Identity Service
NestJS:8016Core
The Identity Service handles user authentication, account management, and JWT token operations. It supports dual database mode (MSSQL + MongoDB) and can run as both HTTP server and RabbitMQ worker.
Architecture
Identity Service Architecture
Loading diagram...
Key Features
- User Authentication — Login, logout, password management
- JWT Token Management — Access tokens (1h), refresh tokens (7d), S2S tokens
- Account Management — User creation, updates, deactivation
- SSO Integration — OpenAM Single Sign-On support
- OTP — One-time password generation and verification (5min TTL)
- Push Notifications — Firebase (Android) and APNs (iOS) device registration
- Dual Mode — HTTP API + RabbitMQ worker mode
API Endpoints
POST
/api/identity/loginAuthenticate user and return JWT tokens
POST
/api/identity/refresh-tokenRefresh access token using refresh token
POST
/api/identity/logoutInvalidate session and tokens
POST
/api/identity/registerRegister new user account
POST
/api/identity/otp/generateGenerate one-time password
POST
/api/identity/otp/verifyVerify one-time password
GET
/api/identity/users/:idGet user details by ID
PUT
/api/identity/users/:idUpdate user account
Configuration
| Name | Type | Default | Description |
|---|---|---|---|
| PORT | number | 8016 | Service listening port |
| DB_HOST | string | localhost | MSSQL server host |
| DB_USERNAME | string | - | Database username |
| DB_PASSWORD | string | - | Database password |
| MONGO_URI | string | - | MongoDB connection string |
| JWT_SECRET | string | - | JWT signing secret |
| JWT_ACCESS_EXPIRY | string | 1h | Access token expiration |
| JWT_REFRESH_EXPIRY | string | 7d | Refresh token expiration |
| REDIS_HOST | string | localhost | Redis host |
| RABBITMQ_URIS | string | - | RabbitMQ connection URIs |
RabbitMQ Integration
Publishes to:
identity_eventsexchange — User lifecycle eventssession_managerexchange — Session created/destroyed events
Consumes from:
- OTP request queue — Processes OTP generation requests
Database
- MSSQL — User account data, role mappings
- MongoDB — Credentials, device tokens, flexible user metadata
Dependencies
- Media Service — Excel/PDF generation for user exports
- Redis — Token caching, session storage