Problem Understanding
Restate the problem in your own words.
Design an OAuth / OIDC Auth Server (Okta / Auth0)
Design an Okta / Auth0-class auth server: users sign in with password, social IdP, or magic link; complete MFA (TOTP / WebAuthn / SMS); get a short-lived JWT access token + refresh token; and resources behind the platform validate the JWT in sub-5 ms using cached JWKS. Third-party apps use the OIDC code + PKCE flow to obtain user tokens. Refresh tokens rotate on every use with theft detection. Sessions can be revoked per-device or globally within ~60 s. The decisive trade-offs are stateless JWT vs server-side session, refresh-token TTL vs UX friction, and which MFA factors to offer.
- Auth0 (now Okta CIC)B2C identity-as-a-service; OIDC + social + enterprise.
- OktaEnterprise IdP with SAML + OIDC + lifecycle management.
- AWS CognitoB2C identity for AWS-native stacks.
- Firebase Auth / Supabase AuthDeveloper-first identity bundled with BaaS.
- KeycloakOpen-source IdP; reference implementation of OIDC + SAML.
Your task: read the problem above, then write what the system is, who uses it, the rough scale, and the headline UX expectation — in your own words. Submit for AI review when you're ready.
Click any step in the sidebar to jump around — sections don't have to be done in order. Press ? any time to see all shortcuts.