Skip to Content
Overview

NexID Auth-DPoP

Welcome to the documentation for NexID Auth-DPoP — a high-performance, globally distributed, edge-native authentication and authorization system designed to run entirely on the Cloudflare Edge Network.

NexID Auth-DPoP eliminates traditional database latency by executing token generation, authorization state compression, and cryptographic proof-of-possession verification directly at the edge.

Core Design Principles

  • Sub-Millisecond Token Validation: Local verification in CPU memory using cached JWKS public keys and bitmask permission checking.
  • Proof-of-Possession Security: Cryptographic token binding using DPoP (RFC 9449) with Ed25519 signatures, preventing hijacking and replay attacks.
  • Ultra-Compact Payload: Compact token footprint utilizing bitwise permission integer masks instead of verbose arrays of string permissions.
  • Edge-First Reliability: Fast-path user verification via Bloom Filters to protect Cloudflare D1 database resources from exhaustion.

Documentation Index

  • Architecture Blueprint: Explore the design choices, technology stack, high-level request lifecycles, and database schemas.
  • API Reference: Detailed specifications of exposed REST endpoints, request/response structures, and resource server validation procedures.
Last updated on
Architecture Blueprint