System Design Interview: Login Backend

A login backend, or in a more precise term, an identity system is something we interact with every day on the internet. There are countless resources online that detail every aspect of it, but I can’t find a good one that lays out the end to end mechanics from a system design angle. So I would like to give it a try. Bear in mind that this post focuses on the information model of an identity system, which I believe is the core. I’ll start with a username password system and build up the features along the way as I lay out the technicalities.

Let’s start with a very simple ask: store the necessary data to support a login system. Well, first of all, username and password. However, it’s not as simple as just having a database column for username and another for password.

Username

Many legacy systems just use the username (sometimes the email) as the immutable ID for an account. This has many problems, the most obvious of which is that users can’t change their usernames. It’s particularly annoying when the system uses emails as usernames. The ability to switch/add email(s) attached to an account is a very important capability. If we don’t allow that, users will invent their own workarounds — creating unnecessary new accounts, abandoning the old ones, sharing passwords, etc, which lead to chaos for users and the system itself. The other aspect is that usually the identity system is integrated with various services in the organization. Being able to pass around an immutable and opaque user ID is very beneficial to the…