Identity Platform (PIP)
Base URL: https://pip.pcampus.co
Overview
Identity Platform (PIP) is the core service that every service in the Pcampus ecosystem depends on. It serves as the single source of truth for identity, access, and application credentials.
PIP solves 3 key problems for developers:
- No need to build your own auth system
- No need to manage permission logic scattered across multiple services
- No need to build your own OAuth server
Who uses this
| Persona | What they do |
|---|---|
| Developer (customer) | Use OAuth2/OIDC for user login, use API Keys for M2M |
| Org Admin | Manage members, roles, and permissions in Console |
| End user | Sign up, log in, edit their own profile |
| Internal service | Call /access/check before authorizing every request |
Key features
- Authentication — Sign up, login, password reset via ORY Kratos
- OAuth2 / OIDC — Authorization code, client credentials flow via ORY Hydra
- User profiles — Name, contacts (phone, LINE, email), addresses (home, work, billing)
- Organizations — Multi-tenant; users belong to 1+ orgs with different roles
- Role-based access control (RBAC) — Permission catalog
{namespace}.{resource}.{action}, roles, assignments - Application registry — Register OAuth clients, issue M2M API keys
- Audit log — Who did what, when, from where
User stories
Developer integrating PIP:
"I want users of my app to log in with a Pcampus account without me having to build an auth system." → Register an application → receive an OAuth client → implement the authorization code flow
Org admin:
"I want the marketing team to access Content OS but not be able to edit user accounts." → Create a
content-editorrole with permissionscontent-os.access,content-os.calendar.write→ assign to the member
End user:
"I want to add my phone number and billing address." → Go to Console → Profile → add contact + address
How it works
Data model
Integration with other services
Every service calls POST /access/check before authorizing every request.
API overview
| Method | Endpoint | Description |
|---|---|---|
GET | /identity/me | Current user profile |
PATCH | /identity/me | Update profile |
GET | /organizations | List user's orgs |
POST | /organizations | Create org |
POST | /access/check | Check permission |
POST | /access/roles | Create role |
POST | /access/assignments | Assign role |
POST | /applications | Register application |
POST | /applications/:id/api-keys | Create API key |
POST | /oauth2/token | Get OAuth token |