Derbent is an edge-native Single Sign-On (SSO) and authentication engine built specifically for the Cloudflare ecosystem. I built this to solve the complexity and latency issues associated with traditional authentication setups, aiming to create a centralized, self-hosted service that securely manages user sessions across multiple subdomains.

What I Built I engineered a highly secure, stateful authentication backend from the ground up using Cloudflare Workers, Cloudflare D1 (SQLite), and KV storage. Instead of relying on stateless JWTs—which are notoriously difficult to revoke—I designed a stateful session architecture. This ensures immediate session invalidation and superior security, all while running with zero cold starts at the edge, globally closer to the user.

Key Features & Technical Achievements:

- Edge-Native Performance: Deployed entirely on Cloudflare Workers, ensuring millisecond latency and high availability without managing traditional servers.

- Stateful SSO Architecture: Engineered a cross-subdomain Single Sign-On system that securely authenticates users across a suite of microservices seamlessly.

- Advanced Security Measures: Built-in session hijack protection, IP and User-Agent tracking, and detailed audit logging to maintain high security standards.

- Service Binding Integration: Utilized Cloudflare’s Service Bindings to allow internal apps to securely verify sessions with zero network overhead.

- Seamless OAuth: Integrated GitHub OAuth for frictionless user onboarding and login.

The Impact This project highlights my deep understanding of backend infrastructure, modern edge computing, and application security. It demonstrates my ability to design scalable, centralized microservices and tackle complex architectural challenges—like secure cross-domain authentication—without relying on heavy, off-the-shelf third-party providers.