Skip to main content

Auth Service

3 min read
Active Project
Documentation →
Type:
Personal Tool
Status:
Active
Project:
Solo Project
Table of contents

Current Usage

Currently used by:

  • IdeaHub
  • Resource Hub

Supports:

  • Google Login
  • Email & Password Authentication

Why I Built It

Instead of copying authentication code into every project I built, I wanted a centralized authentication service that could be integrated across multiple personal products.

At that time, I wasn't aware of services like Clerk, BetterAuth, etc., so I decided to build one myself.

Technical Decisions

1. Asymmetric JWT Authentication

While building the service, I learned about asymmetric cryptography and implemented it.

Why?

This allows applications to verify JWT tokens without sharing the private signing key.

Benefit

I don't need to share the secret used for signing tokens across all my personal products.

2. Local Token Verification

I decided to expose a token verification route that applications could use to establish their own sessions.

Applications verify tokens locally instead of calling Auth Service on every request.

Why?

If every request from every application hits Auth Service, Auth Service becomes a bottleneck and can crash under load.

3. Timing Attack Protection

While building login functionality, I learned about timing attacks.

Problem

Attackers can sometimes identify whether a user exists by measuring login response times.

Solution

When a user does not exist, I still perform bcrypt comparison using a dummy hash.

Benefit

Response times remain more consistent.

4. Async Email Workflow

Built an asynchronous email processing pipeline using:

SNS → SQS → Lambda

Additional Components:

  • Dead Letter Queue
  • CloudWatch Alarms

Purpose

Send transactional emails in the background.

Challenges & Lessons Learned

Email Workflow Failure

After a few months, the async workflow silently stopped working.

I stopped receiving emails.

Initial Situation

I couldn't understand why the workflow was failing.

Root Cause

The Gmail App Password used by Nodemailer had expired.

Resolution

Migrated email delivery to Resend.

Lesson

Infrastructure dependencies fail silently if not monitored properly.

Debugging

Over-Engineering

I realized I had over-engineered the email delivery architecture for my scale.

At that time:

Users on platform = 0

Yet I had:

SNS SQS Lambda DLQ CloudWatch

Realization

The architecture was unnecessary for my scale.

However, it gave me exposure to AWS services and large-scale email architectures.

Debugging

Cookie Session Debugging

Spent nearly a week debugging cookie-based session persistence.

What Happened

User sessions were not surviving page refreshes.

I experimented with different cookie configurations until the issue was resolved.

Outcome

Developed a deep understanding of:

  • Cookie attributes.
  • Session persistence.
  • Browser behavior.

Impact

Auth Service is actively used by IdeaHub and Resource Hub, providing centralized authentication across personal products.

Future Vision

1. Access & Refresh Token Architecture

Implement proper session renewal mechanism.

2. Email Verification

Implement user verification flow.

Technologies Used

ExpressMongoDBAWS SNSAWS SQSAWS LambdaJWTGoogle OAuthDocker

Related Projects

IdeaHub

Centralized platform for capturing product ideas and thoughts, with soft delete and Auth Service integration.

Resource Hub

Centralized platform for managing resource links with pre-signed URL uploads and Auth Service integration.

Lakshay Mahajan

Backend Engineer focused on building reliable systems with Node.js, MongoDB, and AWS.

Connect

© 2026 Lakshay Mahajan