User Directory
The directory of customer credentials and identities — the source of truth for authentication.
What is this?
The User Directory is the authoritative store for customer credentials and login identities. The OAuth APIOAuth APIServicev1.0.0OAuth-style authentication API for the Identity Provider. Verifies customer credentials and publishes an event when a cu...Publishescustomer-authenticatedSubscribesauthenticate-customerOwnercustomer-platformMapRepoView docs reads from it to verify sign-in attempts. It holds only authentication data — customer profile data lives separately in the Customer Management SystemCustomer Management SystemSystemv1.0.0Internal system that is the source of truth for customer profile data. Owns the customer database and publishes customer...Ownercustomer-platformMapView docs‘s Customer DatabaseCustomer DatabaseContainerv1.0.0
PostgreSQL database that is the system of record for all customer profile data.MapView docs.
What does it store?
- Identities — one record per customer: the login email and a securely hashed credential.
- Login metadata — last login time, multi-factor settings, lockout state.
Why is it separate from the customer profile?
Keeping credentials in a dedicated, regulated-classification store isolates the most sensitive data from general profile data. Authentication is owned by the Identity Provider; the Customer Management System never sees raw credentials.
Security
- Credentials are stored only as salted, hashed values — never in plaintext.
- Access is tightly restricted to the OAuth APIOAuth APIServicev1.0.0
OAuth-style authentication API for the Identity Provider. Verifies customer credentials and publishes an event when a cu...Publishescustomer-authenticatedSubscribesauthenticate-customerOwnercustomer-platformMapRepoView docs under least-privilege roles.