Back to Case Studies
2024Case Studies

Unified Identity & RBAC Blueprint for a Polyglot Microservice Migration

Business Impact

Delivered a production-ready identity foundation adopted across FastAPI, Laravel, Native PHP, NestJS, HonoJS, and the new React portal.

Clerk AuthFirebase OAuth2ReactFastAPILaravelNative PHPNestJSHonoJSRBAC Architecture

The Context

The organization was migrating from a legacy Joomla employee portal into a distributed microservices architecture.

The environment was highly polyglot, with different stacks managed by different teams and skill levels:

  • Python (FastAPI) for data services and several newly built microservices
  • PHP (Laravel, Joomla modules, Native PHP) for legacy and long-standing core systems
  • TypeScript (NestJS & HonoJS) for new backend services
  • React for the new, scalable employee portal frontend

Because no one on the team had prior microservice experience, authentication behaviour quickly became inconsistent across services.

The Challenge

  1. Fragmented authentication patterns
    Each service handled identity differently, making it impossible to maintain a consistent security posture.
  2. Custom JWT approach was too risky
    A custom JWT flow would require maintaining four separate security libraries written by teams with mixed experience.
  3. Firebase OAuth2 SSO was too complex to roll out
    My initial design (Firebase OAuth2 → short-lived JWT → SSO between internal apps) worked technically,
    but it was too difficult for the team to adopt reliably.
  4. Need for a unified and easy-to-implement approach
    Documentation alone resulted in constant implementation errors.
    The team needed ready-to-use, production-grade patterns, not high-level theory.

The Solution — A Unified Identity & RBAC Blueprint

To create consistency without overcomplicating the rollout, I proposed standardizing on Clerk for identity management.
Then I built a complete cross-framework reference that every team could adopt.

1. RBAC & Auth Data Model Design

I designed the foundational RBAC schema:

  • User → Role mapping
  • Service-level access definitions
  • Permissions & claims structure
  • Token claims standard for all services

This established a single source of truth for authorization across the new ecosystem.

2. Scalable React Portal Architecture

I designed and built the new React portal with:

  • Authentication layer integrated with Clerk
  • CASL-based ability controls
  • Modular API clients (absensi, keuangan, sarpras, sdm, etc.)
  • Clean folder structure for components, pages, hooks, layouts, and stores

This codebase became the internal “gold standard” for frontend microservice integration.

3. Cross-Language Identity Reference Implementation

I created a production-ready implementation for verifying Clerk tokens across all active stacks:

  1. FastAPI — custom HTTPBearer dependency with Clerk signature verification
  2. Laravel — middleware enforcing token validation and RBAC mapping
  3. Native PHP (Joomla / legacy systems) — lightweight validation module
  4. NestJS — standardized AuthGuard pattern
  5. HonoJS — minimal middleware for Edge-style services
  6. React — next-step API client patterns and session handling
  7. Postman Collection — unified test suite used across teams

These implementations removed ambiguity and ensured every service validated identity the same way.

4. Developer-Friendly Integration Notes

Instead of generic instructions, I delivered practical, drop-in code:

  • Clear do/don’t rules
  • Full examples for verifying signatures
  • Standard error responses
  • RBAC integration patterns
  • Frontend-to-backend flow diagrams

This reduced dependency on seniors and made onboarding to the new architecture much smoother.

The Result

The identity blueprint successfully unified authentication across FastAPI, Laravel, Native PHP, NestJS, HonoJS, and the new React portal.

  • Security behaviour became consistent across all services
  • RBAC rules followed a single shared standard
  • Developers onboarded new microservices in hours instead of days
  • Identity-related bugs and mismatches dropped dramatically
  • The migration from Joomla gained a stable, future-proof authentication foundation

Even without leading the migration, the identity architecture, RBAC schema, and cross-language implementation work I delivered became a critical backbone for the organization’s microservice strategy.