RDNLabs
System Design

Identity Platform Architecture

Layered architecture with CQRS, domain-driven design, and comprehensive security patterns.

System Overview

Next.js 16

React 19

.NET 10 API

ASP.NET Core

Endpoints

MediatR

Domain

SQL Server

EF Core 10

Backend Architecture

1

Endpoints Layer

RESTful API controllers organized by feature area. Versioned routes with Swagger documentation spanning auth, passwordless OTP, passkeys, multi-channel, OAuth 2.0/OIDC, DPoP, Device Authorization Grant, notifications, API keys, and more.

2

CQRS Handlers

MediatR command and query handlers organized by feature. Pipeline behaviors for logging, validation, and exception handling.

3

Domain Layer

Entity models with business logic, audit tracking, and soft-delete support. Domain events published via MediatR for webhook integration.

4

Persistence Layer

Entity Framework Core with automatic audit field population, soft-delete query filters, and Data Protection encryption.

5

Authentication Pipeline

JWT tokens with 12 signing algorithms (HMAC, RSA, RSA-PSS, ECDSA) and DPoP proof-of-possession binding, passkey/WebAuthn (FIDO2), passwordless OTP (email/SMS), multi-channel auth (SMS via ACS, WhatsApp via Twilio), 2FA with TOTP and OAuth-aware password handling, magic links, QR code login (QR emailed to user), external OAuth login (6 providers) with 2FA enforcement, tenant-level password expiration, SMS password reset, phone-based account recovery, per-client login method configuration, and a full OAuth 2.0-compliant authorization server with PKCE, Device Authorization Grant, custom claims, SSO session management (sid, auth_time, max_age), and back-channel logout.

6

Background Services

Automated cleanup of expired tokens and codes, async webhook delivery with exponential backoff retries, and audited user notifications for login alerts and password changes via SMS and email.

Project Structure

API

.NET 10 backend with feature-based endpoint organization, CQRS command/query handlers, and domain-driven design.

Domain

Core entity models, business logic, domain events, and persistence abstractions.

Web

Next.js 16 frontend with App Router, route groups for auth/workspace/admin flows, and shared component library.

MCP Server

Model Context Protocol server exposing platform management tools for AI agent administration.

Test Suite

Comprehensive test coverage with unit tests, integration tests, and validation rule tests using xUnit and FluentAssertions.

Frontend Architecture

(auth)

Public Routes

  • /login - Login + 2FA + social + OTP
  • /register - Multi-step signup
  • /forgot-password - Email + SMS
  • /account-recovery - Phone-based
  • /magic-link - Passwordless email
  • /qr-login - QR code login via email
  • /email-otp, /sms-otp - OTP login
  • /oauth/authorize - Consent

(workspace)

Protected

  • /dashboard - Checklist + security
  • /profile - Info, password, 2FA, passkeys
  • /profile - Notification preferences

(admin)

Permission-Protected

  • /admin/users - User mgmt
  • /admin/tenants
  • /admin/roles
  • /admin/oauth-clients, scopes, claims
  • /admin/webhooks
  • /admin/api-keys
  • /admin/agent - AI chat
  • /admin/settings

API Client

HTTP Layer

  • JWT injection via cookies
  • Silent token refresh

Technology Stack

Backend

.NET 10
ASP.NET Core
EF Core 10.0
MediatR
FluentValidation
AutoMapper
Fido2.AspNet (WebAuthn)
Azure Comm. Services
Twilio SDK
Serilog

Frontend

Next.js 16
React 19
TypeScript 5.9
Tailwind CSS 4
WebAuthn API
React Icons
App Router

Quick Start

1

Clone Repo

git clone github.com/...
2

Configure

Edit appsettings.json
3

Run API

dotnet run
4

Run Web

npm run dev