ADR 0001: Separation of Responsibilities Between auth-service and user-service
Status
Accepted
Date
2025-04-11
Context
In our microservices architecture for the Whispr application, we need to precisely define the separation of responsibilities between the authentication service (auth-service) and the user service (user-service). This decision is particularly important as it impacts:
- User data management.
- Multi-device authentication.
- Service autonomy and resilience.
- Performance of frequent authentication operations.
- Implementation complexity of E2E encryption.
Our current architecture uses gRPC for inter-service communication and maintains distinct PostgreSQL databases for each service. We also use Redis for temporary authentication data.
Decision
We have decided to implement controlled denormalization of user data between auth-service and user-service, with the following distribution:
In auth-service (PostgreSQL)
-
users_authtable containing:id(same UUID as in user-service).phoneNumber(unique identifier for authentication).twoFactorSecret(authentication-related data).twoFactorEnabled(flag).lastAuthenticatedAt(timestamp).- Temporal information (
createdAt,updatedAt).
-
Tables related to devices and cryptographic keys:
devices,prekeys,signed_prekeys,identity_keys,backup_codes,login_history.
In user-service (PostgreSQL)
userstable containing the full profile (firstName, lastName, username, etc.) and preferences.
Consequences
Advantages
- Service Autonomy: The auth-service can operate independently for critical operations.
- Performance: No need for synchronous gRPC calls for every authentication check.
- Enhanced Security: Separation of sensitive authentication data from user profile data.
Disadvantages
- Partial Data Duplication: The phone number and user identifier are duplicated.
- Synchronization Required: Mechanisms must be in place to maintain consistency.
Success Metrics
- Authentication operation response time < 200ms.
- auth-service availability > 99.9%.