AuthGeek Demo
Stack Operational & Secured

Enterprise Security Demonstrated

Experience the Zero-Trust Edge in action. Select your path to explore policy-driven access controls, instantaneous edge mitigation, and distributed identity.

Interactive Model

Step through the finite state machine visually. See exactly how tokens are verified and policies evaluated at the edge.

Launch Analysis

Live IDP Discovery

Inspect the live OIDC discovery document — the contract that tells the gateway where to redirect users, which signing keys to trust, and how to validate tokens.

View Discovery Doc

Identity Journey

Watch every user start as a machine. Track the precise moment a machine credential becomes a human session via APISIX + Keycloak.

Trace the Journey
OIDC

Federation Flow

Step through OIDC federation end-to-end. See how Keycloak brokers identity from external sources.

Trace the Flow
NEW

Identity Bridge

Address enterprise pushback. See how 'Silent Auth' and 'RelayState' solve existing system migration with zero friction.

Bridge Identity
LIVE

Gateway Pattern: Live APISIX Demo

Log in as any user tier and fire real requests through Apache APISIX. Watch real JWKS-verified JWT validation and user-context header injection happen live — the full open-source path: APISIX + Keycloak + OPA + Enterprise IDP federation.

Launch Live Demo
NEW

Sidecar Pattern: OPA Next to the Workload

Same JWT verification at the gateway — but the authorization decision moves off the gateway entirely. Each service gets its own co-located OPA sidecar, reachable only at localhost. Compare directly with the gateway pattern above.

Launch Live Demo
NEW

BFF Pattern: Opaque Sessions & Instant Revocation

The token never touches the browser — it holds only an opaque session id. Log in, call an endpoint, log out, then call again and watch it 401 on the very next request. No waiting for a JWT to expire.

Launch Live Demo
NEW

Try to Break It

A forged JWT, a tier-escalation attempt, a request with no credentials, a replayed session after logout — four real attacks fired at the live stack, each annotated with which layer caught it: the gateway's signature check, OPA's policy, or the BFF's session store.

Launch Live Demo
NEW

Step-Up Auth Lab

Test adaptive Zero-Trust edge authentication natively. Intentionally trigger OPA denied API requests to fire OIDC ACR step-up flows.

Test Credentials
  • basic.user / password123
  • premium.user / password123
Enter Auth Lab
NEW

Step-Up Flow Analytics

Interactive visualization of Level of Assurance (LOA) step-up. See how the App, Gateway, and IDP interact to challenge a user's session natively.

Analyze the Flow
ROI

Feature Lab

Ditch expensive SaaS vendors. Leverage OPA to drive cohort-based feature flags at the edge with zero per-user costs and single-digit millisecond latency.

Analyze ROI

The "Aha" Moment

Reduce duplicated auth logic across every service, eliminate security drift between teams, and change a policy without touching a single line of application code.

Before: The Monolith

Spaghetti Auth Logic

  • Every microservice implements its own JWT verification routines.
  • Business logic is tightly coupled with hardcoded RBAC permissions.
  • Updating a security policy requires redeploying the entire application.
The Migration Path

Federated Bridge

  • New gateway intercepts traffic while your existing identity system continues operating unchanged.
  • SP federation bridges old and new identity systems — swap the IDP when the time is right.
  • Backends receive identical headers — zero re-deployment required during migration.
After: Zero-Trust Edge

Decoupled Edge Security

  • APISIX Gateway intercepts & validates all tokens implicitly.
  • Open Policy Agent (OPA) evaluates permissions externally via REGO.
  • Applications receive clean, pre-authorized requests. No auth code needed.

Need an Architecture Like This?

I specialize in secure, Zero-Trust cloud environments and decentralized identity architecture. While happily employed full-time, I'm selectively open to consulting, architecture advisory work, and contracts that align with my expertise in edge authorization design.