Tide enhances user experience and security with launch of new features

Industry

Technology

AWS Fargate Cluster AWS S3 AWS SNS Java 11 JOOQ MySQL Database Spring Security

Introduction

NashTech worked closely with leading fintech, Tide, to help create new features that enhanced user experience and security of existing systems.

About Tide

Tide is one of the fastest growing fintech which is revolutionising how small businesses manage their money admin. Tide is creating the product from scratch, which takes the stress and paperwork out of the business admin.

Challenges

The existing system supports login for the one existing service that has all the users created within. Other services of tide, such as marketplace and other 3rd party services, do not have these users, and because of this these users have to create their credentials in their respective services, the main goal is to have a single user base that can be used across multiple services. Below are some challenges:

Solution

NashTech worked closely with tide and helped create features that can replace all the challenges. Some of the important functionality that was developed are listed below:

Add support of new features to the service that completely changed the user experience
Create different applications in the gravitee for every client (where customisation of claims is required)
Configurable token claims as per the 3rd party requirement
Enhancement in the security as access to APIs is controlled by the scopes and claims
New ssl certificate configuration at gravitee so that client can sign its token with this certificate
Create the scripts for the local instances of the components for local testing

Architecture

Tide is a payment solution provider, and this solution was particularly built for Marketplace, which has different claims and tokens needed for different features, e.g., Tide existing user (under one client) can check their information by using the existing scopes and claims, and the same is used for accessing APIs related to the timeline. Tide wants to enable SSO between sites that make up Tide so that users can have a seamless experience of moving between sites. For the marketplace’s authentication service to use Tide’s auth server as its identity provider, the marketplace auth service must be a client of Tide’s auth service. The client should support the authorisation code flow, provide open scope, and have a token endpoint secured by basic auth. And the client should sign its tokens with a new certificate.

Results

Ease of Use: Users can access different apis of different services just by logging once which makes users experience good.
Configurable Claims(Access/ID tokens): Configurable claims enhanced the security as now claims only contain the required information.
Configurable Scopes: Implementation and configuration of scope also gives fine grain control while accessing the different APIs. This is currently used by many tide services developed so far and also the 3rd party services where tide is acting as an Identity provider.