Security & Identity Patterns

Architectural patterns for securing distributed systems: federated identity, gatekeeper, valet key, and token-based authentication flows.

5 lessons~57 min

What you'll learn

•Design federated identity systems with SSO
•Implement the Gatekeeper pattern for defense in depth
•Use the Valet Key pattern for secure, scoped resource access
•Understand token-based auth flows (JWT, OAuth2) at the architecture level
•Manage API keys across services securely

Federated Identity Pattern

Delegate authentication to external identity providers: SAML, OIDC, SSO flows, identity federation across organizational boundaries.

12m

Medium

Gatekeeper Pattern

A dedicated host that validates and sanitizes requests before forwarding to backend services: defense in depth, DMZ architecture, and request filtering.

10m

Medium

Valet Key Pattern

Grant clients direct but scoped access to resources: pre-signed URLs, SAS tokens, temporary credentials, and minimizing proxy bottlenecks.

10m

High

Token-Based Auth (JWT & OAuth2)

Architectural view of JWT and OAuth2: token issuance, validation, refresh flows, token storage, and securing microservice-to-microservice communication.

15m

High

API Key Management

Generating, rotating, scoping, and revoking API keys: key hierarchies, rate limiting per key, usage analytics, and key storage best practices.

10m

Medium

Start Module