissions.

Audit Logging

Comprehensive logging of all authentication events: logins, failures, key usage, and MFA events.

04 Technology Stack

Python Django 5.2 DRF SimpleJWT pyotp Docker GitHub Actions Tailwind CSS

05 Architecture & Design

Request → Rate Limiter → Authentication Middleware

↓

Auth Flow → JWT Validation | TOTP Verification | API Key Check

↓

Services → User Service | Token Service | MFA Service | Key Service

↓

Persistence → Database (Users, Tokens, Keys) | Audit Log

06 Challenges & Solutions

Secure TOTP Implementation

Challenge: Implementing TOTP in a way that is both secure and user-friendly. Solution: Used pyotp for standards-compliant TOTP generation, with QR code provisioning and backup codes for account recovery.

Token Lifecycle Management

Challenge: Managing JWT token lifecycle, creation, refresh, and revocation. Solution: Implemented token blacklisting for logout support and a dual-token strategy with short-lived access tokens and longer-lived refresh tokens.

07 DevOps & CI/CD

The project uses Docker for containerized development and deployment. GitHub Actions handles CI/CD with automated testing and linting. The service is designed to be easily deployable as a standalone microservice or integrated into a larger application.

08 Impact

Sentinel Auth demonstrates production-grade authentication engineering, the kind of auth system that many projects need but few build properly. It showcases deep understanding of security patterns, token management, and multi-factor authentication implementation.