Banking App — OAuth2 & Microservices Migration

Engaged as a senior architect on a long-running banking platform modernization. The project had two major phases: (1) replacing a home-grown auth system with a standards-compliant OAuth2/OpenID Connect implementation, and (2) breaking the monolithic application into a microservices architecture.

The existing auth was a custom session-based system incompatible with the bank's push into open banking and third-party integrations.

Designed and implemented a full IdentityServer4 deployment as a standalone Identity Provider (IdP)

Implemented OAuth2 Authorization Code Flow with PKCE for web clients and Client Credentials for service-to-service calls

Migrated all existing users with zero downtime, mapping legacy session data to JWT claims

Integrated with Active Directory for employee SSO and configured external identity providers (Google, Microsoft) for customer-facing apps

Built a custom consent screen and token introspection endpoint for third-party API consumers

The monolith was a 500k+ line .NET Framework application with deeply entangled modules.

Led domain analysis using Event Storming to identify bounded contexts and service boundaries

Extracted 8 independent services: Accounts, Transactions, Loans, Notifications, Documents, Reporting, Auth, and API Gateway

Implemented async messaging between services using Azure Service Bus (event-driven patterns)

Introduced a shared API Gateway (AWS API Gateway + Lambda authorizer) for routing, rate limiting, and token validation

Set up independent CI/CD pipelines per service using Azure DevOps

.NET Core, IdentityServer4, Azure Service Bus, AWS API Gateway, SQL Server, Redis, Docker, Kubernetes, Azure DevOps

Reduced release cycle from monthly deployments to per-service weekly deploys. Auth-related support tickets dropped 70% in the first quarter post-migration.